CVE-2024-23911 - Vulnerability Details - OpenCVE

Out-of-bounds read vulnerability caused by improper checking of the option length values in IPv6 NDP packets exists in Cente middleware TCP/IP Network Series, which may allow an unauthenticated attacker to stop the device operations by sending a specially crafted packet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Nxtech	Cente Ipv6 Cente Ipv6 Snmpv2 Cente Ipv6 Snmpv3

Configuration 1 [-]

OR	cpe:2.3:a:nxtech:cente_ipv6::::::::
	cpe:2.3:a:nxtech:cente_ipv6_snmpv2::::::::
	cpe:2.3:a:nxtech:cente_ipv6_snmpv3::::::::

No data.

References

Link	Providers
https://jvn.jp/en/vu/JVNVU94016877/
https://www.cente.jp/obstacle/4960/

History

Mon, 30 Jun 2025 14:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Nxtech Nxtech cente Ipv6 Nxtech cente Ipv6 Snmpv2 Nxtech cente Ipv6 Snmpv3
CPEs		cpe:2.3:a:nxtech:cente_ipv6:::::::: cpe:2.3:a:nxtech:cente_ipv6_snmpv2:::::::: cpe:2.3:a:nxtech:cente_ipv6_snmpv3::::::::
Vendors & Products		Nxtech Nxtech cente Ipv6 Nxtech cente Ipv6 Snmpv2 Nxtech cente Ipv6 Snmpv3

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2024-04-15T10:46:29.583Z

Updated: 2024-08-01T23:13:08.598Z

Reserved: 2024-03-19T01:42:39.688Z

Link: CVE-2024-23911

Vulnrichment

Updated: 2024-08-01T23:13:08.598Z

NVD

Status : Analyzed

Published: 2024-04-15T11:15:08.227

Modified: 2025-06-30T13:32:36.317

Link: CVE-2024-23911

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23911", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2024-03-19T01:42:39.688Z", "datePublished": "2024-04-15T10:46:29.583Z", "dateUpdated": "2024-08-01T23:13:08.598Z"}, "containers": {"cna": {"affected": [{"vendor": "DMG MORI Digital Co., LTD. and NEXT Co., Ltd.", "product": "Cente IPv6", "versions": [{"version": "Ver.1.51 and earlier", "status": "affected"}]}, {"vendor": "DMG MORI Digital Co., LTD. and NEXT Co., Ltd.", "product": "Cente IPv6 SNMPv2", "versions": [{"version": "Ver.2.30 and earlier", "status": "affected"}]}, {"vendor": "DMG MORI Digital Co., LTD. and NEXT Co., Ltd.", "product": "Cente IPv6 SNMPv3", "versions": [{"version": "Ver.2.30 and earlier", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "Out-of-bounds read vulnerability caused by improper checking of the option length values in IPv6 NDP packets exists in Cente middleware TCP/IP Network Series, which may allow an unauthenticated attacker to stop the device operations by sending a specially crafted packet."}], "problemTypes": [{"descriptions": [{"description": "Out-of-bounds read", "lang": "en", "type": "text"}]}], "references": [{"url": "https://www.cente.jp/obstacle/4960/"}, {"url": "https://jvn.jp/en/vu/JVNVU94016877/"}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2024-04-15T10:46:29.583Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-125", "lang": "en", "description": "CWE-125 Out-of-bounds Read"}]}], "affected": [{"vendor": "cente", "product": "ipv6", "cpes": ["cpe:2.3:a:cente:ipv6:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.51", "versionType": "custom"}]}, {"vendor": "cente", "product": "ipv6_snmpv2", "cpes": ["cpe:2.3:a:cente:ipv6_snmpv2:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.30", "versionType": "custom"}]}, {"vendor": "cente", "product": "ipv6_snmpv3", "cpes": ["cpe:2.3:a:cente:ipv6_snmpv3:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.30", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-06-17T20:27:05.820784Z", "id": "CVE-2024-23911", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-17T20:27:09.860Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:13:08.598Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.cente.jp/obstacle/4960/", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/vu/JVNVU94016877/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.cente.jp/obstacle/4960/", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/vu/JVNVU94016877/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:13:08.598Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-23911", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-17T20:27:05.820784Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:cente:ipv6:*:*:*:*:*:*:*:*"], "vendor": "cente", "product": "ipv6", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.51"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cente:ipv6_snmpv2:*:*:*:*:*:*:*:*"], "vendor": "cente", "product": "ipv6_snmpv2", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2.30"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cente:ipv6_snmpv3:*:*:*:*:*:*:*:*"], "vendor": "cente", "product": "ipv6_snmpv3", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2.30"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-17T20:26:48.085Z"}}], "cna": {"affected": [{"vendor": "DMG MORI Digital Co., LTD. and NEXT Co., Ltd.", "product": "Cente IPv6", "versions": [{"status": "affected", "version": "Ver.1.51 and earlier"}]}, {"vendor": "DMG MORI Digital Co., LTD. and NEXT Co., Ltd.", "product": "Cente IPv6 SNMPv2", "versions": [{"status": "affected", "version": "Ver.2.30 and earlier"}]}, {"vendor": "DMG MORI Digital Co., LTD. and NEXT Co., Ltd.", "product": "Cente IPv6 SNMPv3", "versions": [{"status": "affected", "version": "Ver.2.30 and earlier"}]}], "references": [{"url": "https://www.cente.jp/obstacle/4960/"}, {"url": "https://jvn.jp/en/vu/JVNVU94016877/"}], "descriptions": [{"lang": "en", "value": "Out-of-bounds read vulnerability caused by improper checking of the option length values in IPv6 NDP packets exists in Cente middleware TCP/IP Network Series, which may allow an unauthenticated attacker to stop the device operations by sending a specially crafted packet."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Out-of-bounds read"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2024-04-15T10:46:29.583Z"}}}, "cveMetadata": {"cveId": "CVE-2024-23911", "state": "PUBLISHED", "dateUpdated": "2024-08-01T23:13:08.598Z", "dateReserved": "2024-03-19T01:42:39.688Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2024-04-15T10:46:29.583Z", "assignerShortName": "jpcert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nxtech:cente_ipv6:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D29307C-6D00-4A45-ACAB-23F7BFEC8EFF", "versionEndIncluding": "1.51", "vulnerable": true}, {"criteria": "cpe:2.3:a:nxtech:cente_ipv6_snmpv2:*:*:*:*:*:*:*:*", "matchCriteriaId": "7937B3BF-CFFD-47A5-A76A-692F4D5F4C95", "versionEndIncluding": "2.30", "vulnerable": true}, {"criteria": "cpe:2.3:a:nxtech:cente_ipv6_snmpv3:*:*:*:*:*:*:*:*", "matchCriteriaId": "EFB0C9DD-AEE3-4C4C-93BD-A717EE4C29E3", "versionEndIncluding": "2.30", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Out-of-bounds read vulnerability caused by improper checking of the option length values in IPv6 NDP packets exists in Cente middleware TCP/IP Network Series, which may allow an unauthenticated attacker to stop the device operations by sending a specially crafted packet."}, {"lang": "es", "value": "Existe una vulnerabilidad de lectura fuera de los l\u00edmites causada por una verificaci\u00f3n incorrecta de los valores de longitud de las opciones en los paquetes IPv6 NDP en la serie de redes TCP/IP del middleware Cente, lo que puede permitir que un atacante no autenticado detenga las operaciones del dispositivo enviando un paquete especialmente manipulado."}], "id": "CVE-2024-23911", "lastModified": "2025-06-30T13:32:36.317", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-04-15T11:15:08.227", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/vu/JVNVU94016877/"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "https://www.cente.jp/obstacle/4960/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/vu/JVNVU94016877/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.cente.jp/obstacle/4960/"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}