본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2021-26606 | DreamSecurity MagicLine Buffer Overflow Vulnerability2021.08.06
□ Overview
 o Dream Security Co.,Ltd released security update to address buffer overflow vulnerability in PKI Security solution.
Vulnerability Type Impact Severity CVSS Score CVE ID
Buffer Overflow Code Execution Critical 9.8 CVE-2021-26606

□ Description
 o A vulnerability in PKI Security Solution of Dream Security could allow arbitrary command execution. This vulnerability is due to insufficient validation of the authorization certificate. An attacker could exploit this vulnerability by sending a crafted HTTP request an affected program. A successful exploit could allow the attacker to remotely execute arbitrary code on a target system. (CVE-2021-26606)

□ Affected Product
Product Version Platform
MagicLine4NX.exe 1.0.0.17 and prior Windows

□ Solution
 o Update software over 1.0.0.18 version or higher.

□ Reference
 [1] https://www.dreamsecurity.com/index.php

□ Etc
 o Thanks to Yoonho Kim for reporting this vulnerability.


□ 작성 : 침해사고분석단 취약점분석팀