Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-21905

Summary
Assigner-talos
Assigner Org ID-b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b
Published At-22 Dec, 2021 | 18:06
Updated At-03 Aug, 2024 | 18:30
Rejected At-
Credits

Stack-based buffer overflow vulnerability exists in how the CMA readfile function of Garrett Metal Detectors iC Module CMA Version 5.0 is used at various locations. The Garrett iC Module exposes an authenticated CLI over TCP port 6877. This interface is used by a secondary GUI client, called “CMA Connect”, to interact with the iC Module on behalf of the user. After a client successfully authenticates, they can send plaintext commands to manipulate the device.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:talos
Assigner Org ID:b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b
Published At:22 Dec, 2021 | 18:06
Updated At:03 Aug, 2024 | 18:30
Rejected At:
▼CVE Numbering Authority (CNA)

Stack-based buffer overflow vulnerability exists in how the CMA readfile function of Garrett Metal Detectors iC Module CMA Version 5.0 is used at various locations. The Garrett iC Module exposes an authenticated CLI over TCP port 6877. This interface is used by a secondary GUI client, called “CMA Connect”, to interact with the iC Module on behalf of the user. After a client successfully authenticates, they can send plaintext commands to manipulate the device.

Affected Products
Vendor
n/a
Product
Garrett Metal Detectors
Versions
Affected
  • Garrett Metal Detectors iC Module CMA Version 5.0
Problem Types
TypeCWE IDDescription
CWECWE-121CWE-121: Stack-based Buffer Overflow
Type: CWE
CWE ID: CWE-121
Description: CWE-121: Stack-based Buffer Overflow
Metrics
VersionBase scoreBase severityVector
3.08.2HIGH
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Version: 3.0
Base score: 8.2
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1357
x_refsource_MISC
Hyperlink: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1357
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1357
x_refsource_MISC
x_transferred
Hyperlink: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1357
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:talos-cna@cisco.com
Published At:22 Dec, 2021 | 19:15
Updated At:31 Aug, 2022 | 19:12

Stack-based buffer overflow vulnerability exists in how the CMA readfile function of Garrett Metal Detectors iC Module CMA Version 5.0 is used at various locations. The Garrett iC Module exposes an authenticated CLI over TCP port 6877. This interface is used by a secondary GUI client, called “CMA Connect”, to interact with the iC Module on behalf of the user. After a client successfully authenticates, they can send plaintext commands to manipulate the device.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.2HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Secondary3.08.2HIGH
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Primary2.08.5HIGH
AV:N/AC:M/Au:S/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.0
Base score: 8.2
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 8.5
Base severity: HIGH
Vector:
AV:N/AC:M/Au:S/C:C/I:C/A:C
CPE Matches
garrett
garrett
>>ic_module_cma>>5.0
cpe:2.3:o:garrett:ic_module_cma:5.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE-121Secondarytalos-cna@cisco.com
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-121
Type: Secondary
Source: talos-cna@cisco.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1357talos-cna@cisco.com
Exploit
Third Party Advisory
Hyperlink: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1357
Source: talos-cna@cisco.com
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

381Records found
CVE-2023-25111
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.29% / 52.99%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the key variable.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25115
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.27% / 51.07%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the remote_ip and the port variables.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25086
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.19% / 40.71%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and dport variables.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25124
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.29% / 52.99%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the remote_subnet and the remote_mask variables.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25122
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.30% / 54.09%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the old_remote_subnet and the old_remote_mask variables.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25106
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.30% / 54.09%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the local_virtual_ip and the local_virtual_mask variables.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25101
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.29% / 52.99%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_dmvpn function with the gre_key variable.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25099
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.26% / 50.02%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the dest variable.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25096
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.29% / 52.99%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the rule_name variable with two possible format strings.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25089
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.30% / 54.09%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface variable when in_acl is -1.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25105
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.26% / 50.02%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_ike_profile function with the secrets_remote variable.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25097
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.29% / 52.99%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the attach_class variable.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25090
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.29% / 52.99%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface and in_acl variables.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25121
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.29% / 52.99%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_ike_profile function with the secrets_local variable.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25103
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.29% / 52.99%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_dmvpn function with the gre_ip and the gre_mask variables.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25092
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.30% / 54.09%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface and out_acl variables.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25116
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.27% / 51.07%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the local_virtual_ip and the remote_virtual_ip variables.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25112
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.26% / 50.02%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_l2tp function with the remote_subnet and the remote_mask variables.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25107
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.30% / 54.09%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the remote_subnet and the remote_mask variables.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25088
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.29% / 52.99%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and description variables.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25083
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.18% / 39.81%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the ip and mac variables.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25123
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.29% / 52.99%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the remote_subnet and the remote_mask variables when action is 2.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25114
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.30% / 54.09%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the expert_options variable.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25093
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.29% / 52.99%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the class_name variable..

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25095
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.30% / 54.09%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the rule_name variable with two possible format strings that represent negated commands.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25085
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.18% / 39.81%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and to_dst variables.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25081
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.19% / 40.71%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the src and dmz variables.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25113
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.26% / 50.02%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_l2tp function with the key variable.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25082
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.19% / 40.71%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the old_ip and old_mac variables.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25098
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.30% / 54.09%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the source variable.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25094
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.29% / 52.99%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the into_class_node function with either the class_name or old_class_name variable.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25117
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-0.29% / 52.99%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 14:53
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the local_virtual_ip and the local_virtual_mask variables.

Action-Not Available
Vendor-Milesight
Product-ur32l_firmwareur32lUR32Lur32l
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-33546
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.2||HIGH
EPSS-19.31% / 95.53%
||
7 Day CHG~0.00%
Published-13 Sep, 2021 | 17:55
Updated-17 Sep, 2024 | 04:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
UDP Technology/Geutebrück camera devices: Buffer overflow in name parameter leading to RCE

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the name parameter, which may allow an attacker to remotely execute arbitrary code.

Action-Not Available
Vendor-geutebrueckGeutebrück
Product-g-cam_ethc-2249g-cam_ethc-2230_firmwareg-cam_efd-2251_firmwareg-code_eec-2400g-code_een-2010_firmwareg-code_een-2040_firmwareg-cam_ebc-2112_firmwareg-cam_ethc-2230g-code_een-2010g-cam_ewpc-2270_firmwareg-code_een-2040g-cam_ethc-2240_firmwareg-cam_ebc-2112g-cam_ewpc-2275g-cam_ewpc-2271_firmwareg-cam_ewpc-2271g-cam_ethc-2239g-cam_efd-2250g-cam_efd-2251g-cam_ebc-2111g-cam_ebc-2110g-cam_ebc-2111_firmwareg-cam_ethc-2249_firmwareg-cam_ethc-2240g-cam_efd-2250_firmwareg-cam_ethc-2239_firmwareg-cam_ebc-2110_firmwareg-code_eec-2400_firmwareg-cam_ewpc-2270g-cam_efd-2241g-cam_efd-2241_firmwareg-cam_ewpc-2275_firmwareEncoder G-CodeE2 Series
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2021-33547
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.2||HIGH
EPSS-19.31% / 95.53%
||
7 Day CHG~0.00%
Published-13 Sep, 2021 | 17:55
Updated-17 Sep, 2024 | 02:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
UDP Technology/Geutebrück camera devices: Buffer overflow in profile parameter leading to RCE

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the profile parameter which may allow an attacker to remotely execute arbitrary code.

Action-Not Available
Vendor-geutebrueckGeutebrück
Product-g-cam_ethc-2249g-cam_ethc-2230_firmwareg-cam_efd-2251_firmwareg-code_eec-2400g-code_een-2010_firmwareg-code_een-2040_firmwareg-cam_ebc-2112_firmwareg-cam_ethc-2230g-code_een-2010g-cam_ewpc-2270_firmwareg-code_een-2040g-cam_ethc-2240_firmwareg-cam_ebc-2112g-cam_ewpc-2275g-cam_ewpc-2271_firmwareg-cam_ewpc-2271g-cam_ethc-2239g-cam_efd-2250g-cam_efd-2251g-cam_ebc-2111g-cam_ebc-2110g-cam_ebc-2111_firmwareg-cam_ethc-2249_firmwareg-cam_ethc-2240g-cam_efd-2250_firmwareg-cam_ethc-2239_firmwareg-cam_ebc-2110_firmwareg-code_eec-2400_firmwareg-cam_ewpc-2270g-cam_efd-2241g-cam_efd-2241_firmwareg-cam_ewpc-2275_firmwareEncoder G-CodeE2 Series
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2021-33549
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.2||HIGH
EPSS-88.73% / 99.53%
||
7 Day CHG~0.00%
Published-13 Sep, 2021 | 17:55
Updated-17 Sep, 2024 | 00:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
UDP Technology/Geutebrück camera devices: Buffer overflow in action parameter leading to RCE

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the action parameter, which may allow an attacker to remotely execute arbitrary code.

Action-Not Available
Vendor-geutebrueckGeutebrück
Product-g-cam_ethc-2249g-cam_ethc-2230_firmwareg-cam_efd-2251_firmwareg-code_eec-2400g-code_een-2010_firmwareg-code_een-2040_firmwareg-cam_ebc-2112_firmwareg-cam_ethc-2230g-code_een-2010g-cam_ewpc-2270_firmwareg-code_een-2040g-cam_ethc-2240_firmwareg-cam_ebc-2112g-cam_ewpc-2275g-cam_ewpc-2271_firmwareg-cam_ewpc-2271g-cam_ethc-2239g-cam_efd-2250g-cam_efd-2251g-cam_ebc-2111g-cam_ebc-2110g-cam_ebc-2111_firmwareg-cam_ethc-2249_firmwareg-cam_ethc-2240g-cam_efd-2250_firmwareg-cam_ethc-2239_firmwareg-cam_ebc-2110_firmwareg-code_eec-2400_firmwareg-cam_ewpc-2270g-cam_efd-2241g-cam_efd-2241_firmwareg-cam_ewpc-2275_firmwareEncoder G-CodeE2 Series
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-1547
Matching Score-4
Assigner-WatchGuard Technologies, Inc.
ShareView Details
Matching Score-4
Assigner-WatchGuard Technologies, Inc.
CVSS Score-7.5||HIGH
EPSS-0.03% / 10.83%
||
7 Day CHG~0.00%
Published-04 Dec, 2025 | 22:11
Updated-26 Feb, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WatchGuard Firebox Authenticated Stack Overflow in Certificate Request Command

A stack-based buffer overflow vulnerability [CWE-121] in WatchGuard Fireware OS's certificate request command could allow an authenticated privileged user to execute arbitrary code via specially crafted CLI commands.This issue affects Fireware OS: from 12.0 through 12.5.12+701324, from 12.6 through 12.11.2.

Action-Not Available
Vendor-WatchGuard Technologies, Inc.
Product-firebox_m390firebox_t35firebox_nv5firebox_m5800firebox_m570firewarefirebox_m370firebox_t70firebox_m670firebox_m270fireboxcloudfirebox_t15firebox_m690firebox_t55firebox_t40firebox_m440firebox_m4600firebox_m470firebox_m5600firebox_t80firebox_t20firebox_m4800firebox_m290fireboxvfirebox_m590firebox_t45firebox_t25firebox_t85Fireware OS
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-52547
Matching Score-4
Assigner-Rapid7, Inc.
ShareView Details
Matching Score-4
Assigner-Rapid7, Inc.
CVSS Score-7.2||HIGH
EPSS-0.48% / 65.68%
||
7 Day CHG-0.07%
Published-03 Dec, 2024 | 17:25
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Lorex 2K Indoor Wi-Fi Security Camera - Stack buffer overflow

An authenticated attacker can trigger a stack based buffer overflow in the DHIP Service (TCP port 80). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.

Action-Not Available
Vendor-Lorexlorextechnology
Product-2K Indoor Wi-Fi Security Cameraw461asc-e_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-15179
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.6||HIGH
EPSS-0.15% / 35.80%
||
7 Day CHG+0.04%
Published-29 Dec, 2025 | 08:02
Updated-24 Feb, 2026 | 06:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda WH450 qossetting stack-based overflow

A vulnerability was determined in Tenda WH450 1.0.0.18. Impacted is an unknown function of the file /goform/qossetting. This manipulation of the argument page causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-wh450_firmwarewh450WH450
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2023-21054
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.2||HIGH
EPSS-0.48% / 65.88%
||
7 Day CHG~0.00%
Published-24 Mar, 2023 | 00:00
Updated-21 Feb, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In EUTRAN_LCS_ConvertLCS_MOLRReq of LPP_CommonUtil.c, there is a possible out of bounds write due to a logic error in the code. This could lead to remote code execution with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-244556535References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-51979
Matching Score-4
Assigner-Rapid7, Inc.
ShareView Details
Matching Score-4
Assigner-Rapid7, Inc.
CVSS Score-7.2||HIGH
EPSS-2.32% / 85.20%
||
7 Day CHG~0.00%
Published-25 Jun, 2025 | 07:20
Updated-07 Apr, 2026 | 05:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated stack based buffer overflow affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, Ricoh, and Konica Minolta, Inc.

An authenticated attacker may trigger a stack based buffer overflow by performing a malformed request to either the HTTP service (TCP port 80), the HTTPS service (TCP port 443), or the IPP service (TCP port 631). The malformed request will contain an empty Origin header value and a malformed Referer header value. The Referer header value will trigger a stack based buffer overflow when the host value in the Referer header is processed and is greater than 64 bytes in length.

Action-Not Available
Vendor-FUJIFILM Business InnovationBrother Industries, LtdKonica Minolta, Inc.Ricoh Company, Ltd.
Product-HL-L5212DNHL-L5200DWHL-L5200DWTMFC-L3720CDWDCP-L2550DW (Japan)DCP-T583DWMFC-L3780CDWHL-L5210DWTMFC-J4535DW(XL)MFC-J1260WMFC-J4340DWEHL-B2080DWMFC-L2860DWEDCP-L3520CDWDCP-J914NMFC-L5800DWDCP-L2530DWMFC-L6950DWHL-B2100DBHL-B2180DWMFC-J1010DWHL-L5215DNHL-L5210DNDCP-L5510DNDCP-J973N W/BMFC-L2751DWbizhub 4000iMFC-J6995CDWRJ-2150DCP-J928N-W/BDCP-L2550DW (Taiwan)MFC-J5340DWEDCP-B7530DNMFC-L6902DWMFC-L3755CDWMFC-J908NMFC-J2340DWDCP-J4143NHL-L6300DWDCP-C1210NMFC-L2900DWDCP-T780DWDCP-L2537DWMFC-L2860DW (Japan)MFC-L3780CDW (Japan)DCP-L2600DWHL-L1232WDCP-L2605DWMFC-L6915DWHL-B2158WMFC-J5345DWDocuPrint M288 zMFC-J1360DWRJ-3250WBDCP-T226MFC-J738DNTD-4420DNDCP-L2647DWDCP-L2625DWDCP-T580DWDCP-B7650DWMFC-J6555DWMFC-L2730DWRMFC-J904NMFC-T810W(China)SP 230DNwDCP-B7628DWHL-L2385DWMFC-J738DWNRJ-2140MFC-L2880DWHL-L3270CDWMFC-L2820DWXLHL-L6400DWGDCP-L1632WMFC-L2760DWHL-L1230WHL-5595DNDCP-T835DWDCP-J1360DWDCP-J973N-W/BMFC-EX915DWMFC-L5710DWMFC-EX670WDCP-L2550DNRHL-L5218DNMFC-L3770CDWDCP-T725DWDCP-J1700DWDCP-L2531DWMFC-J1300DWMFC-L2765DWDocuPrint P275 dwDCP-L2530DWRMFC-L8610CDW (Japan)DocuPrint M235 dwHL-L2370DNRMFC-L2880DW (Japan)MFC-J6947DWHL-L9410CDNMFC-L2862DWMFC-L6910DNDCP-B7608WDCP-B7640DWDCP-T820DWSP-1 (Japan)DCP-L1638WMFC-L2750DW (Japan)MFC-L9577CDWDCP-T436WHL-L2460DWXLDCP-L2535DWMFC-L5750DWDCP-B7620DWMFC-J4550DWM 340WMFC-J6955DWDCP-B7640DW (Asia)HL-L6410DNMFC-L2802DWMFC-J7700CDWDocuPrint M285 zDCP-J988NDCP-L5660DNMFC-L6750DWHL-L5212DWPJ-773DCP-B7600DDCP-L1848WMFC-L3760CDWDCP-J1100DWMFC-J4555DWADS-3000NHL-L1238WPJ-883MFC-J805DWXLHL-L6210DWTDCP-B7535DW (China)DCP-B7600DBMFC-J815DWXLDocuPrint P235 dDCP-L2660DW (Japan)DCP-J1200W(XL)DCP-7190DWDCP-L2552DNHL-J6000DWMFC-J6999CDWMFC-L5715DWMFC-L9670CDNDCP-T426WHL-B2050DNMFC-J497DWDCP-B7520DWMFC-J7600CDWHL-L6310DWMFC-L2717DWDCP-L2627DWRJ-4250WBDCP-J772DWMFC-L3750CDWHL-3190CDWHL-L5202DWDCP-J929N W/BMFC-J1170DWMFC-L3768CDWHL-L2425DWMFC-L9570CDW (Japan)DocuPrint M375 dfMFC-T930DWDCP-J978N-W/BPT-P950NWMFC-J898NDCP-J1140DWDCP-T236MFC-L5915DWMFC-L6702DWHL-JF1DCP-J529NHL-L5050DNMFC-L2730DNHL-L2440DWHL-L2460DWDCP-T220HL-T4000DWMFC-J4950DNDCP-L2550DNMFC-L5900DWMFC-L2710DWMFC-J6530DWMFC-L2885DWHL-B2150WHL-L2460DNHL-L2351DWMFC-L2710DNRDCP-L2648DWDCP-T439WDCP-J582NDCP-T720DWHL-2595DWMFC-L6912DWMFC-J6957DWFAX-L2800DWMFC-L2800DWMFC-7895DWDocuPrint M378 dDCP-J526NMFC-B7811DWPT-P900WMFC-T810WDCP-J1270NMFC-L2712DWDCP-J1203NMFC-J1410DWMFC-L3745CDWTD-2350DMFC-J926N-WBMFC-L2807DWMFC-J742DNHL-L2350DWRDCP-L2508DWMFC-L3765CDWMFC-B7800DNDCP-J1260WDCP-T735DWDCP-L2551DWHL-L6402DWMFC-L5912DWMFC-L6710DWHL-L2464DWMFC-L2750DWRMFC-L5755DW (Japan)MFC-L2732DWTD-4550DNWBMFC-T925DWDCP-L5610DNMFC-L6700DWTD-2130NMFC-L9610CDNHL-L2420DWHL-J7010CDWHL-EX470WHL-L2445DWMFC-L8610CDWMFC-J6540DWEMFC-L2710DNMFC-L2820DWDCP-L3550CDWMFC-L2960DWDCP-T425WMFC-J6983CDWDCP-C421WTD-2135NWBSADocuPrint P378 dDCP-B7638DNDCP-J916NSP 230SFNwMFC-J943DNDCP-J972NHL-L5102DWMFC-L2922DWHL-L5215DWDCP-L2600DDCP-L2532DWMFC-J1800DW (USA)MFC-J6945DWDocuPrint P288 dwMFC-L3770CDW (Japan)DCP-L3528CDWMFC-L2886DWMFC-J5730DWMFC-L2750DWXLDCP-L8410CDWDCP-L3515CDWMFC-J895DWHL-L5100DNTQL-820NWBDocuPrint P285 dwMFC-J6580CDWDCP-L2627DWXLHL-L8360CDWHL-L6202DWDCP-J982N W/BMFC-J2730DWHL-L2371DNMFC-J739DNMFC-8540DNHL-L8240CDWHL-EX415DWMFC-L6970DWDCP-B7558WMFC-L6900DWGHL-L2465DWHL-B2188DWMFC-J1605DNMFC-J5830DWHL-L2400DWEMFC-L2806DWMFC-J3540DWMFC-J4355DWFAX-L2710DNDCP-B7648DWMFC-8530DNMFC-J5930DWHL-L2461DNDCP-T525WMFC-J6959DWADS-3600WHL-L6415DWMFC-J739DWNMFC-L9635CDNRJ-2050HL-L8360CDWTDCP-L2627DWEMFC-J7300CDWHL-L6210DWDCP-J587NMFC-J5800CDWMFC-L2861DWHL-L2467DWDCP-T230HL-L2447DWMFC-J5855DWMFC-J1012DWMFC-J491DWHL-3160CDWMFC-J6535DWMFC-J903NDCP-L5510DWMFC-T580DWHL-L2350DWDCP-J987N-W/BHL-L2480DWMFC-L2880DWXLHL-L3288CDWMFC-L2805DWDocuPrint M275 zMFC-J1205W(XL)DCP-T825DWDCP-T830DWMFC-L2900DWXLMFC-J7500CDWMFC-L3740CDWHL-L3228CDWHL-J6100DWDCP-9030CDNMFC-J6935DWDCP-J4543NMFC-L5700DWMFC-J5845DW(XL)HL-L6450DWHL-L5100DNDCP-J987N W/BHL-L2325DWDCP-T535DWDCP-L3551CDWHL-L3280CDWMFC-J890DWMFC-L5710DNHL-L9430CDNDCP-L6600DWHL-L5210DN (Japan)MFC-B7720DNMFC-L2750DWMFC-J6940DWDCP-L3520CDWEHL-L2370DNHL-L3230CDWDocuPrint M375 zDCP-L5600DNDCP-J982N-W/BMFC-J4350DWDocuPrint M385 zDocuPrint M235 zDCP-J572DWMFC-EX910MFC-J4335DW(XL)ADS-2800WMFC-L5700DNDCP-T710W(China)DCP-L5518DNMFC-L6820DWMFC-L3730CDNHL-L6300DWTMFC-J6930DWHL-L5210DWbizhub 4020iMFC-L5902DWDocuPrint P378 dwMFC-T980DWMFC-L2715DWHL-L2370DWDCP-L2660DWMFC-L2713DWHL-B2180DWBMFC-J3930DWMFC-J6555DWXLMFC-L6915DNMFC-B7715DWHL-L6250DNMFC-T920DWMFC-J2330DWMFC-J939DNMFC-L3710CDWDCP-L2551DNMFC-L8900CDWTD-2135NWBHL-L3215CWMFC-J5630CDWMFC-L2920DWHL-L3290CDWMFC-L2827DWXLDCP-T710WQL-1115NWBDCP-L5650DNMFC-L5710DW (Japan)DCP-L5662DNMFC-J4440NDocuPrint P385 dwMFC-J7100CDWDCP-J4140NHL-L2370DWXLHL-L2372DNDCP-B7658DWDCP-L5502DNMFC-L2716DWMFC-J805DWMFC-L2690DWMFC-J6730DWDCP-7190DNMFC-L2980DWDCP-J774DWMFC-L8690CDWMFC-J1800DW (Europe)DCP-J4250NDocuPrint M288 dwDCP-J1200WEMFC-L6810DWMFC-L6720DWMFC-J5335DWDocuPrint M378 dfDCP-L2620DWMFC-L2835DWMFC-9350CDWHL-L2865DWDCP-J915NMFC-T4500DWMFC-J4540NQL-820NWBcMFC-EX670DocuPrint P360 dwDCP-L5652DNDCP-J528NDCP-T225DCP-L5512DNDCP-T520WMFC-J3530DWMFC-L5718DNDCP-L2622DWHL-L2395DWMFC-J995DWXLHL-L8260CDNHL-L9470CDNHL-L6400DWTDCP-7090DWMFC-L6900DW (Japan)HL-L2386DWHL-L6418DWDCP-L2640DWHL-L2400DWMFC-L5717DWHL-L3220CWDCP-B7548WHL-L6200DWMFC-L5728DWMFC-J690DWHL-L5210DW (Japan)HL-L1808WHL-L8245CDWMFC-L5702DWHL-5590DNMFC-J998DWNHL-2590DNDCP-L2535DW (China)MFC-L6800DWDCP-L2640DNHL-L6250DWHL-L6415DNPT-P750WMFC-J5855DWXLMFC-J4540DW(XL)RJ-3150MFC-J5330DWMFC-J3940DWHL-L2375DWHL-L2352DWMFC-J6583CDWDCP-L3568CDWMFC-L2827DWMFC-J4345DWXLP 201WDocuPrint P388 dwMFC-L2712DNMFC-L8340CDWDCP-T430WMFC-J6980CDWMFC-L2770DWMFC-T780DWMFC-L3740CDWETD-2135NDCP-J978N W/BMFC-J5340DWDCP-J1460DWHL-L8260CDWHL-L3295CDWDCP-T510WDCP-J572NMFC-L2715DW (Taiwan/Korea/Hong Kong)HL-L2376DWDCP-J1310DWMFC-J742DWNDocuPrint P375 dDCP-T536DWDCP-T510W(China)DCP-L3517CDWMFC-L5802DWDCP-L5500DNHL-L6217DWMFC-J6740DWMFC-J1500NDCP-T530DWDCP-B7578DWMFC-7890DNHL-L3240CDWM 340FWMFC-J6997CDWMFC-J893NTD-2320DTD-2350DSAMFC-J6540DWHL-J6000CDWDCP-T428WMFC-L2805DW (Asia)TD-2135NSAHL-L5228DWMFC-L9630CDNMFC-B7810DWHL-L6412DWHL-L8230CDWDCP-L5602DNDCP-T420WRJ-3050HL-L2357DWDCP-L2628DWDCP-J1313DWDCP-L1630WDCP-B7520DW (China)MFC-T910DWMFC-J4443NMFC-L3735CDNMFC-J5955DWDCP-T730DWHL-J6010DWDCP-L2518DWMFC-L2817DWDCP-L3510CDWHL-L3220CWEDCP-B7620DWBHL-L2405WHL-L2390DWDCP-T238MFC-L6900DWDCP-L3560CDWDCP-7195DWHL-L6415DWTDocuPrint P375 dwMFC-T935DWHL-B2100DTD-2130NSAMFC-J998DNMFC-L2771DWHL-L2475DWMFC-L5850DWHL-L6310DW (Japan)DCP-L2550DWMFC-L2710DWRDCP-L2680DWHL-5595DNHMFC-L9570CDWDCP-J1200NMFC-J5945DWMFC-J1215WDCP-L2665DWMFC-J1365DWMFC-J5740DWDCP-L2548DWMFC-B7810DWBMFC-J4340DW(XL)MFC-J4450NDCP-B7535DWHL-L3300CDWMFC-L8395CDWMFC-J939DWNHL-L9310CDWDCP-L3555CDWbizhub 5000iMFC-9150CDNMFC-L5715DNDCP-J981NADS-2400NDCP-L2550DW (China)DCP-J1050DWDCP-T435WHL-B2181DWDCP-J1800NDCP-J577NMFC-L8390CDWHL-L3230CDNHL-L6200DWTMFC-J4940DNHL-L3220CDWHL-L3210CWMFC-J2740DWTD-2320DSAMFC-L2802DNHL-L6400DWMFC-L2860DWSP-1MFC-J943DWNMFC-L2730DWMFC-L5755DWHL-L2375DWRMFC-J995DWbizhub 5020iMFC-J905NDCP-B7640DWBMFC-J4440DW
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-15180
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.6||HIGH
EPSS-0.14% / 33.66%
||
7 Day CHG+0.04%
Published-29 Dec, 2025 | 08:32
Updated-24 Feb, 2026 | 06:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda WH450 HTTP Request webExcptypemanFilte stack-based overflow

A vulnerability was identified in Tenda WH450 1.0.0.18. The affected element is an unknown function of the file /goform/webExcptypemanFilte of the component HTTP Request Handler. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit is publicly available and might be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-wh450_firmwarewh450WH450
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-15178
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.6||HIGH
EPSS-0.48% / 65.66%
||
7 Day CHG+0.14%
Published-29 Dec, 2025 | 07:32
Updated-24 Feb, 2026 | 06:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda WH450 HTTP Request VirtualSer stack-based overflow

A vulnerability was found in Tenda WH450 1.0.0.18. This issue affects some unknown processing of the file /goform/VirtualSer of the component HTTP Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-wh450_firmwarewh450WH450
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-15160
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.6||HIGH
EPSS-0.07% / 20.85%
||
7 Day CHG+0.02%
Published-28 Dec, 2025 | 22:32
Updated-24 Feb, 2026 | 06:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda WH450 PPTPServer stack-based overflow

A vulnerability has been found in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/PPTPServer. Such manipulation of the argument ip1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-wh450_firmwarewh450WH450
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-15162
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.6||HIGH
EPSS-0.22% / 44.69%
||
7 Day CHG+0.06%
Published-28 Dec, 2025 | 23:32
Updated-24 Feb, 2026 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda WH450 RouteStatic stack-based overflow

A vulnerability was determined in Tenda WH450 1.0.0.18. Affected by this vulnerability is an unknown functionality of the file /goform/RouteStatic. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-wh450wh450_firmwareWH450
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-15161
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.6||HIGH
EPSS-0.07% / 20.85%
||
7 Day CHG+0.02%
Published-28 Dec, 2025 | 23:02
Updated-24 Feb, 2026 | 07:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda WH450 PPTPUserSetting stack-based overflow

A vulnerability was found in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/PPTPUserSetting. Performing a manipulation of the argument delno results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-wh450wh450_firmwareWH450
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-15163
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.6||HIGH
EPSS-0.22% / 44.69%
||
7 Day CHG+0.06%
Published-29 Dec, 2025 | 00:02
Updated-24 Feb, 2026 | 06:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda WH450 SafeEmailFilter stack-based overflow

A vulnerability was identified in Tenda WH450 1.0.0.18. Affected by this issue is some unknown functionality of the file /goform/SafeEmailFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-wh450_firmwarewh450WH450
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-15164
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.6||HIGH
EPSS-0.30% / 53.54%
||
7 Day CHG+0.09%
Published-29 Dec, 2025 | 00:32
Updated-24 Feb, 2026 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda WH450 SafeMacFilter stack-based overflow

A security flaw has been discovered in Tenda WH450 1.0.0.18. This affects an unknown part of the file /goform/SafeMacFilter. The manipulation of the argument page results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-wh450wh450_firmwareWH450
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2021-33545
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.2||HIGH
EPSS-19.31% / 95.53%
||
7 Day CHG~0.00%
Published-13 Sep, 2021 | 17:55
Updated-17 Sep, 2024 | 01:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
UDP Technology/Geutebrück camera devices: Buffer overflow in counter parameter leading to RCE

Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to a stack-based buffer overflow condition in the counter parameter which may allow an attacker to remotely execute arbitrary code.

Action-Not Available
Vendor-geutebrueckGeutebrück
Product-g-cam_ethc-2249g-cam_ethc-2230_firmwareg-cam_efd-2251_firmwareg-code_eec-2400g-code_een-2010_firmwareg-code_een-2040_firmwareg-cam_ebc-2112_firmwareg-cam_ethc-2230g-code_een-2010g-cam_ewpc-2270_firmwareg-code_een-2040g-cam_ethc-2240_firmwareg-cam_ebc-2112g-cam_ewpc-2275g-cam_ewpc-2271_firmwareg-cam_ewpc-2271g-cam_ethc-2239g-cam_efd-2250g-cam_efd-2251g-cam_ebc-2111g-cam_ebc-2110g-cam_ebc-2111_firmwareg-cam_ethc-2249_firmwareg-cam_ethc-2240g-cam_efd-2250_firmwareg-cam_ethc-2239_firmwareg-cam_ebc-2110_firmwareg-code_eec-2400_firmwareg-cam_ewpc-2270g-cam_efd-2241g-cam_efd-2241_firmwareg-cam_ewpc-2275_firmwareEncoder G-CodeE2 Series
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-20250
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.47% / 65.07%
||
7 Day CHG~0.00%
Published-06 Sep, 2023 | 16:59
Updated-16 Dec, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper validation of requests that are sent to the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary code with root privileges on an affected device. To exploit this vulnerability, the attacker must have valid Administrator credentials on the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv130w_firmwarerv130_firmwarerv110wrv110w_firmwarerv130wrv215wrv130rv215w_firmwareCisco Small Business RV Series Router Firmwaresmall_business_rv_series_router_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-15177
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.6||HIGH
EPSS-0.27% / 50.87%
||
7 Day CHG+0.08%
Published-29 Dec, 2025 | 07:02
Updated-24 Feb, 2026 | 06:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda WH450 HTTP Request SetIpBind stack-based overflow

A vulnerability has been found in Tenda WH450 1.0.0.18. This vulnerability affects unknown code of the file /goform/SetIpBind of the component HTTP Request Handler. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-wh450_firmwarewh450WH450
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 7
  • 8
  • Next
Details not found