sealevel 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は バッファオーバーフロー、vendor risk memory corruption, and vendor risk input validation に関連することが多く、vendor surface software deployment and vendor surface production workloads の文脈で vendor impact memory corruption and アプリケーションクラッシュ などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2021-21967 | An out-of-bounds write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to denial of service. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | [email protected] | 5.9 | 0.71% | 2022-04-14 | 2026-06-16 |
| CVE-2021-21971 | An out-of-bounds write vulnerability exists in the URL_decode functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to an out-of-bounds write. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | [email protected] | 5.9 | 0.69% | 2022-02-04 | 2026-06-16 |
| CVE-2021-21970 | An out-of-bounds write vulnerability exists in the HandleSeaCloudMessage functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. The HandleIncomingSeaCloudMessage function uses at [3] the json_object_get_string to populate the p_name global variable. The p_name is only 0x80 bytes long, and the total MQTT message could be up to 0x201 bytes. Because the function json_object_get_string will fill str based on the length of the json’s value and not the actual str size, this would result in a | [email protected] | 8.1 | 0.88% | 2022-02-04 | 2026-06-16 |
| CVE-2021-21969 | An out-of-bounds write vulnerability exists in the HandleSeaCloudMessage functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. The HandleIncomingSeaCloudMessage function uses at [4] the json_object_get_string to populate the p_payload global variable. The p_payload is only 0x100 bytes long, and the total MQTT message could be up to 0x201 bytes. Because the function json_object_get_string will fill str based on the length of the json’s value and not the actual str size, this would resu | [email protected] | 8.1 | 0.88% | 2022-02-04 | 2026-06-16 |
| CVE-2021-21968 | A file write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to arbitrary file overwrite. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | [email protected] | 8.3 | 0.95% | 2022-02-04 | 2026-06-16 |
| CVE-2021-21965 | A denial of service vulnerability exists in the SeaMax remote configuration functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. Specially-crafted network packets can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability. | [email protected] | 9.3 | 1.00% | 2022-02-04 | 2026-06-16 |
| CVE-2021-21964 | A denial of service vulnerability exists in the Modbus configuration functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. Specially-crafted network packets can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability. | [email protected] | 7.4 | 0.70% | 2022-02-04 | 2026-06-16 |
| CVE-2021-21963 | An information disclosure vulnerability exists in the Web Server functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | [email protected] | 5.9 | 0.48% | 2022-02-04 | 2026-06-16 |
| CVE-2021-21962 | A heap-based buffer overflow vulnerability exists in the OTA Update u-download functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A series of specially-crafted MQTT payloads can lead to remote code execution. An attacker must perform a man-in-the-middle attack in order to trigger this vulnerability. | [email protected] | 8.1 | 2.01% | 2022-02-04 | 2026-06-16 |
| CVE-2021-21961 | A stack-based buffer overflow vulnerability exists in the NBNS functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted network packet can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability. | [email protected] | 10.0 | 2.64% | 2022-02-04 | 2026-06-16 |
| CVE-2021-21960 | A stack-based buffer overflow vulnerability exists in both the LLMNR functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted network packet can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability. | [email protected] | 10.0 | 2.64% | 2022-02-04 | 2026-06-16 |
| CVE-2021-21959 | A misconfiguration exists in the MQTTS functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. This misconfiguration significantly simplifies a man-in-the-middle attack, which directly leads to control of device functionality. | [email protected] | 8.1 | 0.83% | 2022-02-04 | 2026-06-16 |