CVE-2024-21780 - Vulnerability Details - OpenCVE

Stack-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. Processing a specially crafted command may result in a denial of service (DoS) condition. Note that the affected products are no longer supported.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.01145.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Kddi	Home Spot Cube 2 Home Spot Cube 2 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:kddi:home_spot_cube_2_firmware:v102:*:*:*:*:*:*:*

cpe:2.3:h:kddi:home_spot_cube_2:-:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-19394	Stack-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. Processing a specially crafted command may result in a denial of service (DoS) condition. Note that the affected products are no longer supported.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://jvn.jp/en/vu/JVNVU93740658/
https://www.au.com/support/service/mobile/guide/wlan/home_spot_cube_2/

History

Mon, 16 Jun 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2024-02-02T06:38:19.377Z

Updated: 2025-06-16T18:27:12.694Z

Reserved: 2024-01-25T01:46:39.865Z

Link: CVE-2024-21780

Vulnrichment

Updated: 2024-08-01T22:27:36.287Z

NVD

Status : Modified

Published: 2024-02-02T07:15:10.447

Modified: 2025-06-16T19:15:30.280

Link: CVE-2024-21780

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-21780", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2024-01-25T01:46:39.865Z", "datePublished": "2024-02-02T06:38:19.377Z", "dateUpdated": "2025-06-16T18:27:12.694Z"}, "containers": {"cna": {"affected": [{"vendor": "KDDI CORPORATION", "product": "HOME SPOT CUBE2", "versions": [{"version": "V102 and earlier", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. Processing a specially crafted command may result in a denial of service (DoS) condition. Note that the affected products are no longer supported."}], "problemTypes": [{"descriptions": [{"description": "Stack-based buffer overflow", "lang": "en", "type": "text"}]}], "references": [{"url": "https://www.au.com/support/service/mobile/guide/wlan/home_spot_cube_2/"}, {"url": "https://jvn.jp/en/vu/JVNVU93740658/"}], "tags": ["unsupported-when-assigned"], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2024-02-02T06:38:19.377Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-787", "lang": "en", "description": "CWE-787 Out-of-bounds Write"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-02-21T19:27:01.282836Z", "id": "CVE-2024-21780", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-16T18:27:12.694Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:27:36.287Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.au.com/support/service/mobile/guide/wlan/home_spot_cube_2/", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/vu/JVNVU93740658/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.au.com/support/service/mobile/guide/wlan/home_spot_cube_2/", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/vu/JVNVU93740658/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:27:36.287Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-21780", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-21T19:27:01.282836Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T15:20:40.357Z"}}], "cna": {"tags": ["unsupported-when-assigned"], "affected": [{"vendor": "KDDI CORPORATION", "product": "HOME SPOT CUBE2", "versions": [{"status": "affected", "version": "V102 and earlier"}]}], "references": [{"url": "https://www.au.com/support/service/mobile/guide/wlan/home_spot_cube_2/"}, {"url": "https://jvn.jp/en/vu/JVNVU93740658/"}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. Processing a specially crafted command may result in a denial of service (DoS) condition. Note that the affected products are no longer supported."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Stack-based buffer overflow"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2024-02-02T06:38:19.377Z"}}}, "cveMetadata": {"cveId": "CVE-2024-21780", "state": "PUBLISHED", "dateUpdated": "2025-06-16T18:27:12.694Z", "dateReserved": "2024-01-25T01:46:39.865Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2024-02-02T06:38:19.377Z", "assignerShortName": "jpcert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:kddi:home_spot_cube_2_firmware:v102:*:*:*:*:*:*:*", "matchCriteriaId": "E65DAC1C-559C-4396-958C-8EC4A2552987", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:kddi:home_spot_cube_2:-:*:*:*:*:*:*:*", "matchCriteriaId": "330A6D16-3BBA-4D46-B7C1-17C08C8373D5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [{"sourceIdentifier": "vultures@jpcert.or.jp", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. Processing a specially crafted command may result in a denial of service (DoS) condition. Note that the affected products are no longer supported."}, {"lang": "es", "value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en HOME SPOT CUBE2 V102 y versiones anteriores. Procesar un comando especialmente manipulado puede resultar en una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Tenga en cuenta que los productos afectados ya no son compatibles."}], "id": "CVE-2024-21780", "lastModified": "2025-06-16T19:15:30.280", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-02-02T07:15:10.447", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/vu/JVNVU93740658/"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "https://www.au.com/support/service/mobile/guide/wlan/home_spot_cube_2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/vu/JVNVU93740658/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.au.com/support/service/mobile/guide/wlan/home_spot_cube_2/"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}