Cyber Resilience

CVE-2024-51348

High

Published: 25 March 2026

Published
25 March 2026
Modified
19 May 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0041 32.5th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2024-51348 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 32.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2024-51348 is a stack-based buffer overflow vulnerability (CWE-121) in the P2P API service of BS Producten Petcam devices running firmware version 33.1.0.0818. The flaw enables unauthenticated attackers within network range to overwrite the instruction pointer, leading to remote code execution (RCE) through a specially crafted HTTP request. It has a CVSS v3.1 base score of 8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for complete system compromise.

Attackers can exploit this vulnerability without authentication or user interaction, provided they are adjacent on the local network (AV:A). By sending a malicious HTTP request to the P2P API service, they can trigger the buffer overflow, overwrite critical memory including the instruction pointer, and execute arbitrary code on the device. This grants high-impact control over confidentiality, integrity, and availability, potentially allowing full device takeover, data exfiltration, or use as a pivot for further network attacks.

Detailed research and technical analysis, including proof-of-concept details, are available in the security research repository at https://github.com/victorGoeman/BS-Producten-Petcam-Security-Research/blob/main/CVE-2024-51348.md and the associated README at https://github.com/victorGoeman/BS-Producten-Petcam-Security-Research/blob/main/README.md. No vendor patches or official mitigation guidance are specified in the available information.

EU & UK References

Vulnerability details

A stack-based buffer overflow vulnerability in the P2P API service in BS Producten Petcam with firmware 33.1.0.0818 allows unauthenticated attackers within network range to overwrite the instruction pointer and achieve Remote Code Execution (RCE) by sending a specially crafted HTTP…

more

request.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Stack-based buffer overflow in the unauthenticated P2P API service (exposed via HTTP) enables adjacent network attackers to achieve remote code execution, directly facilitating T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-38422Shared CWE-121
CVE-2025-11783Shared CWE-121
CVE-2025-54491Shared CWE-121
CVE-2024-39359Shared CWE-121
CVE-2026-42469Shared CWE-121
CVE-2020-37159Shared CWE-121
CVE-2024-39603Shared CWE-121
CVE-2024-36258Shared CWE-121
CVE-2024-51138Shared CWE-121
CVE-2025-69763Shared CWE-121

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Remediates the specific stack-based buffer overflow in the P2P API service of firmware 33.1.0.0818 to eliminate the RCE vulnerability.

prevent

Implements memory protections like stack canaries and non-executable stacks to block instruction pointer overwrite from buffer overflow exploits.

prevent

Validates incoming HTTP requests to the P2P API service for proper length and format to prevent triggering the stack-based buffer overflow.

References