How severe is CVE-2024-6246?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.6 out of 10.

What type of vulnerability is CVE-2024-6246?

This is classified as CWE-122, which is a common weakness in software security.

CVE-2024-6246

CRITICAL Year: 2024

CVSS v3 Score

9.6

Critical

Weakness Type

CWE-122

View all →

Vulnerability Description

Wyze Cam v3 Realtek Wi-Fi Driver Heap-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Realtek Wi-Fi kernel module. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the kernel. Was ZDI-CAN-22310.

CVE-2019-6740

CRITICAL

CVSS:9.6(Critical)

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update (SMR-JAN-2019 - SVE-2018-13467). User intera...

CWE-1222019

CVE-2024-28231

CRITICAL

CVSS:9.6(Critical)

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8, manipulated DATA Submes...

CWE-1222024

CVE-2014-9187

CRITICAL

CVSS:9.8(Critical)

Multiple heap-based buffer overflow vulnerabilities exist in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules, which could le...

CWE-1222014

CVE-2016-8622

CRITICAL

CVSS:9.8(Critical)

The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2...

CWE-1222016

CVE-2017-7555

CRITICAL

CVSS:9.8(Critical)

Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application...

CWE-1222017

CVE-2017-9636

CRITICAL

CVSS:9.8(Critical)

Mitsubishi E-Designer, Version 7.52 Build 344 contains five code sections which may be exploited to overwrite the heap. This can result in arbitrary code execution, compromised data integrity, denial ...

CWE-1222017

CVE-2024-6246

Vulnerability Description

Related Vulnerabilities

CVE-2019-6740

CVE-2024-28231

CVE-2014-9187

CVE-2016-8622

CVE-2017-7555

CVE-2017-9636