CVEs

Vulnerabilities discovered and disclosed by members of the Computer Systems Security Lab.

The following list summarizes software vulnerabilities that members of the Computer Systems Security Lab discovered and reported through CVE (global) and KVE (Korea). Entries link to the corresponding advisory; where the finding was the basis for — or derived from — a lab publication, the related paper is highlighted below the description.

2025

  • KVE-2025-0470
    Remote Code Execution in AhnLab V3 Lite
    RCE Reporter: Chanhee Park · Binary analysis
    Remote code execution vulnerability identified in AhnLab V3 Lite, a consumer anti-malware product widely deployed in Korea. Reported to the vendor and coordinated through KrCERT/CC.
  • KVE-2025-0471
    Denial of Service in AhnLab V3 Lite
    DOS Reporter: Chanhee Park · Binary analysis
    Denial-of-service flaw in AhnLab V3 Lite enabling a local attacker to crash or disable the anti-malware agent.
  • KVE-2025-0472
    Remote Code Execution in AhnLab V3 Lite
    RCE Reporter: Chanhee Park · Binary analysis
    Second RCE primitive affecting AhnLab V3 Lite, distinct from KVE-2025-0470. Disclosed in coordination with the vendor.
  • KVE-2025-0473
    Denial of Service in SGA EPS Virus Chaser
    DOS Reporter: Chanhee Park · Binary analysis
    Denial-of-service vulnerability in SGA Solutions’ EPS Virus Chaser endpoint protection product that allows the security service to be terminated or left in an inconsistent state.
  • CVE-2025-45856
    Denial of Service in CatchPulse Pro
    DOS Reporter: Chanhee Park · Binary analysis
    Denial-of-service flaw in the CatchPulse Pro endpoint security product (formerly SecureAge APEX) allowing a local attacker to disable the protection driver.
  • CVE-2025-51620
    Denial of Service in IObit Malware Fighter
    DOS Reporter: Chanhee Park · Binary analysis
    Denial-of-service vulnerability in IObit Malware Fighter that terminates or destabilizes the security agent’s kernel-mode driver.
  • CVE-2025-55456
    Denial of Service in iTop Easy Desktop
    DOS Reporter: Chanhee Park · Binary analysis
    Flaw in iTop Easy Desktop that can be abused to crash the application’s helper service, leading to denial of service.
  • CVE-2025-55457
    Denial of Service in iTop VPN
    DOS Reporter: Chanhee Park · Binary analysis
    Denial-of-service vulnerability in the iTop VPN client that allows an attacker to terminate the service from an unprivileged context.

2024

  • CVE-2024-54531
    KASLR Bypass in macOS for Apple Silicon
    KASLR BYPASS Reporter: Hyerean Jang · Kernel / microarchitecture
    A memory-handling issue in macOS Sequoia (< 15.2) that allows an application to bypass kernel address space layout randomization (KASLR). The flaw was reported to Apple and mitigated in macOS Sequoia 15.2 through improved memory handling. CVSS 5.5.
    Related publication: Hyerean Jang, Taehun Kim, Youngjoo Shin. “SysBumps: Exploiting Speculative Execution in System Calls for Breaking KASLR in macOS for Apple Silicon.” ACM CCS 2024 — also presented at Black Hat Europe 2024. [lab publications] · [code]
  • CVE-2024-37027
    Improper Input Validation in Intel Developer Toolkits
    LOCAL DOS / RCE Reporter: Chanhee Park · Driver / toolchain
    Improper input validation affecting Intel VTune Profiler (< 2024.2.0), Intel OneAPI Base Toolkit (< 2024.2), and Intel System Bring-Up Toolkit (< 2024.2.0), which may allow an authenticated local user to trigger denial of service through the underlying Intel driver.
  • CVE-2024-42634
    Command Injection in Tenda AC9 (formWriteFacMac)
    COMMAND INJECTION Reporter: Dongsoo Kim · Binary analysis
    Command-injection flaw in the formWriteFacMac handler of the httpd binary in Tenda AC9 firmware 15.03.06.42. Remote attackers can execute OS commands with root privileges. CVSS 8.8 (High).
  • CVE-2024-42633
    Command Injection in Linksys E1500 (do_upgrade_post)
    COMMAND INJECTION Reporter: Dongsoo Kim · Binary analysis
    Command-injection vulnerability in the do_upgrade_post function of the httpd binary in Linksys E1500 firmware 1.0.06.001. An authenticated attacker can execute OS commands with root privileges. CVSS 8.8 (High).
  • CVE-2024-25468
    Command Injection in TOTOLINK X5000R (NTPSyncWithHost)
    COMMAND INJECTION Reporter: Taeho Kim · Binary analysis
    Command-injection vulnerability in the NTPSyncWithHost component of TOTOLINK X5000R firmware 9.1.0u.6369_B20230113. A remote attacker can inject shell commands through the host_time parameter. CVSS 7.5 (High).
  • CVE-2024-22651
    Command Injection in D-Link DIR-815 (ssdpcgi_main)
    COMMAND INJECTION Reporter: Dongsoo Kim · Binary analysis
    Unauthenticated command-injection flaw in the ssdpcgi_main function of the cgibin binary in D-Link DIR-815 firmware 1.04. Remote attackers can execute arbitrary commands without authentication. CVSS 9.8 (Critical).
  • KVE-2024-0168
    Denial of Service in "Protect Online" Security Driver
    DOS Reporter: Chanhee Park · Binary analysis
    Denial-of-service flaw in the “Protect Online” kernel-mode security driver that allows an unprivileged local user to crash the driver.
  • KVE-2024-0169
    Denial of Service in "Protect Online" Security Driver
    DOS Reporter: Chanhee Park · Binary analysis
    Additional DoS primitive in the “Protect Online” security driver, independent of KVE-2024-0168.
  • KVE-2024-0170
    Denial of Service in "Protect Online" Security Driver
    DOS Reporter: Chanhee Park · Binary analysis
    Third DoS vector disclosed against the “Protect Online” driver, rounding out a set of flaws that affect the driver’s IOCTL interface.

For KVE entries, the Korea Internet & Security Agency (KISA) advisory portal is at knvd.krcert.or.kr. Links above point to the canonical advisory when available; some recent CVE entries may still be in RESERVED status at the time of listing.