Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-34982

Summary
Assigner-zdi
Assigner Org ID-99f1926a-a320-47d8-bbb5-42feb611262e
Published At-07 May, 2024 | 22:54
Updated At-04 Aug, 2024 | 00:26
Rejected At-
Credits

NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability

NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. When parsing the strings file, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-13709.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:zdi
Assigner Org ID:99f1926a-a320-47d8-bbb5-42feb611262e
Published At:07 May, 2024 | 22:54
Updated At:04 Aug, 2024 | 00:26
Rejected At:
▼CVE Numbering Authority (CNA)
NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability

NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. When parsing the strings file, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-13709.

Affected Products
Vendor
NETGEAR, Inc.NETGEAR
Product
Multiple Routers
Default Status
unknown
Versions
Affected
  • V1.0.11.116_10.2.100
Problem Types
TypeCWE IDDescription
CWECWE-121CWE-121: Stack-based Buffer Overflow
Type: CWE
CWE ID: CWE-121
Description: CWE-121: Stack-based Buffer Overflow
Metrics
VersionBase scoreBase severityVector
3.08.8HIGH
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.0
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.zerodayinitiative.com/advisories/ZDI-21-1274/
x_research-advisory
https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159
vendor-advisory
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-21-1274/
Resource:
x_research-advisory
Hyperlink: https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
NETGEAR, Inc.netgear
Product
multiple_router_firmware
CPEs
  • cpe:2.3:o:netgear:multiple_router_firmware:1.0.11.116_10.0.100:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 1.0.11.116_10.0.100
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.zerodayinitiative.com/advisories/ZDI-21-1274/
x_research-advisory
x_transferred
https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159
vendor-advisory
x_transferred
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-21-1274/
Resource:
x_research-advisory
x_transferred
Hyperlink: https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159
Resource:
vendor-advisory
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:zdi-disclosures@trendmicro.com
Published At:07 May, 2024 | 23:15
Updated At:14 Aug, 2025 | 01:41

NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. When parsing the strings file, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-13709.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.08.8HIGH
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.0
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
NETGEAR, Inc.
netgear
>>dc112a_firmware>>Versions before 1.0.0.62(exclusive)
cpe:2.3:o:netgear:dc112a_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>dc112a>>-
cpe:2.3:h:netgear:dc112a:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>ex3700_firmware>>Versions before 1.0.0.94(exclusive)
cpe:2.3:o:netgear:ex3700_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>ex3700>>-
cpe:2.3:h:netgear:ex3700:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>ex3800_firmware>>Versions before 1.0.0.94(exclusive)
cpe:2.3:o:netgear:ex3800_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>ex3800>>-
cpe:2.3:h:netgear:ex3800:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>ex6120_firmware>>Versions before 1.0.0.66(exclusive)
cpe:2.3:o:netgear:ex6120_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>ex6120>>-
cpe:2.3:h:netgear:ex6120:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>ex6130_firmware>>Versions before 1.0.0.46(exclusive)
cpe:2.3:o:netgear:ex6130_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>ex6130>>-
cpe:2.3:h:netgear:ex6130:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>ex7000_firmware>>Versions before 1.0.1.106(exclusive)
cpe:2.3:o:netgear:ex7000_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>ex7000>>-
cpe:2.3:h:netgear:ex7000:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>ex7500_firmware>>Versions before 1.0.1.76(exclusive)
cpe:2.3:o:netgear:ex7500_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>ex7500>>-
cpe:2.3:h:netgear:ex7500:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>mr60_firmware>>Versions before 1.1.6.122(exclusive)
cpe:2.3:o:netgear:mr60_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>mr60>>-
cpe:2.3:h:netgear:mr60:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>mr80_firmware>>Versions before 1.1.6.10(exclusive)
cpe:2.3:o:netgear:mr80_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>mr80>>-
cpe:2.3:h:netgear:mr80:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>ms60_firmware>>Versions before 1.1.6.122(exclusive)
cpe:2.3:o:netgear:ms60_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>ms60>>-
cpe:2.3:h:netgear:ms60:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>ms80_firmware>>Versions before 1.1.6.10(exclusive)
cpe:2.3:o:netgear:ms80_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>ms80>>-
cpe:2.3:h:netgear:ms80:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>lax20_firmware>>Versions before 1.1.6.30(exclusive)
cpe:2.3:o:netgear:lax20_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>lax20>>-
cpe:2.3:h:netgear:lax20:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6400_firmware>>Versions before 1.0.1.76(exclusive)
cpe:2.3:o:netgear:r6400_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6400>>-
cpe:2.3:h:netgear:r6400:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6400v2_firmware>>Versions before 1.0.4.120(exclusive)
cpe:2.3:o:netgear:r6400v2_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6400v2>>-
cpe:2.3:h:netgear:r6400v2:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6700v3_firmware>>Versions before 1.0.4.120(exclusive)
cpe:2.3:o:netgear:r6700v3_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6700v3>>-
cpe:2.3:h:netgear:r6700v3:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6900p_firmware>>Versions before 1.3.3.148(exclusive)
cpe:2.3:o:netgear:r6900p_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6900p>>-
cpe:2.3:h:netgear:r6900p:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r7000_firmware>>Versions before 1.0.11.128(exclusive)
cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r7000>>-
cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r7000p_firmware>>Versions before 1.3.3.148(exclusive)
cpe:2.3:o:netgear:r7000p_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r7000p>>-
cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r7100lg_firmware>>Versions before 1.0.0.72(exclusive)
cpe:2.3:o:netgear:r7100lg_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r7100lg>>-
cpe:2.3:h:netgear:r7100lg:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r7850_firmware>>Versions before 1.0.5.76(exclusive)
cpe:2.3:o:netgear:r7850_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r7850>>-
cpe:2.3:h:netgear:r7850:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r7900p_firmware>>Versions before 1.4.2.84(exclusive)
cpe:2.3:o:netgear:r7900p_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r7900p>>-
cpe:2.3:h:netgear:r7900p:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r7960p_firmware>>Versions before 1.4.2.84(exclusive)
cpe:2.3:o:netgear:r7960p_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r7960p>>-
cpe:2.3:h:netgear:r7960p:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r8000_firmware>>Versions before 1.0.4.76(exclusive)
cpe:2.3:o:netgear:r8000_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r8000>>-
cpe:2.3:h:netgear:r8000:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r8000p_firmware>>Versions before 1.4.2.84(exclusive)
cpe:2.3:o:netgear:r8000p_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r8000p>>-
cpe:2.3:h:netgear:r8000p:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r8300_firmware>>Versions before 1.0.2.156(exclusive)
cpe:2.3:o:netgear:r8300_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r8300>>-
cpe:2.3:h:netgear:r8300:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-121Secondaryzdi-disclosures@trendmicro.com
CWE-787Primarynvd@nist.gov
CWE ID: CWE-121
Type: Secondary
Source: zdi-disclosures@trendmicro.com
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159zdi-disclosures@trendmicro.com
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1274/zdi-disclosures@trendmicro.com
Third Party Advisory
https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1274/af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159
Source: zdi-disclosures@trendmicro.com
Resource:
Vendor Advisory
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-21-1274/
Source: zdi-disclosures@trendmicro.com
Resource:
Third Party Advisory
Hyperlink: https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-21-1274/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

407Records found
CVE-2023-41229
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.53% / 66.42%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:12
Updated-15 May, 2025 | 12:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-3040 HTTP Request Processing Referer Heap-Based Buffer Overflow Remote Code Execution Vulnerability

D-Link DIR-3040 HTTP Request Processing Referer Heap-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd webserver listening on TCP ports 80 and 443. The issue results from the lack of proper validation of a user-supplied string before copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21671.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-3040_firmwaredir-3040DIR-3040dir-3040_firmware
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-50208
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-3.90% / 87.82%
||
7 Day CHG+0.26%
Published-03 May, 2024 | 02:14
Updated-10 Mar, 2025 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link G416 ovpncfg Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link G416 ovpncfg Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21441.

Action-Not Available
Vendor-D-Link Corporation
Product-g416g416_firmwareG416g416_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-37323
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.16% / 77.71%
||
7 Day CHG+0.08%
Published-03 May, 2024 | 01:58
Updated-13 May, 2025 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-2622 DDP Set SSID List PSK Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Set SSID List PSK Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20101.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-2622dap-2622_firmwareDAP-2622dap_2622_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-37319
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.54% / 80.62%
||
7 Day CHG+0.10%
Published-03 May, 2024 | 01:58
Updated-13 May, 2025 | 14:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-2622 DDP Set IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Set IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20097.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-2622dap-2622_firmwareDAP-2622dap_2622_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-37320
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.54% / 80.62%
||
7 Day CHG+0.10%
Published-03 May, 2024 | 01:58
Updated-13 May, 2025 | 14:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-2622 DDP Set SSID List SSID Name Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Set SSID List SSID Name Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20098.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-2622dap-2622_firmwareDAP-2622dap_2622_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-37324
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.75% / 81.78%
||
7 Day CHG+0.12%
Published-03 May, 2024 | 01:58
Updated-13 May, 2025 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-2622 DDP Set Wireless Info Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Set Wireless Info Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20102.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-2622dap-2622_firmwareDAP-2622dap_2622_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-37317
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.54% / 80.62%
||
7 Day CHG+0.10%
Published-03 May, 2024 | 01:58
Updated-13 May, 2025 | 14:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-2622 DDP Set IPv6 Address Primary DNS Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Set IPv6 Address Primary DNS Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20095.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-2622dap-2622_firmwareDAP-2622dap_2622_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-37310
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.75% / 81.78%
||
7 Day CHG+0.12%
Published-03 May, 2024 | 01:58
Updated-13 May, 2025 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-2622 DDP Set Device Info Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Set Device Info Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20087.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-2622dap-2622_firmwareDAP-2622dap_2622_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-37321
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.54% / 80.62%
||
7 Day CHG+0.10%
Published-03 May, 2024 | 01:58
Updated-13 May, 2025 | 14:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-2622 DDP Set SSID List RADIUS Secret Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Set SSID List RADIUS Secret Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20099.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-2622dap-2622_firmwareDAP-2622dap_2622_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-37318
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.54% / 80.62%
||
7 Day CHG+0.10%
Published-03 May, 2024 | 01:58
Updated-13 May, 2025 | 14:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-2622 DDP Set IPv6 Address Secondary DNS Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Set IPv6 Address Secondary DNS Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20096.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-2622dap-2622_firmwareDAP-2622dap_2622_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-35726
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.75% / 81.78%
||
7 Day CHG+0.12%
Published-03 May, 2024 | 01:57
Updated-13 May, 2025 | 13:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-2622 DDP User Verification Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP User Verification Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20053.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-2622dap-2622_firmwareDAP-2622dap_2622_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-35739
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.63% / 81.13%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:57
Updated-13 May, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-2622 DDP Configuration Backup Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Configuration Backup Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20066.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-2622dap-2622_firmwareDAP-2622dap_2622_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-35731
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.75% / 81.78%
||
7 Day CHG+0.12%
Published-03 May, 2024 | 01:57
Updated-13 May, 2025 | 13:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-2622 DDP Reset Factory Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Reset Factory Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20058.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-2622dap-2622_firmwareDAP-2622dap-2622
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-35727
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.75% / 81.78%
||
7 Day CHG+0.12%
Published-03 May, 2024 | 01:57
Updated-13 May, 2025 | 13:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-2622 DDP Reboot Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Reboot Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20054.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-2622dap-2622_firmwareDAP-2622dap_2622_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-35745
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.63% / 81.13%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:58
Updated-13 May, 2025 | 13:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-2622 DDP Configuration Restore Filename Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Configuration Restore Filename Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20073.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-2622dap-2622_firmwareDAP-2622dap_2622_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-35740
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.63% / 81.13%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:57
Updated-13 May, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-2622 DDP Configuration Backup Server Address Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Configuration Backup Server Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20067.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-2622dap-2622_firmwareDAP-2622dap-2622
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-35733
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.75% / 81.78%
||
7 Day CHG+0.12%
Published-03 May, 2024 | 01:57
Updated-13 May, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-2622 DDP Change ID Password Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Change ID Password Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20060.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-2622dap-2622_firmwareDAP-2622dap_2622_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-35748
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-2.29% / 84.07%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 22:55
Updated-06 Aug, 2025 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-2622 DDP Firmware Upgrade Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Firmware Upgrade Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20076.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-2622dap-2622_firmwareDAP-2622dap-2622
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2023-35728
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.75% / 81.78%
||
7 Day CHG+0.12%
Published-03 May, 2024 | 01:57
Updated-13 May, 2025 | 13:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-2622 DDP Reboot Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Reboot Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20055.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-2622dap-2622_firmwareDAP-2622dap_2622_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-35718
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-2.15% / 83.57%
||
7 Day CHG+0.15%
Published-03 May, 2024 | 01:57
Updated-07 Aug, 2025 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-2622 DDP Change ID Password Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Change ID Password Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20061.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-2622_firmwaredap-2622DAP-2622dap_2622_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2023-32139
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.53% / 66.42%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:56
Updated-16 May, 2025 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1360 webproc Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1360 webproc Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling requests to the /cgi-bin/webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-18417.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1360dap-2020_firmwaredap-1360_firmwaredap-2020DAP-1360dap-1360
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-1050
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.12% / 31.39%
||
7 Day CHG+0.03%
Published-23 Apr, 2025 | 16:44
Updated-25 Aug, 2025 | 14:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sonos Era 300 Out-of-Bounds Write Remote Code Execution Vulnerability

Sonos Era 300 Out-of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HLS playlist data. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the anacapa user. Was ZDI-CAN-25606.

Action-Not Available
Vendor-sonosSonos
Product-s2era_300Era 300
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-1051
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.08% / 25.54%
||
7 Day CHG~0.00%
Published-02 Jun, 2025 | 19:05
Updated-15 Aug, 2025 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability

Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of ALAC data. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the anacapa user. Was ZDI-CAN-25865.

Action-Not Available
Vendor-sonosSonos
Product-era_300era_300_firmwareEra 300
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32142
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.36% / 57.03%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:56
Updated-16 May, 2025 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1360 webproc var:page Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1360 webproc var:page Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the /cgi-bin/webproc endpoint. When parsing the var:page parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-18422.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1360dap-2020_firmwaredap-1360_firmwaredap-2020DAP-1360dap-1360f1_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32146
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.34% / 55.77%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:56
Updated-16 May, 2025 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1360 Multiple Parameters Stack-Based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1360 Multiple Parameters Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /cgi-bin/webproc endpoint. When parsing the errorpage and nextpage parameters, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-18746.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1360dap-2020dap-2020_firmwaredap-1360_firmwareDAP-1360dap-1360
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2023-32149
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.69% / 70.78%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:56
Updated-06 Aug, 2025 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-2640 prog.cgi Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DIR-2640 prog.cgi Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-19546.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-2640_firmwaredir-2640DIR-2640dir-2640_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2023-27346
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-2.39% / 84.42%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:56
Updated-06 Aug, 2025 | 14:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TP-Link AX1800 Firmware Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

TP-Link AX1800 Firmware Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AX1800 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of firmware images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-19703.

Action-Not Available
Vendor-XiaomiTP-Link Systems Inc.
Product-archer_ax21_firmwarearcher_ax21AX1800ax1800_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-7795
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.33% / 55.43%
||
7 Day CHG~0.00%
Published-21 Aug, 2024 | 16:02
Updated-23 Aug, 2024 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Autel MaxiCharger AC Elite Business C50 AppAuthenExchangeRandomNum Stack-Based Buffer Overflow Remote Code Execution Vulnerability

Autel MaxiCharger AC Elite Business C50 AppAuthenExchangeRandomNum Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Elite Business C50 EV chargers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the AppAuthenExchangeRandomNum BLE command. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23384.

Action-Not Available
Vendor-autelAutelautel
Product-maxicharger_ac_elite_business_c50maxicharger_ac_elite_business_c50_firmwareMaxiCharger AC Elite Business C50maxicharger_ac_elite_business_c50
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2024-6146
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.26% / 78.58%
||
7 Day CHG~0.00%
Published-18 Jun, 2024 | 23:39
Updated-19 Sep, 2024 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Actiontec WCB6200Q uh_get_postdata_withupload Stack-based Buffer Overflow Remote Code Execution Vulnerability

Actiontec WCB6200Q uh_get_postdata_withupload Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP server. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the HTTP server. Was ZDI-CAN-21418.

Action-Not Available
Vendor-Actiontec (Actiontec Electronics, Inc.)
Product-wcb6200qwcb6200q_firmwareWCB6200Q
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-5950
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-2.26% / 83.97%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 19:40
Updated-07 Aug, 2024 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Deep Sea Electronics DSE855 Multipart Value Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability

Deep Sea Electronics DSE855 Multipart Value Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of multipart form variables. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23172.

Action-Not Available
Vendor-deepseaelectronicsDeep Sea Electronicsdeep_sea_electronics
Product-dse855dse855_firmwareDSE855dse855
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-6144
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.26% / 78.58%
||
7 Day CHG~0.00%
Published-18 Jun, 2024 | 23:38
Updated-19 Sep, 2024 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Actiontec WCB6200Q Multipart Boundary Stack-based Buffer Overflow Remote Code Execution Vulnerability

Actiontec WCB6200Q Multipart Boundary Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP server. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the HTTP server. Was ZDI-CAN-21416.

Action-Not Available
Vendor-Actiontec (Actiontec Electronics, Inc.)
Product-wcb6200qwcb6200q_firmwareWCB6200Qwcb6200q_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-6249
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-2.90% / 85.81%
||
7 Day CHG~0.00%
Published-22 Nov, 2024 | 20:05
Updated-08 Aug, 2025 | 14:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wyze Cam v3 TCP Traffic Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability

Wyze Cam v3 TCP Traffic Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TUTK P2P library. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22419.

Action-Not Available
Vendor-wyzeWyzewyze
Product-cam_v3cam_v3_firmwareCam v3cam_v3_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-5293
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.98% / 75.78%
||
7 Day CHG~0.00%
Published-23 May, 2024 | 21:29
Updated-06 Aug, 2025 | 14:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-2640 HTTP Referer Stack-Based Buffer Overflow Remote Code Execution Vulnerability

D-Link DIR-2640 HTTP Referer Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640-US routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within prog.cgi, which handles HNAP requests made to the lighttpd webserver listening on TCP ports 80 and 443. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21853.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-2640_firmwaredir-2640DIR-2640dir-2640_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-5267
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.99% / 75.94%
||
7 Day CHG~0.00%
Published-06 Jun, 2024 | 17:50
Updated-24 Sep, 2024 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sonos Era 100 SMB2 Message Handling Out-Of-Bounds Write Remote Code Execution Vulnerability

Sonos Era 100 SMB2 Message Handling Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos Era 100 smart speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SMB2 messages. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22384.

Action-Not Available
Vendor-sonosSonossonos
Product-era_100era_100_firmwareEra 100era_100
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-43622
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.31% / 53.33%
||
7 Day CHG~0.00%
Published-29 Mar, 2023 | 00:00
Updated-18 Feb, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of Login requests to the web management portal. When parsing the HNAP_AUTH header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16139.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-1935_firmwaredir-1935DIR-1935
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-43689
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.70% / 71.12%
||
7 Day CHG~0.00%
Published-21 Oct, 2024 | 01:27
Updated-26 Nov, 2024 | 08:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow vulnerability exists in ELECOM wireless access points. By processing a specially crafted HTTP request, arbitrary code may be executed.

Action-Not Available
Vendor-Elecom Co., Ltd.
Product-wab-i1750-ps_firmwarewab-s1167-pswab-s1167-ps_firmwarewab-i1750-psWAB-M1775-PSWAB-S1775WAB-I1750-PSWAB-S733MIWAB-S1167-PSwab-i1750-ps_firmwarewab-s1167-ps_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-43630
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.45% / 62.50%
||
7 Day CHG~0.00%
Published-29 Mar, 2023 | 00:00
Updated-14 Feb, 2025 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of http requests to the web management portal. When parsing the SOAPAction header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16150.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-1935_firmwaredir-1935DIR-1935
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2022-40718
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.27% / 49.76%
||
7 Day CHG~0.00%
Published-26 Jan, 2023 | 00:00
Updated-01 Apr, 2025 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anweb service, which listens on TCP ports 80 and 443 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15728.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-2150dir-2150_firmwareDIR-2150
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-40717
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.27% / 49.76%
||
7 Day CHG~0.00%
Published-26 Jan, 2023 | 00:00
Updated-01 Apr, 2025 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anweb service, which listens on TCP ports 80 and 443 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15727.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-2150dir-2150_firmwareDIR-2150
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-41140
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.95% / 82.71%
||
7 Day CHG~0.00%
Published-26 Jan, 2023 | 00:00
Updated-01 Apr, 2025 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple D-Link routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the lighttpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13796.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-882-usdir-878dir-878_firmwaredir-867_firmwaredir-867dir-882-us_firmwareMultiple Routers
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-8653
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.11% / 30.04%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 01:18
Updated-07 Aug, 2025 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kenwood DMX958XR JKRadioService Stack-based Buffer Overflow Remote Code Execution Vulnerability

Kenwood DMX958XR JKRadioService Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Kenwood DMX958XR. Authentication is not required to exploit this vulnerability. The specific flaw exists within the JKRadioService. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26312.

Action-Not Available
Vendor-jvckenwoodKenwood
Product-dmx958xrdmx958xr_firmwareDMX958XR
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2022-25996
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.44% / 62.09%
||
7 Day CHG~0.00%
Published-05 Aug, 2022 | 21:17
Updated-15 Apr, 2025 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the confsrv addTimeGroup functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.

Action-Not Available
Vendor-TCL
Product-linkhub_mesh_wifi_ac1200LinkHub Mesh Wifi
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-51624
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-3.73% / 87.54%
||
7 Day CHG+0.25%
Published-03 May, 2024 | 02:15
Updated-02 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DCS-8300LHV2 RTSP ValidateAuthorizationHeader Nonce Stack-Based Buffer Overflow Remote Code Execution Vulnerability

D-Link DCS-8300LHV2 RTSP ValidateAuthorizationHeader Nonce Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the Authorization header by the RTSP server, which listens on TCP port 554. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20072.

Action-Not Available
Vendor-D-Link Corporation
Product-DCS-8300LHV2DCS-8300LHV2
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2022-26009
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.44% / 62.09%
||
7 Day CHG~0.00%
Published-05 Aug, 2022 | 21:18
Updated-15 Apr, 2025 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the confsrv ucloud_set_node_location functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.

Action-Not Available
Vendor-TCL
Product-linkhub_mesh_wifi_ac1200LinkHub Mesh Wifi
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-24673
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-6.68% / 90.86%
||
7 Day CHG~0.00%
Published-28 Mar, 2023 | 00:00
Updated-19 Feb, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the SLP protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15845.

Action-Not Available
Vendor-Canon Inc.
Product-mf741cdw_firmwaremf735cdw_firmwared1550_firmwaremf6180dwmf641cwmf424dw_firmwaremf1643i_ii_firmwaremf1238_firmwarelbp228dw_firmwaremf543dw_firmwaremf634cdw_firmwaremf1238mf451dw_firmwaremf624cdw_firmwaremf733cdwmf743cdwmf735cdwlbp612cdwmf746cdw1435if\+mf448dwmf448dw_firmwaremf6160dw_firmwaremf644cdw_firmwarelbp1127c_firmwared1650_firmwarewg7250z_firmwaremf632cdw1435if\+_firmwarelbp228dwlbp253dw_firmwaremf445dwlbp227dwmf6160dwmf642cdw_firmwarelbp1238lbp654cdwmf416dw_firmwaremf453dw_firmwaremf1238_ii_firmwarelbp214dwlbp227dw_firmwareir1435imf644cdwd15201435ifwg72401435p\+mf8280cw_firmwarewg7250flbp623cdw_firmware1435i\+_firmware1435pd1520_firmwaremf1643if_iimf641cw_firmwarelbp622cdwd1550mf525dwmf515dwmf729cdwmf733cdw_firmwaremf6180dw_firmwared1620_firmwaremf820cdn_firmwaremf453dwmf634cdwmf452dw_firmwaremf449dwwg7250_firmwarelbp215dw_firmware1435p\+_firmwaremf731cdw_firmwaremf8280cwlbp214dw_firmwarelbp612cdw_firmwaremf741cdwlbp623cdwlbp226dwmf426dwmf745cdwmf515dw_firmwaremf624cdwir1643if_firmware1435i\+mf1238_iimf628cdw_firmwaremf1127c_firmwaremf429dw_firmwarelbp1127cir1643i_firmwared1620mf726cdw_firmwarelbp654cdw_firmwaremf419dw_firmwaremf424dwlbp622cdw_firmwaremf414dw_firmwaremf414dwmf8580cdwlbp251dw_firmwaremf426dw_firmwaremf820cdnmf632cdw_firmwaremf1127clbp215dwmf745cdw_firmwaremf731cdwmf525dw_firmwaremf416dwmf455dwmf451dwir1643imf746cdw_firmwaremf419dwmf449dw_firmwarelbp1238_ii_firmwarelbp236dwmf726cdwlbp251dwmf1643if_ii_firmwarelbp237dwmf1643i_iimf628cdwmf445dw_firmwarelbp664cdw_firmwared1650mf8580cdw_firmwarewg7250mf810cdn_firmwarelbp236dw_firmwarewg7250f_firmwaremf729cdw_firmwarelbp1238_firmware1435p_firmwaremf810cdnmf543dwwg7240_firmwaremf642cdwmf429dwmf452dwmf455dw_firmware1435if_firmwarelbp237dw_firmwarewg7250zmf743cdw_firmwarelbp253dwlbp226dw_firmwarelbp664cdwlbp1238_iiir1643ifir1435i_firmwareimageCLASS MF644Cdw
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-23919
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.44% / 62.09%
||
7 Day CHG~0.00%
Published-05 Aug, 2022 | 21:12
Updated-15 Apr, 2025 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the confsrv set_mf_rule functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability leverages the name field within the protobuf message to cause a buffer overflow.

Action-Not Available
Vendor-TCL
Product-linkhub_mesh_wifi_ac1200LinkHub Mesh Wifi
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-24674
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.06% / 20.16%
||
7 Day CHG~0.00%
Published-28 Mar, 2023 | 00:00
Updated-19 Feb, 2025 | 15:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the privet API. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15834.

Action-Not Available
Vendor-Canon Inc.
Product-mf741cdw_firmwaremf735cdw_firmwared1550_firmwaremf6180dwmf641cwmf424dw_firmwaremf1643i_ii_firmwaremf1238_firmwarelbp228dw_firmwaremf543dw_firmwaremf634cdw_firmwaremf1238mf451dw_firmwaremf624cdw_firmwaremf733cdwmf743cdwmf735cdwlbp612cdwmf746cdw1435if\+mf448dwmf448dw_firmwaremf6160dw_firmwaremf644cdw_firmwarelbp1127c_firmwared1650_firmwarewg7250z_firmwaremf632cdw1435if\+_firmwarelbp228dwlbp253dw_firmwaremf445dwlbp227dwmf6160dwmf642cdw_firmwarelbp1238lbp654cdwmf416dw_firmwaremf453dw_firmwaremf1238_ii_firmwarelbp214dwlbp227dw_firmwareir1435imf644cdwd15201435ifwg72401435p\+mf8280cw_firmwarewg7250flbp623cdw_firmware1435i\+_firmware1435pd1520_firmwaremf1643if_iimf641cw_firmwarelbp622cdwd1550mf525dwmf515dwmf729cdwmf733cdw_firmwaremf6180dw_firmwared1620_firmwaremf820cdn_firmwaremf453dwmf634cdwmf452dw_firmwaremf449dwwg7250_firmwarelbp215dw_firmware1435p\+_firmwaremf731cdw_firmwaremf8280cwlbp214dw_firmwarelbp612cdw_firmwaremf741cdwlbp623cdwlbp226dwmf426dwmf745cdwmf515dw_firmwaremf624cdwir1643if_firmware1435i\+mf1238_iimf628cdw_firmwaremf1127c_firmwaremf429dw_firmwarelbp1127cir1643i_firmwared1620mf726cdw_firmwarelbp654cdw_firmwaremf419dw_firmwaremf424dwlbp622cdw_firmwaremf414dw_firmwaremf414dwmf8580cdwlbp251dw_firmwaremf426dw_firmwaremf820cdnmf632cdw_firmwaremf1127clbp215dwmf745cdw_firmwaremf731cdwmf525dw_firmwaremf416dwmf455dwmf451dwir1643imf746cdw_firmwaremf419dwmf449dw_firmwarelbp1238_ii_firmwarelbp236dwmf726cdwlbp251dwmf1643if_ii_firmwarelbp237dwmf1643i_iimf628cdwmf445dw_firmwarelbp664cdw_firmwared1650mf8580cdw_firmwarewg7250mf810cdn_firmwarelbp236dw_firmwarewg7250f_firmwaremf729cdw_firmwarelbp1238_firmware1435p_firmwaremf810cdnmf543dwwg7240_firmwaremf642cdwmf429dwmf452dwmf455dw_firmware1435if_firmwarelbp237dw_firmwarewg7250zmf743cdw_firmwarelbp253dwlbp226dw_firmwarelbp664cdwlbp1238_iiir1643ifir1435i_firmwareimageCLASS MF644Cdw
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-24672
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.10% / 29.04%
||
7 Day CHG~0.00%
Published-28 Mar, 2023 | 00:00
Updated-19 Feb, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CADM service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15802.

Action-Not Available
Vendor-Canon Inc.
Product-mf741cdw_firmwaremf735cdw_firmwared1550_firmwaremf6180dwmf641cwmf424dw_firmwaremf1643i_ii_firmwaremf1238_firmwarelbp228dw_firmwaremf543dw_firmwaremf634cdw_firmwaremf1238mf451dw_firmwaremf624cdw_firmwaremf733cdwmf743cdwmf735cdwlbp612cdwmf746cdw1435if\+mf448dwmf448dw_firmwaremf6160dw_firmwaremf644cdw_firmwarelbp1127c_firmwared1650_firmwarewg7250z_firmwaremf632cdw1435if\+_firmwarelbp228dwlbp253dw_firmwaremf445dwlbp227dwmf6160dwmf642cdw_firmwarelbp1238lbp654cdwmf416dw_firmwaremf453dw_firmwaremf1238_ii_firmwarelbp214dwlbp227dw_firmwareir1435imf644cdwd15201435ifwg72401435p\+mf8280cw_firmwarewg7250flbp623cdw_firmware1435i\+_firmware1435pd1520_firmwaremf1643if_iimf641cw_firmwarelbp622cdwd1550mf525dwmf515dwmf729cdwmf733cdw_firmwaremf6180dw_firmwared1620_firmwaremf820cdn_firmwaremf453dwmf634cdwmf452dw_firmwaremf449dwwg7250_firmwarelbp215dw_firmware1435p\+_firmwaremf731cdw_firmwaremf8280cwlbp214dw_firmwarelbp612cdw_firmwaremf741cdwlbp623cdwlbp226dwmf426dwmf745cdwmf515dw_firmwaremf624cdwir1643if_firmware1435i\+mf1238_iimf628cdw_firmwaremf1127c_firmwaremf429dw_firmwarelbp1127cir1643i_firmwared1620mf726cdw_firmwarelbp654cdw_firmwaremf419dw_firmwaremf424dwlbp622cdw_firmwaremf414dw_firmwaremf414dwmf8580cdwlbp251dw_firmwaremf426dw_firmwaremf820cdnmf632cdw_firmwaremf1127clbp215dwmf745cdw_firmwaremf731cdwmf525dw_firmwaremf416dwmf455dwmf451dwir1643imf746cdw_firmwaremf419dwmf449dw_firmwarelbp1238_ii_firmwarelbp236dwmf726cdwlbp251dwmf1643if_ii_firmwarelbp237dwmf1643i_iimf628cdwmf445dw_firmwarelbp664cdw_firmwared1650mf8580cdw_firmwarewg7250mf810cdn_firmwarelbp236dw_firmwarewg7250f_firmwaremf729cdw_firmwarelbp1238_firmware1435p_firmwaremf810cdnmf543dwwg7240_firmwaremf642cdwmf429dwmf452dwmf455dw_firmware1435if_firmwarelbp237dw_firmwarewg7250zmf743cdw_firmwarelbp253dwlbp226dw_firmwarelbp664cdwlbp1238_iiir1643ifir1435i_firmwareimageCLASS MF644Cdw
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-23918
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.44% / 62.09%
||
7 Day CHG~0.00%
Published-05 Aug, 2022 | 21:12
Updated-15 Apr, 2025 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the confsrv set_mf_rule functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability leverages the ethAddr field within the protobuf message to cause a buffer overflow.

Action-Not Available
Vendor-TCL
Product-linkhub_mesh_wifi_ac1200LinkHub Mesh Wifi
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-24355
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.42% / 60.92%
||
7 Day CHG~0.00%
Published-18 Feb, 2022 | 19:52
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of file name extensions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13910.

Action-Not Available
Vendor-TP-Link Systems Inc.
Product-tl-wr940ntl-wr940n_firmwareTL-WR940N
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • ...
  • 6
  • 7
  • 8
  • 9
  • Next
Details not found