Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-6496

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-19 Jan, 2019 | 17:00
Updated At-04 Aug, 2024 | 20:23
Rejected At-
Credits

The ThreadX-based firmware on Marvell Avastar Wi-Fi devices, models 88W8787, 88W8797, 88W8801, 88W8897, and 88W8997, allows remote attackers to execute arbitrary code or cause a denial of service (block pool overflow) via malformed Wi-Fi packets during identification of available Wi-Fi networks. Exploitation of the Wi-Fi device can lead to exploitation of the host application processor in some cases, but this depends on several factors including host OS hardening and the availability of DMA.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:19 Jan, 2019 | 17:00
Updated At:04 Aug, 2024 | 20:23
Rejected At:
▼CVE Numbering Authority (CNA)

The ThreadX-based firmware on Marvell Avastar Wi-Fi devices, models 88W8787, 88W8797, 88W8801, 88W8897, and 88W8997, allows remote attackers to execute arbitrary code or cause a denial of service (block pool overflow) via malformed Wi-Fi packets during identification of available Wi-Fi networks. Exploitation of the Wi-Fi device can lead to exploitation of the host application processor in some cases, but this depends on several factors including host OS hardening and the availability of DMA.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.scribd.com/document/398350818/WiFi-CVE-2019-6496-Marvell-s-Statement
x_refsource_CONFIRM
http://www.securityfocus.com/bid/106865
vdb-entry
x_refsource_BID
https://2018.zeronights.ru/wp-content/uploads/materials/19-Researching-Marvell-Avastar-Wi-Fi.pdf
x_refsource_MISC
https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce/
x_refsource_MISC
https://www.zdnet.com/article/wifi-firmware-bug-affects-laptops-smartphones-routers-gaming-devices/
x_refsource_MISC
https://www.synology.com/security/advisory/Synology_SA_19_07
x_refsource_CONFIRM
https://www.kb.cert.org/vuls/id/730261/
third-party-advisory
x_refsource_CERT-VN
Hyperlink: https://www.scribd.com/document/398350818/WiFi-CVE-2019-6496-Marvell-s-Statement
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/106865
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://2018.zeronights.ru/wp-content/uploads/materials/19-Researching-Marvell-Avastar-Wi-Fi.pdf
Resource:
x_refsource_MISC
Hyperlink: https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce/
Resource:
x_refsource_MISC
Hyperlink: https://www.zdnet.com/article/wifi-firmware-bug-affects-laptops-smartphones-routers-gaming-devices/
Resource:
x_refsource_MISC
Hyperlink: https://www.synology.com/security/advisory/Synology_SA_19_07
Resource:
x_refsource_CONFIRM
Hyperlink: https://www.kb.cert.org/vuls/id/730261/
Resource:
third-party-advisory
x_refsource_CERT-VN
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.scribd.com/document/398350818/WiFi-CVE-2019-6496-Marvell-s-Statement
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/106865
vdb-entry
x_refsource_BID
x_transferred
https://2018.zeronights.ru/wp-content/uploads/materials/19-Researching-Marvell-Avastar-Wi-Fi.pdf
x_refsource_MISC
x_transferred
https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce/
x_refsource_MISC
x_transferred
https://www.zdnet.com/article/wifi-firmware-bug-affects-laptops-smartphones-routers-gaming-devices/
x_refsource_MISC
x_transferred
https://www.synology.com/security/advisory/Synology_SA_19_07
x_refsource_CONFIRM
x_transferred
https://www.kb.cert.org/vuls/id/730261/
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: https://www.scribd.com/document/398350818/WiFi-CVE-2019-6496-Marvell-s-Statement
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/106865
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://2018.zeronights.ru/wp-content/uploads/materials/19-Researching-Marvell-Avastar-Wi-Fi.pdf
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.zdnet.com/article/wifi-firmware-bug-affects-laptops-smartphones-routers-gaming-devices/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.synology.com/security/advisory/Synology_SA_19_07
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.kb.cert.org/vuls/id/730261/
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:20 Jan, 2019 | 20:29
Updated At:24 Aug, 2020 | 17:37

The ThreadX-based firmware on Marvell Avastar Wi-Fi devices, models 88W8787, 88W8797, 88W8801, 88W8897, and 88W8997, allows remote attackers to execute arbitrary code or cause a denial of service (block pool overflow) via malformed Wi-Fi packets during identification of available Wi-Fi networks. Exploitation of the Wi-Fi device can lead to exploitation of the host application processor in some cases, but this depends on several factors including host OS hardening and the availability of DMA.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.08.8HIGH
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.08.3HIGH
AV:A/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.0
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 8.3
Base severity: HIGH
Vector:
AV:A/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
marvell
marvell
>>88w8787_firmware>>-
cpe:2.3:o:marvell:88w8787_firmware:-:*:*:*:*:*:*:*
marvell
marvell
>>88w8787>>-
cpe:2.3:h:marvell:88w8787:-:*:*:*:*:*:*:*
marvell
marvell
>>88w8797_firmware>>-
cpe:2.3:o:marvell:88w8797_firmware:-:*:*:*:*:*:*:*
marvell
marvell
>>88w8797>>-
cpe:2.3:h:marvell:88w8797:-:*:*:*:*:*:*:*
marvell
marvell
>>88w8801_firmware>>-
cpe:2.3:o:marvell:88w8801_firmware:-:*:*:*:*:*:*:*
marvell
marvell
>>88w8801>>-
cpe:2.3:h:marvell:88w8801:-:*:*:*:*:*:*:*
marvell
marvell
>>88w8897_firmware>>-
cpe:2.3:o:marvell:88w8897_firmware:-:*:*:*:*:*:*:*
marvell
marvell
>>88w8897>>-
cpe:2.3:h:marvell:88w8897:-:*:*:*:*:*:*:*
marvell
marvell
>>88w8997_firmware>>-
cpe:2.3:o:marvell:88w8997_firmware:-:*:*:*:*:*:*:*
marvell
marvell
>>88w8997>>-
cpe:2.3:h:marvell:88w8997:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/106865cve@mitre.org
Third Party Advisory
VDB Entry
https://2018.zeronights.ru/wp-content/uploads/materials/19-Researching-Marvell-Avastar-Wi-Fi.pdfcve@mitre.org
Exploit
Third Party Advisory
https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce/cve@mitre.org
Third Party Advisory
https://www.kb.cert.org/vuls/id/730261/cve@mitre.org
Third Party Advisory
US Government Resource
https://www.scribd.com/document/398350818/WiFi-CVE-2019-6496-Marvell-s-Statementcve@mitre.org
Third Party Advisory
https://www.synology.com/security/advisory/Synology_SA_19_07cve@mitre.org
Third Party Advisory
https://www.zdnet.com/article/wifi-firmware-bug-affects-laptops-smartphones-routers-gaming-devices/cve@mitre.org
Exploit
Press/Media Coverage
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/106865
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://2018.zeronights.ru/wp-content/uploads/materials/19-Researching-Marvell-Avastar-Wi-Fi.pdf
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce/
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://www.kb.cert.org/vuls/id/730261/
Source: cve@mitre.org
Resource:
Third Party Advisory
US Government Resource
Hyperlink: https://www.scribd.com/document/398350818/WiFi-CVE-2019-6496-Marvell-s-Statement
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://www.synology.com/security/advisory/Synology_SA_19_07
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://www.zdnet.com/article/wifi-firmware-bug-affects-laptops-smartphones-routers-gaming-devices/
Source: cve@mitre.org
Resource:
Exploit
Press/Media Coverage
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

176Records found
CVE-2024-5950
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-3.04% / 86.49%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 19:40
Updated-07 Aug, 2024 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Deep Sea Electronics DSE855 Multipart Value Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability

Deep Sea Electronics DSE855 Multipart Value Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of multipart form variables. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23172.

Action-Not Available
Vendor-deepseaelectronicsDeep Sea Electronicsdeep_sea_electronics
Product-dse855dse855_firmwareDSE855dse855
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-10194
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.10% / 26.71%
||
7 Day CHG~0.00%
Published-20 Oct, 2024 | 08:00
Updated-23 Oct, 2024 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WAVLINK WN530H4/WN530HG4/WN572HG3 Front-End Authentication Page login.cgi Goto_chidx stack-based overflow

A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been classified as critical. Affected is the function Goto_chidx of the file login.cgi of the component Front-End Authentication Page. The manipulation of the argument wlanUrl leads to stack-based buffer overflow. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-WAVLINK Technology Ltd.
Product-wn530h4wn530h4_firmwarewn530hg4_firmwarewn530hg4wn572hg3_firmwarewn572hg3WN530H4WN572HG3WN530HG4wn530hg4wn530h4wn572hg3
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-25996
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.46% / 63.83%
||
7 Day CHG~0.00%
Published-05 Aug, 2022 | 21:17
Updated-15 Apr, 2025 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the confsrv addTimeGroup functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.

Action-Not Available
Vendor-TCL
Product-linkhub_mesh_wifi_ac1200LinkHub Mesh Wifi
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-26009
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.46% / 63.83%
||
7 Day CHG~0.00%
Published-05 Aug, 2022 | 21:18
Updated-15 Apr, 2025 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the confsrv ucloud_set_node_location functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.

Action-Not Available
Vendor-TCL
Product-linkhub_mesh_wifi_ac1200LinkHub Mesh Wifi
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-24673
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-9.17% / 92.58%
||
7 Day CHG~0.00%
Published-28 Mar, 2023 | 00:00
Updated-19 Feb, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the SLP protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15845.

Action-Not Available
Vendor-Canon Inc.
Product-mf741cdw_firmwaremf735cdw_firmwared1550_firmwaremf6180dwmf641cwmf424dw_firmwaremf1643i_ii_firmwaremf1238_firmwarelbp228dw_firmwaremf543dw_firmwaremf634cdw_firmwaremf1238mf451dw_firmwaremf624cdw_firmwaremf733cdwmf743cdwmf735cdwlbp612cdwmf746cdw1435if\+mf448dwmf448dw_firmwaremf6160dw_firmwaremf644cdw_firmwarelbp1127c_firmwared1650_firmwarewg7250z_firmwaremf632cdw1435if\+_firmwarelbp228dwlbp253dw_firmwaremf445dwlbp227dwmf6160dwmf642cdw_firmwarelbp1238lbp654cdwmf416dw_firmwaremf453dw_firmwaremf1238_ii_firmwarelbp214dwlbp227dw_firmwareir1435imf644cdwd15201435ifwg72401435p\+mf8280cw_firmwarewg7250flbp623cdw_firmware1435i\+_firmware1435pd1520_firmwaremf1643if_iimf641cw_firmwarelbp622cdwd1550mf525dwmf515dwmf729cdwmf733cdw_firmwaremf6180dw_firmwared1620_firmwaremf820cdn_firmwaremf453dwmf634cdwmf452dw_firmwaremf449dwwg7250_firmwarelbp215dw_firmware1435p\+_firmwaremf731cdw_firmwaremf8280cwlbp214dw_firmwarelbp612cdw_firmwaremf741cdwlbp623cdwlbp226dwmf426dwmf745cdwmf515dw_firmwaremf624cdwir1643if_firmware1435i\+mf1238_iimf628cdw_firmwaremf1127c_firmwaremf429dw_firmwarelbp1127cir1643i_firmwared1620mf726cdw_firmwarelbp654cdw_firmwaremf419dw_firmwaremf424dwlbp622cdw_firmwaremf414dw_firmwaremf414dwmf8580cdwlbp251dw_firmwaremf426dw_firmwaremf820cdnmf632cdw_firmwaremf1127clbp215dwmf745cdw_firmwaremf731cdwmf525dw_firmwaremf416dwmf455dwmf451dwir1643imf746cdw_firmwaremf419dwmf449dw_firmwarelbp1238_ii_firmwarelbp236dwmf726cdwlbp251dwmf1643if_ii_firmwarelbp237dwmf1643i_iimf628cdwmf445dw_firmwarelbp664cdw_firmwared1650mf8580cdw_firmwarewg7250mf810cdn_firmwarelbp236dw_firmwarewg7250f_firmwaremf729cdw_firmwarelbp1238_firmware1435p_firmwaremf810cdnmf543dwwg7240_firmwaremf642cdwmf429dwmf452dwmf455dw_firmware1435if_firmwarelbp237dw_firmwarewg7250zmf743cdw_firmwarelbp253dwlbp226dw_firmwarelbp664cdwlbp1238_iiir1643ifir1435i_firmwareimageCLASS MF644Cdw
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-24893
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.80%
||
7 Day CHG~0.00%
Published-25 Jun, 2022 | 06:55
Updated-23 Apr, 2025 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Espressif Bluetooth Mesh Stack Vulnerable to Out-of-bounds Write leading to memory buffer corruption

ESP-IDF is the official development framework for Espressif SoCs. In Espressif’s Bluetooth Mesh SDK (`ESP-BLE-MESH`), a memory corruption vulnerability can be triggered during provisioning, because there is no check for the `SegN` field of the Transaction Start PDU. This can result in memory corruption related attacks and potentially attacker gaining control of the entire system. Patch commits are available on the 4.1, 4.2, 4.3 and 4.4 branches and users are recommended to upgrade. The upgrade is applicable for all applications and users of `ESP-BLE-MESH` component from `ESP-IDF`. As it is implemented in the Bluetooth Mesh stack, there is no workaround for the user to fix the application layer without upgrading the underlying firmware.

Action-Not Available
Vendor-espressifespressif
Product-esp-idfesp-idf
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CVE-2022-24674
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.08% / 23.84%
||
7 Day CHG~0.00%
Published-28 Mar, 2023 | 00:00
Updated-19 Feb, 2025 | 15:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the privet API. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15834.

Action-Not Available
Vendor-Canon Inc.
Product-mf741cdw_firmwaremf735cdw_firmwared1550_firmwaremf6180dwmf641cwmf424dw_firmwaremf1643i_ii_firmwaremf1238_firmwarelbp228dw_firmwaremf543dw_firmwaremf634cdw_firmwaremf1238mf451dw_firmwaremf624cdw_firmwaremf733cdwmf743cdwmf735cdwlbp612cdwmf746cdw1435if\+mf448dwmf448dw_firmwaremf6160dw_firmwaremf644cdw_firmwarelbp1127c_firmwared1650_firmwarewg7250z_firmwaremf632cdw1435if\+_firmwarelbp228dwlbp253dw_firmwaremf445dwlbp227dwmf6160dwmf642cdw_firmwarelbp1238lbp654cdwmf416dw_firmwaremf453dw_firmwaremf1238_ii_firmwarelbp214dwlbp227dw_firmwareir1435imf644cdwd15201435ifwg72401435p\+mf8280cw_firmwarewg7250flbp623cdw_firmware1435i\+_firmware1435pd1520_firmwaremf1643if_iimf641cw_firmwarelbp622cdwd1550mf525dwmf515dwmf729cdwmf733cdw_firmwaremf6180dw_firmwared1620_firmwaremf820cdn_firmwaremf453dwmf634cdwmf452dw_firmwaremf449dwwg7250_firmwarelbp215dw_firmware1435p\+_firmwaremf731cdw_firmwaremf8280cwlbp214dw_firmwarelbp612cdw_firmwaremf741cdwlbp623cdwlbp226dwmf426dwmf745cdwmf515dw_firmwaremf624cdwir1643if_firmware1435i\+mf1238_iimf628cdw_firmwaremf1127c_firmwaremf429dw_firmwarelbp1127cir1643i_firmwared1620mf726cdw_firmwarelbp654cdw_firmwaremf419dw_firmwaremf424dwlbp622cdw_firmwaremf414dw_firmwaremf414dwmf8580cdwlbp251dw_firmwaremf426dw_firmwaremf820cdnmf632cdw_firmwaremf1127clbp215dwmf745cdw_firmwaremf731cdwmf525dw_firmwaremf416dwmf455dwmf451dwir1643imf746cdw_firmwaremf419dwmf449dw_firmwarelbp1238_ii_firmwarelbp236dwmf726cdwlbp251dwmf1643if_ii_firmwarelbp237dwmf1643i_iimf628cdwmf445dw_firmwarelbp664cdw_firmwared1650mf8580cdw_firmwarewg7250mf810cdn_firmwarelbp236dw_firmwarewg7250f_firmwaremf729cdw_firmwarelbp1238_firmware1435p_firmwaremf810cdnmf543dwwg7240_firmwaremf642cdwmf429dwmf452dwmf455dw_firmware1435if_firmwarelbp237dw_firmwarewg7250zmf743cdw_firmwarelbp253dwlbp226dw_firmwarelbp664cdwlbp1238_iiir1643ifir1435i_firmwareimageCLASS MF644Cdw
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-44405
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-2.20% / 84.23%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:13
Updated-12 Mar, 2025 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1325 get_value_of_key Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1325 get_value_of_key Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18824.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1325_firmwaredap-1325DAP-1325dap-1325_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-24672
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.13% / 32.81%
||
7 Day CHG~0.00%
Published-28 Mar, 2023 | 00:00
Updated-19 Feb, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CADM service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15802.

Action-Not Available
Vendor-Canon Inc.
Product-mf741cdw_firmwaremf735cdw_firmwared1550_firmwaremf6180dwmf641cwmf424dw_firmwaremf1643i_ii_firmwaremf1238_firmwarelbp228dw_firmwaremf543dw_firmwaremf634cdw_firmwaremf1238mf451dw_firmwaremf624cdw_firmwaremf733cdwmf743cdwmf735cdwlbp612cdwmf746cdw1435if\+mf448dwmf448dw_firmwaremf6160dw_firmwaremf644cdw_firmwarelbp1127c_firmwared1650_firmwarewg7250z_firmwaremf632cdw1435if\+_firmwarelbp228dwlbp253dw_firmwaremf445dwlbp227dwmf6160dwmf642cdw_firmwarelbp1238lbp654cdwmf416dw_firmwaremf453dw_firmwaremf1238_ii_firmwarelbp214dwlbp227dw_firmwareir1435imf644cdwd15201435ifwg72401435p\+mf8280cw_firmwarewg7250flbp623cdw_firmware1435i\+_firmware1435pd1520_firmwaremf1643if_iimf641cw_firmwarelbp622cdwd1550mf525dwmf515dwmf729cdwmf733cdw_firmwaremf6180dw_firmwared1620_firmwaremf820cdn_firmwaremf453dwmf634cdwmf452dw_firmwaremf449dwwg7250_firmwarelbp215dw_firmware1435p\+_firmwaremf731cdw_firmwaremf8280cwlbp214dw_firmwarelbp612cdw_firmwaremf741cdwlbp623cdwlbp226dwmf426dwmf745cdwmf515dw_firmwaremf624cdwir1643if_firmware1435i\+mf1238_iimf628cdw_firmwaremf1127c_firmwaremf429dw_firmwarelbp1127cir1643i_firmwared1620mf726cdw_firmwarelbp654cdw_firmwaremf419dw_firmwaremf424dwlbp622cdw_firmwaremf414dw_firmwaremf414dwmf8580cdwlbp251dw_firmwaremf426dw_firmwaremf820cdnmf632cdw_firmwaremf1127clbp215dwmf745cdw_firmwaremf731cdwmf525dw_firmwaremf416dwmf455dwmf451dwir1643imf746cdw_firmwaremf419dwmf449dw_firmwarelbp1238_ii_firmwarelbp236dwmf726cdwlbp251dwmf1643if_ii_firmwarelbp237dwmf1643i_iimf628cdwmf445dw_firmwarelbp664cdw_firmwared1650mf8580cdw_firmwarewg7250mf810cdn_firmwarelbp236dw_firmwarewg7250f_firmwaremf729cdw_firmwarelbp1238_firmware1435p_firmwaremf810cdnmf543dwwg7240_firmwaremf642cdwmf429dwmf452dwmf455dw_firmware1435if_firmwarelbp237dw_firmwarewg7250zmf743cdw_firmwarelbp253dwlbp226dw_firmwarelbp664cdwlbp1238_iiir1643ifir1435i_firmwareimageCLASS MF644Cdw
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-23918
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.46% / 63.83%
||
7 Day CHG~0.00%
Published-05 Aug, 2022 | 21:12
Updated-15 Apr, 2025 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the confsrv set_mf_rule functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability leverages the ethAddr field within the protobuf message to cause a buffer overflow.

Action-Not Available
Vendor-TCL
Product-linkhub_mesh_wifi_ac1200LinkHub Mesh Wifi
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-23919
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.46% / 63.83%
||
7 Day CHG~0.00%
Published-05 Aug, 2022 | 21:12
Updated-15 Apr, 2025 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the confsrv set_mf_rule functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability leverages the name field within the protobuf message to cause a buffer overflow.

Action-Not Available
Vendor-TCL
Product-linkhub_mesh_wifi_ac1200LinkHub Mesh Wifi
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-41210
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-2.77% / 85.86%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:12
Updated-12 Mar, 2025 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1325 SetHostIPv6StaticSettings StaticDNS2 Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1325 SetHostIPv6StaticSettings StaticDNS2 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18836.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1325_firmwaredap-1325DAP-1325dap-1325_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-23103
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.46% / 63.83%
||
7 Day CHG~0.00%
Published-05 Aug, 2022 | 21:12
Updated-15 Apr, 2025 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the confsrv confctl_set_app_language functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.

Action-Not Available
Vendor-TCL
Product-linkhub_mesh_wifi_ac1200LinkHub Mesh Wifi
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32144
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.52% / 66.42%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:56
Updated-16 May, 2025 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1360 webproc COMM_MakeCustomMsg Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1360 webproc COMM_MakeCustomMsg Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the /cgi-bin/webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-18454.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1360dap-2020_firmwaredap-1360_firmwaredap-2020DAP-1360dap-1360_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-21767
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-8.8||HIGH
EPSS-0.03% / 9.14%
||
7 Day CHG~0.00%
Published-06 Jul, 2022 | 13:05
Updated-03 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06784430; Issue ID: ALPS06784430.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt8175mt8167androidmt8385mt8362amt8365mt8183MT8167, MT8175, MT8183, MT8362A, MT8365, MT8385
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-9502
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-7.9||HIGH
EPSS-1.41% / 80.34%
||
7 Day CHG~0.00%
Published-03 Feb, 2020 | 21:00
Updated-04 Aug, 2024 | 21:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Broadcom wl driver is vulnerable to heap buffer overflow

The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. If the vendor information element data length is larger than 164 bytes, a heap buffer overflow is triggered in wlc_wpa_plumb_gtk. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.

Action-Not Available
Vendor-Broadcom Inc.Synology, Inc.
Product-bcm4339router_managerbcm4339_firmwareWiFi drivers
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-9501
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-7.9||HIGH
EPSS-2.27% / 84.45%
||
7 Day CHG~0.00%
Published-03 Feb, 2020 | 21:00
Updated-04 Aug, 2024 | 21:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Broadcom wl driver is vulnerable to heap buffer overflow

The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. By supplying a vendor information element with a data length larger than 32 bytes, a heap buffer overflow is triggered in wlc_wpa_sup_eapol. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.

Action-Not Available
Vendor-Broadcom Inc.Synology, Inc.
Product-bcm4339router_managerbcm4339_firmwareWiFi drivers
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-21768
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-8.8||HIGH
EPSS-0.03% / 9.14%
||
7 Day CHG~0.00%
Published-06 Jul, 2022 | 13:05
Updated-03 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06784351; Issue ID: ALPS06784351.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt8175mt8167smt8385androidmt8362amt8365mt8183MT8167S, MT8175, MT8183, MT8362A, MT8365, MT8385
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-21201
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.12% / 31.36%
||
7 Day CHG~0.00%
Published-05 Aug, 2022 | 21:11
Updated-15 Apr, 2025 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the confers ucloud_add_node_new functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.

Action-Not Available
Vendor-TCL
Product-linkhub_mesh_wifi_ac1200LinkHub Mesh Wifi
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-51635
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.01% / 76.87%
||
7 Day CHG~0.00%
Published-22 Nov, 2024 | 20:04
Updated-03 Jan, 2025 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR RAX30 fing_dil Stack-based Buffer Overflow Remote Code Execution Vulnerability

NETGEAR RAX30 fing_dil Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within fing_dil service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19843.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rax30_firmwarerax30RAX30rax30_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-27369
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.05% / 16.43%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:56
Updated-03 Jan, 2025 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability

NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30. Authentication is not required to exploit this vulnerability. The specific flaw exists within the soap_serverd binary. When parsing the request headers, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19840.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rax30_firmwarerax30RAX30rax30
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5998
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.33% / 55.20%
||
7 Day CHG~0.00%
Published-06 Aug, 2019 | 18:41
Updated-04 Aug, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III firmware version 1.3.5 and earlier, EOS 5D MARK IV firmware version 1.2.0 and earlier, EOS 5DS firmware version 1.1.2 and earlier, EOS 5DS R firmware version 1.1.2 and earlier, EOS 6D firmware version 1.1.8 and earlier, EOS 6D MARK II firmware version 1.0.4 and earlier, EOS 7D MARK II firmware version 1.1.2 and earlier, EOS 70 D firmware version 1.1.2 and earlier, EOS 80 D firmware version 1.0.2 and earlier, EOS KISS X7I / EOS D REBEL T5I / EOS 700D firmware version 1.1.5 and earlier, EOS KISS X8I / EOS D REBEL T6I / EOS 750D firmware version 1.0.0 and earlier, EOS KISS X9I / EOS D REBEL T7I / EOS 800D firmware version 1.0.1 and earlier, EOS KISS X7 / EOS D REBEL SL1 / EOS 100D firmware version 1.0.1 and earlier, EOS KISS X9 / EOS D REBEL SL2 / EOS 200D firmware version 1.0.1 and earlier, EOS KISS X10 / EOS D REBEL SL3 / EOS 200D / EOS 250D firmware version 1.0.1 and earlier, EOS 8000D / EOS D REBEL T6S / EOS 760D firmware version 1.0.0 and earlier, EOS 9000D / EOS 77D firmware version 1.0.2 and earlier, EOS KISS X70 / EOS D REBEL T5 / EOS 1200D firmware version 1.0.2 and earlier, EOS D REBEL T5 RE / EOS 1200D MG / EOS HI firmware version 1.0.2 and earlier, EOS KISS X80 / EOS D REBEL T6 / EOS 1300D firmware version 1.1.0 and earlier, EOS KISS X90 / EOS D REBEL T7 / EOS 1500D / EOS 2000D firmware version 1.0.0 and earlier, EOS D REBEL T100 / EOS 3000D / EOS 4000D firmware version 1.0.0 and earlier, EOS R firmware version 1.3.0 and earlier, EOS RP firmware version 1.2.0 and earlier, EOS RP GOLD firmware version 1.2.0 and earlier, EOS M2 firmware version 1.0.3 and earlier, EOS M3 firmware version 1.2.0 and earlier, EOS M5 firmware version 1.0.1 and earlier, EOS M6 firmware version 1.0.1 and earlier, EOS M6(China) firmware version 5.0.0 and earlier, EOS M10 firmware version 1.1.0 and earlier, EOS M100 firmware version 1.0.0 and earlier, EOS KISS M / EOS M50 firmware version 1.0.2 and earlier) and PowerShot SX740 HS firmware version 1.0.1 and earlier, PowerShot SX70 HS firmware version 1.1.0 and earlier, and PowerShot G5Xmark II firmware version 1.0.1 and earlier allows an attacker on the same network segment to trigger the affected product being unresponsive or to execute arbitrary code on the affected product via notifybtstatus command.

Action-Not Available
Vendor-Canon Inc.
Product-powershot_g5xmark_iieos_5d_mark_iveos_d_rebel_sl1eos_200deos_kiss_x90_firmwareeos_d_rebel_t6s_firmwareeos_rp_goldeos_7d_mark_iieos_750d_firmwareeos_250d_firmwareeos_m2eos_m5eos_d_rebel_sl2eos_kiss_x9ieos_d_rebel_t5_firmwareeos_r_firmwareeos_80deos-1d_x_mkiieos_m10_firmwareeos_250deos_1500d_firmwareeos_kiss_x9eos_m10eos_d_rebel_t6i_firmwareeos_2000deos_1300deos_d_rebel_t7i_firmwareeos_hi_firmwareeos_kiss_meos_1200d_mg_firmwareeos_d_rebel_t5_reeos_rpeos_kiss_x70_firmwareeos_kiss_x7_firmwareeos-1d_xeos_6deos_d_rebel_sl2_firmwareeos_m5_firmwareeos_m50eos_5ds_reos_kiss_x80eos_7d_mark_ii_firmwareeos_hieos_5ds_firmwareeos_760deos_d_rebel_sl3_firmwareeos_1200deos_d_rebel_t7eos_4000d_firmwareeos_8000d_firmwareeos_1300d_firmwareeos-1d_ceos_6d_firmwareeos_8000deos_d_rebel_t5ieos_kiss_x7ieos_kiss_x70eos_kiss_m_firmwareeos_6d_mark_iieos_kiss_x10eos_800deos_70deos_700deos_d_rebel_t100_firmwareeos_750deos_d_rebel_t6seos_m50_firmwareeos-1d_c_firmwareeos_d_rebel_t5eos_m100eos_d_rebel_t100eos_77dpowershot_sx740_hseos_1200d_firmwareeos_100d_firmwareeos_kiss_x80_firmwareeos_d_rebel_t5i_firmwareeos_kiss_x7eos_200d_firmwareeos_3000d_firmwareeos_kiss_x8ieos_5d_mark_iii_firmwarepowershot_g5xmark_ii_firmwareeos_m3_firmwareeos_m6\(china\)eos_kiss_x9_firmwareeos_m6_firmwareeos_kiss_x8i_firmwareeos_5ds_r_firmwareeos_3000deos_kiss_x7i_firmwareeos_kiss_x9i_firmwareeos_rp_gold_firmwarepowershot_sx740_hs_firmwareeos_d_rebel_t5_re_firmwareeos_760d_firmwareeos_5d_mark_iv_firmwareeos_m6\(china\)_firmwareeos_rp_firmwareeos_700d_firmwareeos_2000d_firmwareeos_d_rebel_sl3eos_m3eos_1500deos_d_rebel_t7_firmwareeos_6d_mark_ii_firmwareeos_100deos_d_rebel_sl1_firmwareeos_1200d_mgeos_kiss_x90eos_800d_firmwareeos_5dseos-1d_x_mkii_firmwareeos-1d_x_firmwareeos_d_rebel_t6_firmwareeos_9000d_firmwareeos_d_rebel_t6eos_reos_d_rebel_t7ipowershot_sx70_hseos_m6eos_m2_firmwareeos_kiss_x10_firmwarepowershot_sx70_hs_firmwareeos_9000deos_80d_firmwareeos_77d_firmwareeos_m100_firmwareeos_5d_mark_iiieos_4000deos_70d_firmwareeos_d_rebel_t6iEOS series digital cameras, PowerShot SX740 HS, PowerShot SX70 HS, and PowerShot G5XmarkⅡ
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-20684
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.65% / 70.57%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 14:16
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6200 before 1.1.00.32, D7000 before 1.0.1.68, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6050 before 1.0.1.18, R6080 before 1.0.0.38, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.40, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, WNR2020 before 1.1.0.62, and XR500 before 2.3.2.32.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wnr2020_firmwared6000_firmwarer6120wnr2020r6220_firmwarepr2000r6080_firmwarer6120_firmwared3600_firmwarer6800r6050pr2000_firmwarer6260_firmwarer6260r6220r6020d3600xr500_firmwarer6020_firmwarexr500d7000r6080d7000_firmwarer6700d6000r6900d6200_firmwarer6900_firmwarer6050_firmwared6200jr6150_firmwarejr6150r6700_firmwarer6800_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-2009
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.8||HIGH
EPSS-0.16% / 37.06%
||
7 Day CHG-0.52%
Published-19 Jun, 2019 | 19:57
Updated-04 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-120665616

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-3538
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-2.40% / 84.84%
||
7 Day CHG~0.00%
Published-13 Apr, 2025 | 18:31
Updated-16 Jul, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DI-8100 jhttpd auth.asp auth_asp stack-based overflow

A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been rated as critical. This issue affects the function auth_asp of the file /auth.asp of the component jhttpd. The manipulation of the argument callback leads to stack-based buffer overflow. The attack needs to be approached within the local network. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-D-Link Corporation
Product-di-8100di-8100_firmwareDI-8100
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-35725
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-2.20% / 84.23%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:57
Updated-13 May, 2025 | 13:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-2622 DDP User Verification Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP User Verification Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20052.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-2622dap-2622_firmwareDAP-2622dap_2622_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found