How severe is CVE-2024-38271?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.8 out of 10.

What type of vulnerability is CVE-2024-38271?

This is classified as CWE-404, which is a common weakness in software security.

CVE-2024-38271

MEDIUM Year: 2024

CVSS v3 Score

4.8

Medium

Weakness Type

CWE-404

View all →

Vulnerability Description

There exists a vulnerability in Quick Share/Nearby, where an attacker can force a victim to stay connected to a temporary hotspot created for the sharing. As part of the sequence of packets in a Quick Share connection over Bluetooth, the attacker forces the victim to connect to the attacker’s WiFi network and then sends an OfflineFrame that crashes Quick Share. This makes the Wifi connection to the attacker’s network last, instead of returning to the old network when the Quick Share session completes, allowing the attacker to be a MiTM. We recommend upgrading to version 1.0.1724.0 of Quick Share or above

CVE-2021-44717

MEDIUM

CVSS:4.8(Medium)

Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-...

CWE-4042021

CVE-2020-8619

MEDIUM

CVSS:4.9(Medium)

In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative se...

CWE-4042020

CVE-2021-40546

MEDIUM

CVSS:4.9(Medium)

Tenda AC6 US_AC6V4.0RTL_V02.03.01.26_cn.bin allows attackers (who have the administrator password) to cause a denial of service (device crash) via a long string in the wifiPwd_5G parameter to /goform/...

CWE-4042021

CVE-2023-5259

MEDIUM

CVSS:4.9(Medium)

A vulnerability classified as problematic was found in ForU CMS. This vulnerability affects unknown code of the file /admin/cms_admin.php. The manipulation of the argument del leads to denial of servi...

CWE-4042023

CVE-2024-20966

MEDIUM

CVSS:4.9(Medium)

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerabilit...

CWE-4042024

CVE-2024-21052

MEDIUM

CVSS:4.9(Medium)

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged a...

CWE-4042024

CVE-2024-38271

Vulnerability Description

Related Vulnerabilities

CVE-2021-44717

CVE-2020-8619

CVE-2021-40546

CVE-2023-5259

CVE-2024-20966

CVE-2024-21052