This vulnerability occurs due to missing validation of the length field in GVRET binary data processed by OVMS3. A remote attacker can send a crafted GVRET frame to trigger a buffer overflow. Successful exploitation may lead to denial of service or remote arbitrary code execution on affected systems.
Remediation
Apply the latest official security patch from the Open Vehicle Monitoring System project. Organizations running affected versions should restrict untrusted network access to the OVMS3 service until remediation is completed.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.