Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-6000

Summary
Assigner-jpcert
Assigner Org ID-ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At-06 Aug, 2019 | 18:41
Updated At-04 Aug, 2024 | 20:09
Rejected At-
Credits

Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier allows an attacker on the same network segment to trigger the affected product being unresponsive or to execute arbitrary code on the affected product via sendhostinfo command.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:jpcert
Assigner Org ID:ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At:06 Aug, 2019 | 18:41
Updated At:04 Aug, 2024 | 20:09
Rejected At:
▼CVE Numbering Authority (CNA)

Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier allows an attacker on the same network segment to trigger the affected product being unresponsive or to execute arbitrary code on the affected product via sendhostinfo command.

Affected Products
Vendor
Canon Inc.Canon, Inc.
Product
EOS series digital cameras, PowerShot SX740 HS, PowerShot SX70 HS, and PowerShot G5XmarkⅡ
Versions
Affected
  • (EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D RE ...[truncated*]
Problem Types
TypeCWE IDDescription
textN/ABuffer Overflow
Type: text
CWE ID: N/A
Description: Buffer Overflow
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.usa.canon.com/internet/portal/us/home/support/product-advisories/detail/the-vulnerability-in-canon-digital-cameras
x_refsource_MISC
https://cweb.canon.jp/e-support/products/eos-d/190806dilc-firm.html
x_refsource_MISC
https://www.canon-europe.com/support/product-security/
x_refsource_CONFIRM
http://jvn.jp/en/vu/JVNVU97511331/index.html
x_refsource_MISC
https://research.checkpoint.com/say-cheese-ransomware-ing-a-dslr-camera/
x_refsource_MISC
Hyperlink: https://www.usa.canon.com/internet/portal/us/home/support/product-advisories/detail/the-vulnerability-in-canon-digital-cameras
Resource:
x_refsource_MISC
Hyperlink: https://cweb.canon.jp/e-support/products/eos-d/190806dilc-firm.html
Resource:
x_refsource_MISC
Hyperlink: https://www.canon-europe.com/support/product-security/
Resource:
x_refsource_CONFIRM
Hyperlink: http://jvn.jp/en/vu/JVNVU97511331/index.html
Resource:
x_refsource_MISC
Hyperlink: https://research.checkpoint.com/say-cheese-ransomware-ing-a-dslr-camera/
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.usa.canon.com/internet/portal/us/home/support/product-advisories/detail/the-vulnerability-in-canon-digital-cameras
x_refsource_MISC
x_transferred
https://cweb.canon.jp/e-support/products/eos-d/190806dilc-firm.html
x_refsource_MISC
x_transferred
https://www.canon-europe.com/support/product-security/
x_refsource_CONFIRM
x_transferred
http://jvn.jp/en/vu/JVNVU97511331/index.html
x_refsource_MISC
x_transferred
https://research.checkpoint.com/say-cheese-ransomware-ing-a-dslr-camera/
x_refsource_MISC
x_transferred
Hyperlink: https://www.usa.canon.com/internet/portal/us/home/support/product-advisories/detail/the-vulnerability-in-canon-digital-cameras
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://cweb.canon.jp/e-support/products/eos-d/190806dilc-firm.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.canon-europe.com/support/product-security/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://jvn.jp/en/vu/JVNVU97511331/index.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://research.checkpoint.com/say-cheese-ransomware-ing-a-dslr-camera/
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:vultures@jpcert.or.jp
Published At:06 Aug, 2019 | 19:15
Updated At:24 Aug, 2020 | 17:37

Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier allows an attacker on the same network segment to trigger the affected product being unresponsive or to execute arbitrary code on the affected product via sendhostinfo command.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.08.8HIGH
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.08.3HIGH
AV:A/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.0
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 8.3
Base severity: HIGH
Vector:
AV:A/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
Canon Inc.
canon
>>eos-1d_x_firmware>>Versions up to 2.1.0(inclusive)
cpe:2.3:o:canon:eos-1d_x_firmware:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>eos-1d_x>>-
cpe:2.3:h:canon:eos-1d_x:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>eos-1d_x_mkii_firmware>>Versions up to 1.1.6(inclusive)
cpe:2.3:o:canon:eos-1d_x_mkii_firmware:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>eos-1d_x_mkii>>-
cpe:2.3:h:canon:eos-1d_x_mkii:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>eos-1d_c_firmware>>Versions up to 1.4.1(inclusive)
cpe:2.3:o:canon:eos-1d_c_firmware:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>eos-1d_c>>-
cpe:2.3:h:canon:eos-1d_c:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>eos_5d_mark_iii_firmware>>Versions up to 1.3.5(inclusive)
cpe:2.3:o:canon:eos_5d_mark_iii_firmware:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>eos_5d_mark_iii>>-
cpe:2.3:h:canon:eos_5d_mark_iii:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>eos_5d_mark_iv_firmware>>Versions up to 1.2.0(inclusive)
cpe:2.3:o:canon:eos_5d_mark_iv_firmware:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>eos_5d_mark_iv>>-
cpe:2.3:h:canon:eos_5d_mark_iv:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>eos_5ds_firmware>>Versions up to 1.1.2(inclusive)
cpe:2.3:o:canon:eos_5ds_firmware:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>eos_5ds>>-
cpe:2.3:h:canon:eos_5ds:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>eos_5ds_r_firmware>>Versions up to 1.1.2(inclusive)
cpe:2.3:o:canon:eos_5ds_r_firmware:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>eos_5ds_r>>-
cpe:2.3:h:canon:eos_5ds_r:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>eos_6d_firmware>>Versions up to 1.1.8(inclusive)
cpe:2.3:o:canon:eos_6d_firmware:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>eos_6d>>-
cpe:2.3:h:canon:eos_6d:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>eos_7d_mark_ii_firmware>>Versions up to 1.1.2(inclusive)
cpe:2.3:o:canon:eos_7d_mark_ii_firmware:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>eos_7d_mark_ii>>-
cpe:2.3:h:canon:eos_7d_mark_ii:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>eos_70d_firmware>>Versions up to 1.1.2(inclusive)
cpe:2.3:o:canon:eos_70d_firmware:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>eos_70d>>-
cpe:2.3:h:canon:eos_70d:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>eos_80d_firmware>>Versions up to 1.0.2(inclusive)
cpe:2.3:o:canon:eos_80d_firmware:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>eos_80d>>-
cpe:2.3:h:canon:eos_80d:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>eos_kiss_x7i_firmware>>Versions up to 1.1.5(inclusive)
cpe:2.3:o:canon:eos_kiss_x7i_firmware:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>eos_kiss_x7i>>-
cpe:2.3:h:canon:eos_kiss_x7i:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>eos_d_rebel_t5i_firmware>>Versions up to 1.1.5(inclusive)
cpe:2.3:o:canon:eos_d_rebel_t5i_firmware:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>eos_d_rebel_t5i>>-
cpe:2.3:h:canon:eos_d_rebel_t5i:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>eos_700d_firmware>>Versions up to 1.1.5(inclusive)
cpe:2.3:o:canon:eos_700d_firmware:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>eos_700d>>-
cpe:2.3:h:canon:eos_700d:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>eos_kiss_x8i_firmware>>Versions up to 1.0.0(inclusive)
cpe:2.3:o:canon:eos_kiss_x8i_firmware:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>eos_kiss_x8i>>-
cpe:2.3:h:canon:eos_kiss_x8i:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>eos_d_rebel_t6i_firmware>>Versions up to 1.0.0(inclusive)
cpe:2.3:o:canon:eos_d_rebel_t6i_firmware:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>eos_d_rebel_t6i>>-
cpe:2.3:h:canon:eos_d_rebel_t6i:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>eos_750d_firmware>>Versions up to 1.0.0(inclusive)
cpe:2.3:o:canon:eos_750d_firmware:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>eos_750d>>-
cpe:2.3:h:canon:eos_750d:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>eos_kiss_x9i_firmware>>Versions up to 1.0.1(inclusive)
cpe:2.3:o:canon:eos_kiss_x9i_firmware:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>eos_kiss_x9i>>-
cpe:2.3:h:canon:eos_kiss_x9i:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>eos_d_rebel_t7i_firmware>>Versions up to 1.0.1(inclusive)
cpe:2.3:o:canon:eos_d_rebel_t7i_firmware:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>eos_d_rebel_t7i>>-
cpe:2.3:h:canon:eos_d_rebel_t7i:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>eos_800d_firmware>>Versions up to 1.0.1(inclusive)
cpe:2.3:o:canon:eos_800d_firmware:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>eos_800d>>-
cpe:2.3:h:canon:eos_800d:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>eos_kiss_x7_firmware>>Versions up to 1.0.1(inclusive)
cpe:2.3:o:canon:eos_kiss_x7_firmware:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>eos_kiss_x7>>-
cpe:2.3:h:canon:eos_kiss_x7:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>eos_d_rebel_sl1_firmware>>Versions up to 1.0.1(inclusive)
cpe:2.3:o:canon:eos_d_rebel_sl1_firmware:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>eos_d_rebel_sl1>>-
cpe:2.3:h:canon:eos_d_rebel_sl1:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>eos_100d_firmware>>Versions up to 1.0.1(inclusive)
cpe:2.3:o:canon:eos_100d_firmware:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>eos_100d>>-
cpe:2.3:h:canon:eos_100d:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>eos_kiss_x9_firmware>>Versions up to 1.0.1(inclusive)
cpe:2.3:o:canon:eos_kiss_x9_firmware:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>eos_kiss_x9>>-
cpe:2.3:h:canon:eos_kiss_x9:-:*:*:*:*:*:*:*
Canon Inc.
canon
>>eos_d_rebel_sl2_firmware>>Versions up to 1.0.1(inclusive)
cpe:2.3:o:canon:eos_d_rebel_sl2_firmware:*:*:*:*:*:*:*:*
Canon Inc.
canon
>>eos_d_rebel_sl2>>-
cpe:2.3:h:canon:eos_d_rebel_sl2:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://jvn.jp/en/vu/JVNVU97511331/index.htmlvultures@jpcert.or.jp
Third Party Advisory
https://cweb.canon.jp/e-support/products/eos-d/190806dilc-firm.htmlvultures@jpcert.or.jp
Vendor Advisory
https://research.checkpoint.com/say-cheese-ransomware-ing-a-dslr-camera/vultures@jpcert.or.jp
Exploit
Third Party Advisory
https://www.canon-europe.com/support/product-security/vultures@jpcert.or.jp
Vendor Advisory
https://www.usa.canon.com/internet/portal/us/home/support/product-advisories/detail/the-vulnerability-in-canon-digital-camerasvultures@jpcert.or.jp
Vendor Advisory
Hyperlink: http://jvn.jp/en/vu/JVNVU97511331/index.html
Source: vultures@jpcert.or.jp
Resource:
Third Party Advisory
Hyperlink: https://cweb.canon.jp/e-support/products/eos-d/190806dilc-firm.html
Source: vultures@jpcert.or.jp
Resource:
Vendor Advisory
Hyperlink: https://research.checkpoint.com/say-cheese-ransomware-ing-a-dslr-camera/
Source: vultures@jpcert.or.jp
Resource:
Exploit
Third Party Advisory
Hyperlink: https://www.canon-europe.com/support/product-security/
Source: vultures@jpcert.or.jp
Resource:
Vendor Advisory
Hyperlink: https://www.usa.canon.com/internet/portal/us/home/support/product-advisories/detail/the-vulnerability-in-canon-digital-cameras
Source: vultures@jpcert.or.jp
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

191Records found
CVE-2023-41213
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-2.61% / 85.06%
||
7 Day CHG+0.18%
Published-03 May, 2024 | 02:12
Updated-12 Mar, 2025 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1325 setDhcpAssignRangeUpdate lan_ipaddr Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1325 setDhcpAssignRangeUpdate lan_ipaddr Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18840.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1325_firmwaredap-1325DAP-1325dap-1325_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-41215
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.59% / 80.91%
||
7 Day CHG+0.11%
Published-03 May, 2024 | 02:12
Updated-13 May, 2025 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-2622 DDP Set Date-Time Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Set Date-Time Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20086.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-2622dap-2622_firmwareDAP-2622dap_2622_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-41210
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-2.61% / 85.06%
||
7 Day CHG+0.18%
Published-03 May, 2024 | 02:12
Updated-12 Mar, 2025 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1325 SetHostIPv6StaticSettings StaticDNS2 Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1325 SetHostIPv6StaticSettings StaticDNS2 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18836.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1325_firmwaredap-1325DAP-1325dap-1325_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-41212
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-2.61% / 85.06%
||
7 Day CHG+0.18%
Published-03 May, 2024 | 02:12
Updated-12 Mar, 2025 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1325 SetTriggerAPValidate Key Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1325 SetTriggerAPValidate Key Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18839.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1325_firmwaredap-1325DAP-1325dap-1325
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-41207
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-2.61% / 85.06%
||
7 Day CHG+0.18%
Published-03 May, 2024 | 02:12
Updated-12 Mar, 2025 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1325 SetHostIPv6StaticSettings StaticAddress Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1325 SetHostIPv6StaticSettings StaticAddress Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18833.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1325_firmwaredap-1325DAP-1325dap-1325
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-41208
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-2.61% / 85.06%
||
7 Day CHG+0.18%
Published-03 May, 2024 | 02:12
Updated-12 Mar, 2025 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1325 SetHostIPv6StaticSettings StaticDefaultGateway Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1325 SetHostIPv6StaticSettings StaticDefaultGateway Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18834.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1325_firmwaredap-1325DAP-1325dap-1325_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-20683
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.65% / 69.90%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 14:15
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.32, D7000 before 1.0.1.68, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6050 before 1.0.1.18, R6080 before 1.0.0.38, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.40, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, WNR2020 before 1.1.0.62, and XR500 before 2.3.2.32.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wnr2020_firmwared6000_firmwarer6120wnr2020r6220_firmwarepr2000r6080_firmwarer6120_firmwared3600_firmwarer6800r6050pr2000_firmwarer6260_firmwarer6260r6220r6020d3600xr500_firmwarer6020_firmwarexr500d7000r6080d7000_firmwarer6700d6000r6900d6200_firmwarer6900_firmwarer6050_firmwared6200jr6150_firmwarejr6150r6700_firmwarer6800_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-20753
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.33% / 55.55%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 21:06
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects DGN2200v1 before 1.0.0.58, D8500 before 1.0.3.42, D7000v2 before 1.0.0.51, D6400 before 1.0.0.78, D6220 before 1.0.0.44, JNDR3000 before 1.0.0.24, R8000 before 1.0.4.18, R8500 before 1.0.2.122, R8300 before 1.0.2.122, R7900 before 1.0.2.16, R7000P before 1.3.2.34, R7300DST before 1.0.0.68, R7100LG before 1.0.0.46, R6900P before 1.3.2.34, R7000 before 1.0.9.28, R6900 before 1.0.1.46, R6700 before 1.0.1.46, R6400v2 before 1.0.2.56, R6400 before 1.0.1.42, R6300v2 before 1.0.4.28, R6250 before 1.0.4.26, WNDR3400v3 before 1.0.1.22, WNDR4500v2 before 1.0.0.72, and WNR3500Lv2 before 1.2.0.50.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8000r6400_firmwarer6900pr7100lgr7900r6900p_firmwarewndr3400d6220r8500_firmwarer8300r7300dst_firmwarer7100lg_firmwaredgn2200r7000_firmwared6400_firmwarewndr4500r7300dstd6220_firmwarer6300_firmwared8500_firmwarer6250_firmwarer7000p_firmwarer8500d7000d8500wndr3400_firmwared7000_firmwarer6700r8300_firmwarer7000wndr4500_firmwarewnr3500l_firmwarer6900d6400jndr3000_firmwarejndr3000r7000pwnr3500ldgn2200_firmwarer6900_firmwarer7900_firmwarer6300r6400r6700_firmwarer8000_firmwarer6250n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-20684
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.65% / 69.90%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 14:16
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6200 before 1.1.00.32, D7000 before 1.0.1.68, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6050 before 1.0.1.18, R6080 before 1.0.0.38, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.40, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, WNR2020 before 1.1.0.62, and XR500 before 2.3.2.32.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wnr2020_firmwared6000_firmwarer6120wnr2020r6220_firmwarepr2000r6080_firmwarer6120_firmwared3600_firmwarer6800r6050pr2000_firmwarer6260_firmwarer6260r6220r6020d3600xr500_firmwarer6020_firmwarexr500d7000r6080d7000_firmwarer6700d6000r6900d6200_firmwarer6900_firmwarer6050_firmwared6200jr6150_firmwarejr6150r6700_firmwarer6800_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-41211
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-2.61% / 85.06%
||
7 Day CHG+0.18%
Published-03 May, 2024 | 02:12
Updated-12 Mar, 2025 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1325 SetHostIPv6StaticSettings StaticPrefixLength Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1325 SetHostIPv6StaticSettings StaticPrefixLength Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18837.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1325_firmwaredap-1325DAP-1325dap-1325_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-20682
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.65% / 69.90%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 14:13
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.32, D7000 before 1.0.1.68, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6050 before 1.0.1.18, R6080 before 1.0.0.38, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.40, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, WNR2020 before 1.1.0.62, and XR500 before 2.3.2.32.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wnr2020_firmwared6000_firmwarer6120wnr2020r6220_firmwarepr2000r6080_firmwarer6120_firmwared3600_firmwarer6800r6050pr2000_firmwarer6260_firmwarer6260r6220r6020d3600xr500_firmwarer6020_firmwarexr500d7000r6080d7000_firmwarer6700d6000r6900d6200_firmwarer6900_firmwarer6050_firmwared6200jr6150_firmwarejr6150r6700_firmwarer6800_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-2009
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.68% / 70.55%
||
7 Day CHG~0.00%
Published-19 Jun, 2019 | 19:57
Updated-04 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-120665616

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-20685
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.65% / 69.90%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 14:17
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6200 before 1.1.00.32, D7000 before 1.0.1.68, DM200 before 1.0.0.58, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6050 before 1.0.1.18, R6080 before 1.0.0.38, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.40, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, WNR2020 before 1.1.0.62, and XR500 before 2.3.2.32.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wnr2020_firmwared6000_firmwarer6120wnr2020r6220_firmwarepr2000r6080_firmwaredm200_firmwarer6120_firmwared3600_firmwarer6800r6050pr2000_firmwarer6260_firmwarer6260r6220r6020d3600xr500_firmwarer6020_firmwarexr500d7000dm200r6080d7000_firmwarer6700d6000r6900d6200_firmwarer6900_firmwarer6050_firmwared6200jr6150_firmwarejr6150r6700_firmwarer6800_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-20640
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.65% / 69.90%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 17:12
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.32, D7000 before 1.0.1.68, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6050 before 1.0.1.18, R6080 before 1.0.0.38, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.40, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, WNR2020 before 1.1.0.62, and XR500 before 2.3.2.32.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wnr2020_firmwared6000_firmwarer6120wnr2020r6220_firmwarepr2000r6080_firmwarer6120_firmwared3600_firmwarer6800r6050pr2000_firmwarer6260_firmwarer6260r6220r6020d3600xr500_firmwarer6020_firmwarexr500d7000r6080d7000_firmwarer6700d6000r6900d6200_firmwarer6900_firmwarer6050_firmwared6200jr6150_firmwarejr6150r6700_firmwarer6800_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-41209
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-2.61% / 85.06%
||
7 Day CHG+0.18%
Published-03 May, 2024 | 02:12
Updated-12 Mar, 2025 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1325 SetHostIPv6StaticSettings StaticDNS1 Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1325 SetHostIPv6StaticSettings StaticDNS1 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18835.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1325_firmwaredap-1325DAP-1325dap-1325_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-41229
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.53% / 66.41%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:12
Updated-15 May, 2025 | 12:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-3040 HTTP Request Processing Referer Heap-Based Buffer Overflow Remote Code Execution Vulnerability

D-Link DIR-3040 HTTP Request Processing Referer Heap-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd webserver listening on TCP ports 80 and 443. The issue results from the lack of proper validation of a user-supplied string before copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21671.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-3040_firmwaredir-3040DIR-3040dir-3040_firmware
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-51635
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.87% / 82.36%
||
7 Day CHG~0.00%
Published-22 Nov, 2024 | 20:04
Updated-03 Jan, 2025 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR RAX30 fing_dil Stack-based Buffer Overflow Remote Code Execution Vulnerability

NETGEAR RAX30 fing_dil Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within fing_dil service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19843.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rax30_firmwarerax30RAX30rax30_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-37319
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.54% / 80.60%
||
7 Day CHG+0.10%
Published-03 May, 2024 | 01:58
Updated-13 May, 2025 | 14:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-2622 DDP Set IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Set IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20097.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-2622dap-2622_firmwareDAP-2622dap_2622_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-37314
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.54% / 80.60%
||
7 Day CHG+0.10%
Published-03 May, 2024 | 01:58
Updated-13 May, 2025 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-2622 DDP Set IPv6 Address Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Set IPv6 Address Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20092.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-2622dap-2622_firmwareDAP-2622dap_2622_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-37317
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.54% / 80.60%
||
7 Day CHG+0.10%
Published-03 May, 2024 | 01:58
Updated-13 May, 2025 | 14:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-2622 DDP Set IPv6 Address Primary DNS Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Set IPv6 Address Primary DNS Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20095.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-2622dap-2622_firmwareDAP-2622dap_2622_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-37322
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.54% / 80.60%
||
7 Day CHG+0.10%
Published-03 May, 2024 | 01:58
Updated-13 May, 2025 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-2622 DDP Set SSID List RADIUS Server Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Set SSID List RADIUS Server Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20100.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-2622dap-2622_firmwareDAP-2622dap_2622_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-37323
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.16% / 77.69%
||
7 Day CHG+0.08%
Published-03 May, 2024 | 01:58
Updated-13 May, 2025 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-2622 DDP Set SSID List PSK Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Set SSID List PSK Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20101.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-2622dap-2622_firmwareDAP-2622dap_2622_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-35729
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.75% / 81.77%
||
7 Day CHG+0.12%
Published-03 May, 2024 | 01:57
Updated-13 May, 2025 | 13:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-2622 DDP Reset Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Reset Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20056.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-2622dap-2622_firmwareDAP-2622dap_2622_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-35728
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.75% / 81.77%
||
7 Day CHG+0.12%
Published-03 May, 2024 | 01:57
Updated-13 May, 2025 | 13:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-2622 DDP Reboot Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Reboot Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20055.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-2622dap-2622_firmwareDAP-2622dap_2622_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-35733
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.75% / 81.77%
||
7 Day CHG+0.12%
Published-03 May, 2024 | 01:57
Updated-13 May, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-2622 DDP Change ID Password Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Change ID Password Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20060.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-2622dap-2622_firmwareDAP-2622dap_2622_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-35741
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.63% / 81.11%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:57
Updated-13 May, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-2622 DDP Configuration Backup Filename Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Configuration Backup Filename Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20068.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-2622dap-2622_firmwareDAP-2622dap_2622_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-35730
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.75% / 81.77%
||
7 Day CHG+0.12%
Published-03 May, 2024 | 01:57
Updated-13 May, 2025 | 13:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-2622 DDP Reset Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Reset Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20057.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-2622dap-2622_firmwareDAP-2622dap-2622
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-35753
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.75% / 81.77%
||
7 Day CHG+0.12%
Published-03 May, 2024 | 01:58
Updated-13 May, 2025 | 13:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-2622 DDP Set AG Profile UUID Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Set AG Profile UUID Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20081.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-2622dap-2622_firmwareDAP-2622dap_2622_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-35754
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.75% / 81.77%
||
7 Day CHG+0.12%
Published-03 May, 2024 | 01:58
Updated-13 May, 2025 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-2622 DDP Set AG Profile NMS URL Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Set AG Profile NMS URL Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20082.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-2622dap-2622_firmwareDAP-2622dap_2622_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-35739
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.63% / 81.11%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:57
Updated-13 May, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-2622 DDP Configuration Backup Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Configuration Backup Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20066.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-2622dap-2622_firmwareDAP-2622dap_2622_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-35731
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.75% / 81.77%
||
7 Day CHG+0.12%
Published-03 May, 2024 | 01:57
Updated-13 May, 2025 | 13:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-2622 DDP Reset Factory Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Reset Factory Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20058.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-2622dap-2622_firmwareDAP-2622dap-2622
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-35746
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.75% / 81.77%
||
7 Day CHG+0.12%
Published-03 May, 2024 | 01:58
Updated-13 May, 2025 | 13:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-2622 DDP Firmware Upgrade Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Firmware Upgrade Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20074.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-2622dap-2622_firmwareDAP-2622dap_2622_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-35732
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.75% / 81.77%
||
7 Day CHG+0.12%
Published-03 May, 2024 | 01:57
Updated-13 May, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-2622 DDP Reset Factory Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Reset Factory Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20059.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-2622dap-2622_firmwareDAP-2622dap_2622_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-35737
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.63% / 81.11%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:57
Updated-13 May, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-2622 DDP Configuration Backup Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Configuration Backup Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20064.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-2622dap-2622_firmwareDAP-2622dap_2622_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-35743
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.78% / 72.69%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:57
Updated-13 May, 2025 | 13:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-2622 DDP Configuration Restore Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Configuration Restore Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20070.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-2622dap-2622_firmwareDAP-2622dap_2622_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-35740
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.63% / 81.11%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:57
Updated-13 May, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-2622 DDP Configuration Backup Server Address Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Configuration Backup Server Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20067.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-2622dap-2622_firmwareDAP-2622dap-2622
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-35727
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.75% / 81.77%
||
7 Day CHG+0.12%
Published-03 May, 2024 | 01:57
Updated-13 May, 2025 | 13:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-2622 DDP Reboot Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Reboot Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20054.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-2622dap-2622_firmwareDAP-2622dap_2622_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32139
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.53% / 66.41%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:56
Updated-16 May, 2025 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1360 webproc Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1360 webproc Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling requests to the /cgi-bin/webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-18417.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1360dap-2020_firmwaredap-1360_firmwaredap-2020DAP-1360dap-1360
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32142
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.36% / 57.02%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:56
Updated-16 May, 2025 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1360 webproc var:page Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1360 webproc var:page Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the /cgi-bin/webproc endpoint. When parsing the var:page parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-18422.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1360dap-2020_firmwaredap-1360_firmwaredap-2020DAP-1360dap-1360f1_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-50208
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-3.90% / 87.80%
||
7 Day CHG+0.26%
Published-03 May, 2024 | 02:14
Updated-10 Mar, 2025 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link G416 ovpncfg Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link G416 ovpncfg Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21441.

Action-Not Available
Vendor-D-Link Corporation
Product-g416g416_firmwareG416g416_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-6144
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.26% / 78.56%
||
7 Day CHG~0.00%
Published-18 Jun, 2024 | 23:38
Updated-19 Sep, 2024 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Actiontec WCB6200Q Multipart Boundary Stack-based Buffer Overflow Remote Code Execution Vulnerability

Actiontec WCB6200Q Multipart Boundary Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP server. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the HTTP server. Was ZDI-CAN-21416.

Action-Not Available
Vendor-Actiontec (Actiontec Electronics, Inc.)
Product-wcb6200qwcb6200q_firmwareWCB6200Qwcb6200q_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-6146
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.26% / 78.56%
||
7 Day CHG~0.00%
Published-18 Jun, 2024 | 23:39
Updated-19 Sep, 2024 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Actiontec WCB6200Q uh_get_postdata_withupload Stack-based Buffer Overflow Remote Code Execution Vulnerability

Actiontec WCB6200Q uh_get_postdata_withupload Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP server. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the HTTP server. Was ZDI-CAN-21418.

Action-Not Available
Vendor-Actiontec (Actiontec Electronics, Inc.)
Product-wcb6200qwcb6200q_firmwareWCB6200Q
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-9504
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.69% / 70.93%
||
7 Day CHG~0.00%
Published-02 Oct, 2018 | 19:00
Updated-16 Sep, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution over bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-110216176

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-9555
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.36% / 57.39%
||
7 Day CHG~0.00%
Published-06 Dec, 2018 | 14:00
Updated-05 Aug, 2024 | 07:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112321180.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-27368
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.04% / 10.51%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:56
Updated-03 Jan, 2025 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability

NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the soap_serverd binary. When parsing SOAP message headers, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19839.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rax30_firmwarerax30RAX30rax30
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-50209
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-3.90% / 87.80%
||
7 Day CHG+0.26%
Published-03 May, 2024 | 02:14
Updated-10 Mar, 2025 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link G416 cfgsave Stack-Based Buffer Overflow Remote Code Execution Vulnerability

D-Link G416 cfgsave Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21442.

Action-Not Available
Vendor-D-Link Corporation
Product-g416g416_firmwareG416g416_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-14901
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-6.10% / 90.40%
||
7 Day CHG~0.00%
Published-29 Nov, 2019 | 14:05
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system.

Action-Not Available
Vendor-Fedora ProjectCanonical Ltd.Red Hat, Inc.Linux Kernel Organization, IncDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxlinux_kernelfedorakernel
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-8072
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.34% / 56.36%
||
7 Day CHG~0.00%
Published-26 Apr, 2018 | 15:00
Updated-05 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on EDIMAX IC-3140W through 3.06, IC-5150W through 3.09, and IC-6220DC through 3.06 devices. The ipcam_cgi binary contains a stack-based buffer overflow that is possible to trigger from a remote unauthenticated /camera-cgi/public/getsysyeminfo.cgi?action=VALUE_HERE HTTP request: if the VALUE_HERE length is more than 0x400 (1024), it is possible to overwrite other values located on the stack due to an incorrect use of the strcpy() function.

Action-Not Available
Vendor-n/aEdimax Technology Company Ltd.
Product-ic-3140wic-5150wic-6220dc_firmwareic-3140w_firmwareic-6220dcic-5150w_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-27369
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.04% / 10.51%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:56
Updated-03 Jan, 2025 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability

NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30. Authentication is not required to exploit this vulnerability. The specific flaw exists within the soap_serverd binary. When parsing the request headers, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19840.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rax30_firmwarerax30RAX30rax30
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-34947
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.29% / 51.65%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 22:54
Updated-14 Aug, 2025 | 01:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR R7800 net-cgi Out-Of-Bounds Write Remote Code Execution Vulnerability

NETGEAR R7800 net-cgi Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the soap_block_table file. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-13055.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-ex6200rbs40_firmwarer6700axd7800_firmwarer9000_firmwarerbs50_firmwarerbs10_firmwarerbs40rax78_firmwareex6420_firmwareex6250ex8000_firmwarerax120_firmwarer7800_firmwarerax120r8900_firmwareex7320ex6100_firmwarelbr20_firmwarexr450_firmwarerax10_firmwareex7300v2_firmwarerax120v2ex7700_firmwarerax70rbs20ex7300_firmwarewnr2000v5_firmwared7800rbr10_firmwareex6150ex6400v2lbr1020ex7300v2rbs50ex6410_firmwarerax10ex6100ex7320_firmwareex6410r6700ax_firmwarerbr50_firmwarexr500_firmwareex6400v2_firmwareex7700rbs50yrbr40_firmwarexr450rbr40rbs20_firmwarexr700_firmwarer9000ex2700xr500xr700lbr20rbs10ex6400_firmwarerbr20rbr20_firmwareex6500v1ex8000ex6250_firmwarewn3000rpv2_firmwareex6420rbr50rax120v2_firmwareex2700_firmwareex6500v1_firmwarerbs50y_firmwarewnr2000v5ex7300ex6400rbr10r7800lbr1020_firmwarewn3000rpv2ex6150_firmwarerax70_firmwarer8900rax78ex6200_firmwareR7800r7800
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found