CVSS: 9.8EPSS: 0%CPEs: 117EXPL: 0CVE-2021-31895
https://notcve.org/view.php?id=CVE-2021-31895
A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions < V4.3.7), RUGGEDCOM ROS M2200 (All versions < V4.3.7), RUGGEDCOM ROS M969 (All versions < V4.3.7), RUGGEDCOM ROS RMC (All versions < V4.3.7), RUGGEDCOM ROS RMC20 (All versions < V4.3.7), RUGGEDCOM ROS RMC30 (All versions < V4.3.7), RUGGEDCOM ROS RMC40 (All versions < V4.3.7), RUGGEDCOM ROS RMC41 (All versions < V4.3.7), RUGGEDCOM ROS RMC8388 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RMC8388 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RP110 (All versions < V4.3.7), RUGGEDCOM ROS RS400 (All versions < V4.3.7), RUGGEDCOM ROS RS401 (All versions < V4.3.7), RUGGEDCOM ROS RS416 (All versions < V4.3.7), RUGGEDCOM ROS RS416v2 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RS416v2 V5.X (All versions < 5.5.4), RUGGEDCOM ROS RS8000 (All versions < V4.3.7), RUGGEDCOM ROS RS8000A (All versions < V4.3.7), RUGGEDCOM ROS RS8000H (All versions < V4.3.7), RUGGEDCOM ROS RS8000T (All versions < V4.3.7), RUGGEDCOM ROS RS900 (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RS900 (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RS900G (All versions < V4.3.7), RUGGEDCOM ROS RS900G (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RS900G (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RS900GP (All versions < V4.3.7), RUGGEDCOM ROS RS900L (All versions < V4.3.7), RUGGEDCOM ROS RS900W (All versions < V4.3.7), RUGGEDCOM ROS RS910 (All versions < V4.3.7), RUGGEDCOM ROS RS910L (All versions < V4.3.7), RUGGEDCOM ROS RS910W (All versions < V4.3.7), RUGGEDCOM ROS RS920L (All versions < V4.3.7), RUGGEDCOM ROS RS920W (All versions < V4.3.7), RUGGEDCOM ROS RS930L (All versions < V4.3.7), RUGGEDCOM ROS RS930W (All versions < V4.3.7), RUGGEDCOM ROS RS940G (All versions < V4.3.7), RUGGEDCOM ROS RS969 (All versions < V4.3.7), RUGGEDCOM ROS RSG2100 (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2100 (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2100 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2100P (All versions < V4.3.7), RUGGEDCOM ROS RSG2100P (32M) V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2100P (32M) V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2200 (All versions < V4.3.7), RUGGEDCOM ROS RSG2288 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2288 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2300 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2300 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2300P V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2300P V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG2488 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG2488 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG900 V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG900 V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG900C (All versions < V5.5.4), RUGGEDCOM ROS RSG900G V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG900G V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSG900R (All versions < V5.5.4), RUGGEDCOM ROS RSG920P V4.X (All versions < V4.3.7), RUGGEDCOM ROS RSG920P V5.X (All versions < V5.5.4), RUGGEDCOM ROS RSL910 (All versions < V5.5.4), RUGGEDCOM ROS RST2228 (All versions < V5.5.4), RUGGEDCOM ROS RST916C (All versions < V5.5.4), RUGGEDCOM ROS RST916P (All versions < V5.5.4), RUGGEDCOM ROS i800 (All versions < V4.3.7), RUGGEDCOM ROS i801 (All versions < V4.3.7), RUGGEDCOM ROS i802 (All versions < V4.3.7), RUGGEDCOM ROS i803 (All versions < V4.3.7). The DHCP client in affected devices fails to properly sanitize incoming DHCP packets. This could allow an unauthenticated remote attacker to cause memory to be overwritten, potentially allowing remote code execution. Se ha identificado una vulnerabilidad en RUGGEDCOM ROS M2100 (versiones < V4.3.7), RUGGEDCOM ROS M2200 (versiones < V4.3.7), RUGGEDCOM ROS M969 (versiones < V4.3.7), RUGGEDCOM ROS RMC (versiones < V4.3.7), RUGGEDCOM ROS RMC20 (versiones < V4.3.7), RUGGEDCOM ROS RMC30 (versiones < V4.3.7), RUGGEDCOM ROS RMC40 (versiones < V4.3.7), RUGGEDCOM ROS RMC41 (versiones < V4.3.7), RUGGEDCOM ROS RMC8388 V4.X (versiones < V4.3.7), RUGGEDCOM ROS RMC8388 V5.X (versiones < V5.5.4), RUGGEDCOM ROS RP110 (versiones < V4.3.7), RUGGEDCOM ROS RS400 (versiones < V4.3.7), RUGGEDCOM ROS RS401 (versiones < V4.3.7), RUGGEDCOM ROS RS416 (versiones < V4.3.7), RUGGEDCOM ROS RS416v2 V4.X (versiones < V4.3.7), RUGGEDCOM ROS RS416v2 V5.X (All versions < 5.5.4), RUGGEDCOM ROS RS8000 (versiones < V4.3.7), RUGGEDCOM ROS RS8000A (versiones < V4.3.7), RUGGEDCOM ROS RS8000H (versiones < V4.3.7), RUGGEDCOM ROS RS8000T (versiones < V4.3.7), RUGGEDCOM ROS RS900 (32M) V4.X (versiones < V4.3.7), RUGGEDCOM ROS RS900 (32M) V5.X (versiones < V5.5.4), RUGGEDCOM ROS RS900G (versiones < V4.3.7), RUGGEDCOM ROS RS900G (32M) V4.X (versiones < V4.3.7), RUGGEDCOM ROS RS900G (32M) V5.X (versiones < V5.5.4), RUGGEDCOM ROS RS900GP (versiones < V4.3.7), RUGGEDCOM ROS RS900L (versiones < V4.3.7), RUGGEDCOM ROS RS900W (versiones < V4.3.7), RUGGEDCOM ROS RS910 (versiones < V4.3.7), RUGGEDCOM ROS RS910L (versiones < V4.3.7), RUGGEDCOM ROS RS910W (versiones < V4.3.7), RUGGEDCOM ROS RS920L (versiones < V4.3.7), RUGGEDCOM ROS RS920W (versiones < V4.3.7), RUGGEDCOM ROS RS930L (versiones < V4.3.7), RUGGEDCOM ROS RS930W (versiones < V4.3.7), RUGGEDCOM ROS RS940G (versiones < V4.3.7), RUGGEDCOM ROS RS969 (versiones < V4.3.7), RUGGEDCOM ROS RSG2100 (32M) V4.X (versiones < V4.3.7), RUGGEDCOM ROS RSG2100 (32M) V5.X (versiones < V5.5.4), RUGGEDCOM ROS RSG2100 V4.X (versiones < V4.3.7), RUGGEDCOM ROS RSG2100P (versiones < V4.3.7), RUGGEDCOM ROS RSG2100P (32M) V4.X (versiones < V4.3.7), RUGGEDCOM ROS RSG2100P (32M) V5.X (versiones < V5.5.4), RUGGEDCOM ROS RSG2200 (versiones < V4.3.7), RUGGEDCOM ROS RSG2288 V4.X (versiones < V4.3.7), RUGGEDCOM ROS RSG2288 V5.X (versiones < V5.5.4), RUGGEDCOM ROS RSG2300 V4.X (versiones < V4.3.7), RUGGEDCOM ROS RSG2300 V5.X (versiones < V5.5.4), RUGGEDCOM ROS RSG2300P V4.X (versiones < V4.3.7), RUGGEDCOM ROS RSG2300P V5.X (versiones < V5.5.4), RUGGEDCOM ROS RSG2488 V4.X (versiones < V4.3.7), RUGGEDCOM ROS RSG2488 V5.X (versiones < V5.5.4), RUGGEDCOM ROS RSG900 V4.X (versiones < V4.3.7), RUGGEDCOM ROS RSG900 V5.X (versiones < V5.5.4), RUGGEDCOM ROS RSG900C (versiones < V5.5.4), RUGGEDCOM ROS RSG900G V4.X (versiones < V4.3.7), RUGGEDCOM ROS RSG900G V5.X (versiones < V5.5.4), RUGGEDCOM ROS RSG900R (versiones < V5.5.4), RUGGEDCOM ROS RSG920P V4.X (versiones < V4.3.7), RUGGEDCOM ROS RSG920P V5.X (versiones < V5.5.4), RUGGEDCOM ROS RSL910 (versiones < V5.5.4), RUGGEDCOM ROS RST2228 (versiones < V5.5.4), RUGGEDCOM ROS RST916C (versiones < V5.5.4), RUGGEDCOM ROS RST916P (versiones < V5.5.4), RUGGEDCOM ROS i800 (versiones < V4.3.7), RUGGEDCOM ROS i801 (versiones < V4.3.7), RUGGEDCOM ROS i802 (versiones < V4.3.7), RUGGEDCOM ROS i803 (versiones < V4.3.7). El cliente DHCP de los dispositivos afectados no sanea correctamente los paquetes DHCP entrantes. • https://cert-portal.siemens.com/productcert/pdf/ssa-373591.pdf • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •