Vulnerabilities > CVE-2024-40723 - Out-of-bounds Write vulnerability in Changingtec Hwatai Servisign

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

LOW

network

low complexity

changingtec

CWE-787

NVD

Published: 2024-08-02

Updated: 2024-08-09

Summary

The specific API in HWATAIServiSign Windows Version from CHANGING Information Technology does not properly validate the length of server-side inputs. When a user visits a spoofed website, unauthenticated remote attackers can cause a stack-based buffer overflow in the HWATAIServiSign, temporarily disrupting its service.

Vulnerable Configurations

Part	Description	Count
Application	Changingtec Changingtec Hwatai Servisign -	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://www.twcert.org.tw/tw/cp-132-7968-ce2ef-1.html
https://www.twcert.org.tw/en/cp-139-7974-0562f-2.html