CVE-2024-21780 – A stack-based buffer overflow vulnerability in ... (How to Fix)

Q: What is the severity of CVE-2024-21780?

CVE-2024-21780 has a CVSS score of 7.5 (HIGH). A stack-based buffer overflow vulnerability in HOME SPOT CUBE2 routers allows attackers to cause denial of service by sending specially crafted commands. This affects V102 and earlier versions of HOME SPOT CUBE2 devices. The affected products are no longer supported by the vendor.

📋 TL;DR

A stack-based buffer overflow vulnerability in HOME SPOT CUBE2 routers allows attackers to cause denial of service by sending specially crafted commands. This affects V102 and earlier versions of HOME SPOT CUBE2 devices. The affected products are no longer supported by the vendor.

💻 Affected Systems

Products:

HOME SPOT CUBE2

Versions: V102 and earlier

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All HOME SPOT CUBE2 devices running vulnerable firmware versions are affected. No specific configuration required for exploitation.

📦 What is this software?

Home Spot Cube 2 Firmware by Kddi

View all CVEs affecting Home Spot Cube 2 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device crash requiring physical reset, potentially leading to extended network downtime.

🟠

Likely Case

Temporary denial of service requiring device reboot, disrupting network connectivity.

🟢

If Mitigated

Limited impact if devices are behind firewalls with restricted command access.

🌐 Internet-Facing: HIGH - These are internet-facing routers that process external commands.

🏢 Internal Only: LOW - Exploitation requires command access to the device interface.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires sending specially crafted commands to the device interface. No public exploit code has been identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: https://www.au.com/support/service/mobile/guide/wlan/home_spot_cube_2/

Restart Required: No

Instructions:

No official patch available. The vendor has discontinued support for these devices. Consider replacement with supported hardware.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate HOME SPOT CUBE2 devices in separate network segments with restricted access.

Access Control Restrictions

all

Implement strict firewall rules to limit command access to the device management interface.

🧯 If You Can't Patch

Replace HOME SPOT CUBE2 devices with supported, secure alternatives
Implement network monitoring for unusual command patterns targeting these devices

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via web interface or serial console. If version is V102 or earlier, device is vulnerable.

Check Version:

Check device label or web interface for firmware version information

Verify Fix Applied:

No fix available to verify. Only mitigation is device replacement.

📡 Detection & Monitoring

Log Indicators:

Device crash logs
Unusual command patterns in device logs
Repeated reboot events

Network Indicators:

Unusual traffic patterns to device management interface
Device becoming unresponsive to legitimate requests

SIEM Query:

Search for: device_type="HOME SPOT CUBE2" AND (event_type="crash" OR event_type="reboot")

📊 Metadata

CVE ID: CVE-2024-21780

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-787

Published: February 2, 2024

Last Updated: June 16, 2025

🔗 References

https://jvn.jp/en/vu/JVNVU93740658/ Third Party Advisory
https://www.au.com/support/service/mobile/guide/wlan/home_spot_cube_2/ Vendor Advisory
https://jvn.jp/en/vu/JVNVU93740658/ Third Party Advisory
https://www.au.com/support/service/mobile/guide/wlan/home_spot_cube_2/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-21780, you might also want to check these: