Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-34308

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-08 May, 2024 | 20:14
Updated At-13 Feb, 2025 | 15:53
Rejected At-
Credits

TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the function urldecode.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:08 May, 2024 | 20:14
Updated At:13 Feb, 2025 | 15:53
Rejected At:
▼CVE Numbering Authority (CNA)

TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the function urldecode.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/totolink%20LR350/README.md
N/A
Hyperlink: https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/totolink%20LR350/README.md
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
TOTOLINKtotolink
Product
lr350_firmware
CPEs
  • cpe:2.3:o:totolink:lr350_firmware:9.3.5u.6369_b20220309:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 9.3.5u.6369_b20220309
Problem Types
TypeCWE IDDescription
CWECWE-121CWE-121 Stack-based Buffer Overflow
Type: CWE
CWE ID: CWE-121
Description: CWE-121 Stack-based Buffer Overflow
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/totolink%20LR350/README.md
x_transferred
Hyperlink: https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/totolink%20LR350/README.md
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:14 May, 2024 | 15:38
Updated At:04 Apr, 2025 | 14:46

TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the function urldecode.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.8HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
TOTOLINK
totolink
>>lr350_firmware>>9.3.5u.6369_b20220309
cpe:2.3:o:totolink:lr350_firmware:9.3.5u.6369_b20220309:*:*:*:*:*:*:*
TOTOLINK
totolink
>>lr350>>-
cpe:2.3:h:totolink:lr350:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-121Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-121
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/totolink%20LR350/README.mdcve@mitre.org
Broken Link
https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/totolink%20LR350/README.mdaf854a3a-2127-422b-91ae-364da2661108
Broken Link
Hyperlink: https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/totolink%20LR350/README.md
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/totolink%20LR350/README.md
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link

Change History

0
Information is not available yet

Similar CVEs

297Records found
CVE-2023-35739
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.63% / 81.13%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:57
Updated-13 May, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-2622 DDP Configuration Backup Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Configuration Backup Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20066.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-2622dap-2622_firmwareDAP-2622dap_2622_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-35731
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.75% / 81.78%
||
7 Day CHG+0.12%
Published-03 May, 2024 | 01:57
Updated-13 May, 2025 | 13:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-2622 DDP Reset Factory Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Reset Factory Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20058.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-2622dap-2622_firmwareDAP-2622dap-2622
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-35727
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.75% / 81.78%
||
7 Day CHG+0.12%
Published-03 May, 2024 | 01:57
Updated-13 May, 2025 | 13:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-2622 DDP Reboot Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Reboot Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20054.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-2622dap-2622_firmwareDAP-2622dap_2622_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-35745
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.63% / 81.13%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:58
Updated-13 May, 2025 | 13:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-2622 DDP Configuration Restore Filename Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Configuration Restore Filename Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20073.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-2622dap-2622_firmwareDAP-2622dap_2622_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-35740
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.63% / 81.13%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:57
Updated-13 May, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-2622 DDP Configuration Backup Server Address Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Configuration Backup Server Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20067.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-2622dap-2622_firmwareDAP-2622dap-2622
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-35733
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.75% / 81.78%
||
7 Day CHG+0.12%
Published-03 May, 2024 | 01:57
Updated-13 May, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-2622 DDP Change ID Password Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Change ID Password Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20060.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-2622dap-2622_firmwareDAP-2622dap_2622_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-35728
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.75% / 81.78%
||
7 Day CHG+0.12%
Published-03 May, 2024 | 01:57
Updated-13 May, 2025 | 13:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-2622 DDP Reboot Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Reboot Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20055.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-2622dap-2622_firmwareDAP-2622dap_2622_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-34285
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.80% / 73.20%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:57
Updated-03 Jan, 2025 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR RAX30 cmsCli_authenticate Stack-based Buffer Overflow Remote Code Execution Vulnerability

NETGEAR RAX30 cmsCli_authenticate Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within a shared library used by the telnetd service, which listens on TCP port 23 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19918.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rax30_firmwarerax30RAX30rax30
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32139
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.53% / 66.42%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:56
Updated-16 May, 2025 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1360 webproc Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1360 webproc Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling requests to the /cgi-bin/webproc endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-18417.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1360dap-2020_firmwaredap-1360_firmwaredap-2020DAP-1360dap-1360
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32142
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.36% / 57.03%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:56
Updated-16 May, 2025 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1360 webproc var:page Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1360 webproc var:page Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the /cgi-bin/webproc endpoint. When parsing the var:page parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-18422.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1360dap-2020_firmwaredap-1360_firmwaredap-2020DAP-1360dap-1360f1_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32146
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.34% / 55.77%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:56
Updated-16 May, 2025 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1360 Multiple Parameters Stack-Based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1360 Multiple Parameters Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the /cgi-bin/webproc endpoint. When parsing the errorpage and nextpage parameters, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-18746.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1360dap-2020dap-2020_firmwaredap-1360_firmwareDAP-1360dap-1360
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2023-3043
Matching Score-4
Assigner-AMI
ShareView Details
Matching Score-4
Assigner-AMI
CVSS Score-9.6||CRITICAL
EPSS-0.04% / 9.87%
||
7 Day CHG~0.00%
Published-09 Jan, 2024 | 22:15
Updated-17 Jun, 2025 | 20:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack-based Buffer Overflow BMC

AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack-based buffer overflow via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability.

Action-Not Available
Vendor-AMI
Product-megarac_sp-xMegaRAC_SPx
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-27368
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.04% / 10.63%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:56
Updated-03 Jan, 2025 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability

NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the soap_serverd binary. When parsing SOAP message headers, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19839.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rax30_firmwarerax30RAX30rax30
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-7795
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.33% / 55.43%
||
7 Day CHG~0.00%
Published-21 Aug, 2024 | 16:02
Updated-23 Aug, 2024 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Autel MaxiCharger AC Elite Business C50 AppAuthenExchangeRandomNum Stack-Based Buffer Overflow Remote Code Execution Vulnerability

Autel MaxiCharger AC Elite Business C50 AppAuthenExchangeRandomNum Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Elite Business C50 EV chargers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the AppAuthenExchangeRandomNum BLE command. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23384.

Action-Not Available
Vendor-autelAutelautel
Product-maxicharger_ac_elite_business_c50maxicharger_ac_elite_business_c50_firmwareMaxiCharger AC Elite Business C50maxicharger_ac_elite_business_c50
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-47065
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.49% / 64.58%
||
7 Day CHG~0.00%
Published-23 Jan, 2023 | 00:00
Updated-03 Aug, 2024 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formNewSchedule. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-n/aTRENDnet, Inc.
Product-tew-820ap_firmwaretew-820apn/atew-820ap_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-6146
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.26% / 78.58%
||
7 Day CHG~0.00%
Published-18 Jun, 2024 | 23:39
Updated-19 Sep, 2024 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Actiontec WCB6200Q uh_get_postdata_withupload Stack-based Buffer Overflow Remote Code Execution Vulnerability

Actiontec WCB6200Q uh_get_postdata_withupload Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP server. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the HTTP server. Was ZDI-CAN-21418.

Action-Not Available
Vendor-Actiontec (Actiontec Electronics, Inc.)
Product-wcb6200qwcb6200q_firmwareWCB6200Q
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-5950
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-2.26% / 83.97%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 19:40
Updated-07 Aug, 2024 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Deep Sea Electronics DSE855 Multipart Value Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability

Deep Sea Electronics DSE855 Multipart Value Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of multipart form variables. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23172.

Action-Not Available
Vendor-deepseaelectronicsDeep Sea Electronicsdeep_sea_electronics
Product-dse855dse855_firmwareDSE855dse855
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-6144
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.26% / 78.58%
||
7 Day CHG~0.00%
Published-18 Jun, 2024 | 23:38
Updated-19 Sep, 2024 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Actiontec WCB6200Q Multipart Boundary Stack-based Buffer Overflow Remote Code Execution Vulnerability

Actiontec WCB6200Q Multipart Boundary Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP server. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the HTTP server. Was ZDI-CAN-21416.

Action-Not Available
Vendor-Actiontec (Actiontec Electronics, Inc.)
Product-wcb6200qwcb6200q_firmwareWCB6200Qwcb6200q_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-3193
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-8.8||HIGH
EPSS-1.09% / 77.05%
||
7 Day CHG~0.00%
Published-15 Dec, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple D-Link devices including the DIR-850L firmware versions 1.14B07 and 2.07.B05 contain a stack-based buffer overflow vulnerability in the web administration interface HNAP service.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-850l_firmwaredir-850lDIR-850L and potentially others
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2022-43622
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.31% / 53.33%
||
7 Day CHG~0.00%
Published-29 Mar, 2023 | 00:00
Updated-18 Feb, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of Login requests to the web management portal. When parsing the HNAP_AUTH header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16139.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-1935_firmwaredir-1935DIR-1935
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-44589
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.18% / 39.52%
||
7 Day CHG~0.00%
Published-18 Sep, 2024 | 00:00
Updated-21 May, 2025 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack overflow vulnerability in the Login function in the HNAP service in D-Link DCS-960L with firmware 1.09 allows attackers to execute of arbitrary code.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dcs-960ldcs-960l_firmwaren/adcs-960l_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-43689
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.8||HIGH
EPSS-0.70% / 71.12%
||
7 Day CHG~0.00%
Published-21 Oct, 2024 | 01:27
Updated-26 Nov, 2024 | 08:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow vulnerability exists in ELECOM wireless access points. By processing a specially crafted HTTP request, arbitrary code may be executed.

Action-Not Available
Vendor-Elecom Co., Ltd.
Product-wab-i1750-ps_firmwarewab-s1167-pswab-s1167-ps_firmwarewab-i1750-psWAB-M1775-PSWAB-S1775WAB-I1750-PSWAB-S733MIWAB-S1167-PSwab-i1750-ps_firmwarewab-s1167-ps_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-43630
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.45% / 62.50%
||
7 Day CHG~0.00%
Published-29 Mar, 2023 | 00:00
Updated-14 Feb, 2025 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of http requests to the web management portal. When parsing the SOAPAction header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16150.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-1935_firmwaredir-1935DIR-1935
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-41281
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.06% / 17.31%
||
7 Day CHG+0.03%
Published-19 Jul, 2024 | 00:00
Updated-04 Jun, 2025 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Linksys WRT54G v4.21.5 has a stack overflow vulnerability in get_merge_mac function.

Action-Not Available
Vendor-n/aLinksys Holdings, Inc.
Product-wrt54g_firmwarewrt54gn/awrt54g
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2022-40718
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.27% / 49.76%
||
7 Day CHG~0.00%
Published-26 Jan, 2023 | 00:00
Updated-01 Apr, 2025 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anweb service, which listens on TCP ports 80 and 443 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15728.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-2150dir-2150_firmwareDIR-2150
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-40717
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.27% / 49.76%
||
7 Day CHG~0.00%
Published-26 Jan, 2023 | 00:00
Updated-01 Apr, 2025 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anweb service, which listens on TCP ports 80 and 443 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15727.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-2150dir-2150_firmwareDIR-2150
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-41140
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.95% / 82.71%
||
7 Day CHG~0.00%
Published-26 Jan, 2023 | 00:00
Updated-01 Apr, 2025 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple D-Link routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the lighttpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13796.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-882-usdir-878dir-878_firmwaredir-867_firmwaredir-867dir-882-us_firmwareMultiple Routers
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-34944
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.25% / 48.09%
||
7 Day CHG~0.00%
Published-10 May, 2024 | 12:49
Updated-04 Apr, 2025 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the list1 parameter at ip/goform/DhcpListClient.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-fh1206fh1206_firmwaren/afh1206_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2023-25528
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-8.8||HIGH
EPSS-0.49% / 64.64%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 00:07
Updated-24 Sep, 2024 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX H100 baseboard management controller (BMC) contains a vulnerability in a web server plugin, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_h100_firmwaredgx_h100DGX H100 BMCdgx_h100_bmc
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-27646
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8||HIGH
EPSS-1.47% / 80.18%
||
7 Day CHG~0.00%
Published-29 Mar, 2023 | 00:00
Updated-18 Feb, 2025 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the circled daemon. A crafted circleinfo.txt file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15879.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-cbr40_firmwarerax80rs400_firmwarer8000rax75rbr40_firmwarerbs20_firmwarer6400_firmwarer6900pr8000pr6900p_firmwarerbr20r7960prs400r7000_firmwarer8000p_firmwarer7850rax200r7000p_firmwarerax200_firmwarerbs40rbs40_firmwarer7850_firmwarerbr10_firmwarerbr10r6700rbs10_firmwarelbr20_firmwarer7000rax80_firmwarelbr1020_firmwarerbs20rbr40rbs50_firmwarer7000prbs50rbr50_firmwarecbr40rbr50r7960p_firmwarelbr20rbr20_firmwarerbs10rax75_firmwarer6400r6700_firmwarelbr1020r8000_firmwareR6700v3
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2023-51635
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.87% / 82.37%
||
7 Day CHG~0.00%
Published-22 Nov, 2024 | 20:04
Updated-03 Jan, 2025 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR RAX30 fing_dil Stack-based Buffer Overflow Remote Code Execution Vulnerability

NETGEAR RAX30 fing_dil Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within fing_dil service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19843.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rax30_firmwarerax30RAX30rax30_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-24674
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.06% / 20.16%
||
7 Day CHG~0.00%
Published-28 Mar, 2023 | 00:00
Updated-19 Feb, 2025 | 15:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the privet API. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15834.

Action-Not Available
Vendor-Canon Inc.
Product-mf741cdw_firmwaremf735cdw_firmwared1550_firmwaremf6180dwmf641cwmf424dw_firmwaremf1643i_ii_firmwaremf1238_firmwarelbp228dw_firmwaremf543dw_firmwaremf634cdw_firmwaremf1238mf451dw_firmwaremf624cdw_firmwaremf733cdwmf743cdwmf735cdwlbp612cdwmf746cdw1435if\+mf448dwmf448dw_firmwaremf6160dw_firmwaremf644cdw_firmwarelbp1127c_firmwared1650_firmwarewg7250z_firmwaremf632cdw1435if\+_firmwarelbp228dwlbp253dw_firmwaremf445dwlbp227dwmf6160dwmf642cdw_firmwarelbp1238lbp654cdwmf416dw_firmwaremf453dw_firmwaremf1238_ii_firmwarelbp214dwlbp227dw_firmwareir1435imf644cdwd15201435ifwg72401435p\+mf8280cw_firmwarewg7250flbp623cdw_firmware1435i\+_firmware1435pd1520_firmwaremf1643if_iimf641cw_firmwarelbp622cdwd1550mf525dwmf515dwmf729cdwmf733cdw_firmwaremf6180dw_firmwared1620_firmwaremf820cdn_firmwaremf453dwmf634cdwmf452dw_firmwaremf449dwwg7250_firmwarelbp215dw_firmware1435p\+_firmwaremf731cdw_firmwaremf8280cwlbp214dw_firmwarelbp612cdw_firmwaremf741cdwlbp623cdwlbp226dwmf426dwmf745cdwmf515dw_firmwaremf624cdwir1643if_firmware1435i\+mf1238_iimf628cdw_firmwaremf1127c_firmwaremf429dw_firmwarelbp1127cir1643i_firmwared1620mf726cdw_firmwarelbp654cdw_firmwaremf419dw_firmwaremf424dwlbp622cdw_firmwaremf414dw_firmwaremf414dwmf8580cdwlbp251dw_firmwaremf426dw_firmwaremf820cdnmf632cdw_firmwaremf1127clbp215dwmf745cdw_firmwaremf731cdwmf525dw_firmwaremf416dwmf455dwmf451dwir1643imf746cdw_firmwaremf419dwmf449dw_firmwarelbp1238_ii_firmwarelbp236dwmf726cdwlbp251dwmf1643if_ii_firmwarelbp237dwmf1643i_iimf628cdwmf445dw_firmwarelbp664cdw_firmwared1650mf8580cdw_firmwarewg7250mf810cdn_firmwarelbp236dw_firmwarewg7250f_firmwaremf729cdw_firmwarelbp1238_firmware1435p_firmwaremf810cdnmf543dwwg7240_firmwaremf642cdwmf429dwmf452dwmf455dw_firmware1435if_firmwarelbp237dw_firmwarewg7250zmf743cdw_firmwarelbp253dwlbp226dw_firmwarelbp664cdwlbp1238_iiir1643ifir1435i_firmwareimageCLASS MF644Cdw
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-25746
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.98% / 75.86%
||
7 Day CHG~0.00%
Published-22 Feb, 2024 | 00:00
Updated-13 Mar, 2025 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the add_white_node function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac9ac9_firmwaren/aac9v3.0_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2022-24355
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.42% / 60.92%
||
7 Day CHG~0.00%
Published-18 Feb, 2022 | 19:52
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of file name extensions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13910.

Action-Not Available
Vendor-TP-Link Systems Inc.
Product-tl-wr940ntl-wr940n_firmwareTL-WR940N
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-25753
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.97% / 75.70%
||
7 Day CHG~0.00%
Published-22 Feb, 2024 | 00:00
Updated-13 Mar, 2025 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the formSetDeviceName function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac9ac9_firmwaren/aac9_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-23957
Matching Score-4
Assigner-Automotive Security Research Group (ASRG)
ShareView Details
Matching Score-4
Assigner-Automotive Security Research Group (ASRG)
CVSS Score-8.8||HIGH
EPSS-1.89% / 82.46%
||
7 Day CHG~0.00%
Published-28 Sep, 2024 | 06:08
Updated-03 Oct, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Autel MaxiCharger AC Elite Business C50 DLB_HostHeartBeat Stack-based Buffer Overflow Remote Code Execution Vulnerability

Autel MaxiCharger AC Elite Business C50 DLB_HostHeartBeat Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Elite Business C50 charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DLB_HostHeartBeat handler of the DLB protocol implementation. When parsing an AES key, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23241

Action-Not Available
Vendor-autelAutelautel
Product-maxicharger_ac_elite_business_c50maxicharger_ac_elite_business_c50_firmwareMaxiCharger AC Elite Business C50maxicharger_ac_elite_business_c50_eu_firmwaremaxicharger_ac_elite_business_c50_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-21201
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-0.12% / 31.97%
||
7 Day CHG~0.00%
Published-05 Aug, 2022 | 21:11
Updated-15 Apr, 2025 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the confers ucloud_add_node_new functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.

Action-Not Available
Vendor-TCL
Product-linkhub_mesh_wifi_ac1200LinkHub Mesh Wifi
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-20824
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.07% / 20.60%
||
7 Day CHG~0.00%
Published-25 Aug, 2022 | 18:40
Updated-06 Nov, 2024 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco FXOS and NX-OS Software Cisco Discovery Protocol Denial of Service and Arbitrary Code Execution Vulnerability

A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation of specific values that are within a Cisco Discovery Protocol message. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to execute arbitrary code with root privileges or cause the Cisco Discovery Protocol process to crash and restart multiple times, which would cause the affected device to reload, resulting in a DoS condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_34200yc-smnexus_9300_firmwarenexus_56128pnexus_3132q-xnexus_3172tqnexus_9332c_firmwarenexus_3172pq\/pq-xl_firmwarenexus_93108tc-ex_firmwarenexus_3200mds_9513_firmwarenexus_93128txnexus_3064t_firmwarenexus_3064-t_firmwaremds_9506nexus_3132q-vnexus_9332cnexus_93360yc-fx2_firmwarenexus_9336c-fx2nexus_3524-xnexus_9348gc-fxpnexus_3172mds_9718nexus_9272qnexus_56128p_firmwarenexus_9500_supervisor_b\+nexus_7000_supervisor_2e_firmwarenexus_93180yc-fxnexus_9336pq_firmwarenexus_3548_firmwarenexus_3432d-snexus_3264q_firmwarenexus_93180yc-fx3_firmwarenexus_9272q_firmwarenexus_3548-x\/xlnexus_3636c-r_firmwarenexus_3016nexus_7018nexus_92304qcnexus_9500_supervisor_bnexus_3100nexus_5596t_firmwarenexus_3048nexus_7700_supervisor_3e_firmwarenexus_93360yc-fx2mds_9710_firmwarenexus_3432d-s_firmwarenexus_3232c_nexus_7010_firmwarenexus_7010nexus_93180yc-fx_firmwarenexus_93216tc-fx2_firmwarenexus_3064x_firmwarenexus_3132q-v_firmwarenexus_7018_firmwarenexus_5596tnexus_7702nexus_5624qnexus_3264c-e_firmwarenexus_6004xnexus_93600cd-gxnexus_3132q-xl_firmwarenexus_6001tnexus_9372px-enexus_5596up_firmwarenexus_3132q-x\/3132q-xl_firmwarenexus_3400nexus_7700_firmwarenexus_9332pqnexus_9508nexus_7004_firmwarenexus_31108pv-v_firmwarenexus_93120txnexus_6000nexus_7000_supervisor_2nexus_93120tx_firmwarenexus_7000_supervisor_1_firmwarenexus_6004nexus_3132q_firmwarenexus_3100-znexus_3548-xlnexus_31128pqnexus_93180yc-fx3snexus_7700_supervisor_2enexus_3132c-znexus_5548pnexus_9336c-fx2_firmwarenexus_5648qnexus_3464cnexus_93128_firmwarenexus_93216tc-fx2nexus_3048_firmwarenexus_3524-x\/xl_firmwarenexus_31128pq_firmwarenexus_3200_firmwarenexus_5672upnexus_93180tc-exnexus_3264qnexus_7004nexus_3232c_firmwarenexus_9000vnexus_9300nexus_31108pc-vnexus_7706_firmwarenexus_9500_supervisor_a\+nexus_93180yc-fx3nexus_3064-32tnexus_5596upnexus_3464c_firmwarenexus_7009nexus_9332pq_firmwarenexus_93128tx_firmwarenexus_3100vnexus_3172tq-32t_firmwarenexus_3132qnexus_5648q_firmwarenexus_3524_firmwarenexus_6001p_firmwarenexus_5696qnexus_31108pc-v_firmwarenexus_3064xnexus_9000nexus_31108pv-vnexus_93108tc-fx3pnexus_3172_firmwarenexus_93108tc-fxnexus_9364c-gx_firmwarenexus_9396tx_firmwarenexus_92300ycnexus_7706nexus_9348gc-fxp_firmwarenexus_93108tc-fx3p_firmwarenexus_6001_firmwarenexus_7700_supervisor_2e_firmwarenexus_93240yc-fx2_firmwarenexus_5672up-16g_firmwarenexus_3548-xnexus_9336c-fx2-e_firmwaremds_9710nexus_3172tq-xlnexus_93180yc-exnexus_3016q_firmwarenexus_9372tx-e_firmwarenexus_9236cnexus_9516nexus_6000_firmwarenexus_9000_firmwarenexus_3172pq-xlnexus_9500rnexus_7000_supervisor_2_firmwarenexus_3064-32t_firmwarenexus_93180lc-exnexus_7009_firmwarenexus_3636c-rnexus_3100-z_firmwarenexus_3548-x_firmwarenexus_3172tq_firmwarenexus_7700_supervisor_3enexus_3172pq-xl_firmwarenexus_3524-x_firmwarenexus_3016qnexus_92348gc-xnexus_3172tq-32tnexus_93180yc-fx3s_firmwarenexus_31108tc-vnexus_3400_firmwaremds_9513nexus_92304qc_firmwarenexus_3232c__firmwarenexus_3100v_firmwarenexus_7710_firmwarenexus_9372tx_firmwarenexus_9500_supervisor_a\+_firmwarenexus_3548-x\/xl_firmwarenexus_3100-v_firmwarenexus_7702_firmwarenexus_9500_supervisor_b\+_firmwaremds_9506_firmwarenexus_3524nexus_93108tc-ex-24_firmwarenexus_7000_supervisor_1nexus_92160yc-x_firmwarenexus_5548p_firmwarenexus_7718_firmwarenexus_9504_firmwarenexus_93108tc-fx-24nexus_9516_firmwarenexus_36180yc-r_firmwarenexus_7710nexus_3100_firmwarenexus_93180yc-fx-24_firmwarenexus_9372tx-enexus_9364c_firmwarenexus_3524-xlnexus_9200_firmwarenexus_5548up_firmwarenexus_9396txnexus_7000nexus_3064nexus_7718nexus_9372px_firmwarenexus_5548upnexus_9336c-fx2-enexus_9396pxnexus_7000_supervisor_2enexus_9221cnexus_5672up_firmwarenexus_3132q-x\/3132q-xlnexus_9372txnexus_9221c_firmwarenexus_3064-tnexus_93180yc-ex_firmwarenexus_3408-snexus_93108tc-fx-24_firmwarenexus_9336pqnexus_7700nexus_92348gc-x_firmwarenexus_6004_firmwarenexus_9000v_firmwarenexus_93108tc-exnexus_3100-vnexus_9316d-gxnexus_3524-x\/xlnexus_31108tc-v_firmwarenexus_9500_supervisor_a_firmwarenexus_3064-x_firmwarenexus_6001pnexus_3164qnexus_3408-s_firmwarenexus_9364cnexus_9396px_firmwarenexus_93180yc-ex-24_firmwarenexus_3172pq\/pq-xlnexus_34180yc_firmwarenexus_93180yc-fx-24nexus_6004x_firmwarenexus_93600cd-gx_firmwarenexus_36180yc-rnexus_3164q_firmwarenexus_3524-xl_firmwarenexus_9508_firmwarenexus_5600_firmwarenexus_34180ycmds_9706nexus_5624q_firmwarenexus_6001t_firmwarenexus_9316d-gx_firmwarenexus_5696q_firmwarenexus_34200yc-sm_firmwarenexus_3064_firmwarenexus_93180yc-ex-24nexus_3548nexus_9372pxnexus_9364c-gxnexus_92160yc-xnexus_93108tc-ex-24nexus_93180lc-ex_firmwarenexus_93180tc-ex_firmwarenexus_1000v_firmwaremds_9718_firmwarenexus_9504nexus_9500r_firmwarenexus_6001nexus_9372px-e_firmwaremds_9706_firmwarenexus_3064tnexus_9500_supervisor_anexus_3172pqnexus_3172tq-xl_firmwarenexus_3064-xnexus_3232cnexus_3172pq_firmwarenexus_9200nexus_9500_supervisor_b_firmwarenexus_92300yc_firmwarenexus_3548-xl_firmwarenexus_1000vnexus_3264c-enexus_93240yc-fx2nexus_9236c_firmwarenexus_93108tc-fx_firmwarenexus_7000_firmwarenexus_3132q-xlnexus_3132q-x_firmwarenexus_93128nexus_3132c-z_firmwarenexus_3016_firmwarenexus_5600nexus_5672up-16gCisco NX-OS Software
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-44419
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.52% / 65.61%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:13
Updated-13 May, 2025 | 14:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-X3260 Prog.cgi Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DIR-X3260 Prog.cgi Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd webserver. The issue results from the lack of proper validation of the length an user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20774.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-x3260_firmwaredir-x3260DIR-X3260dir-x3260
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-44015
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.28% / 51.16%
||
7 Day CHG~0.00%
Published-27 Sep, 2023 | 00:00
Updated-25 Sep, 2024 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the schedEndTime parameter in the setSchedWifi function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac10uac10u_firmwaren/aac10u_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-44409
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.54% / 80.63%
||
7 Day CHG-0.03%
Published-03 May, 2024 | 02:13
Updated-12 Mar, 2025 | 17:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1325 SetSetupWizardStatus Enabled Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1325 SetSetupWizardStatus Enabled Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18838.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1325_firmwaredap-1325DAP-1325dap-1325_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-43236
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.91% / 82.58%
||
7 Day CHG~0.00%
Published-21 Sep, 2023 | 00:00
Updated-24 Sep, 2024 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter statuscheckpppoeuser in dir_setWanWifi.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-816_a2dir-816_a2_firmwaren/adir-816_a2_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-43237
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.91% / 82.58%
||
7 Day CHG~0.00%
Published-21 Sep, 2023 | 00:00
Updated-24 Sep, 2024 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter macCloneMac in setMAC.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-816_a2dir-816_a2_firmwaren/adir-816_a2_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-43239
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.91% / 82.58%
||
7 Day CHG~0.00%
Published-21 Sep, 2023 | 00:00
Updated-24 Sep, 2024 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter flag_5G in showMACfilterMAC.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-816_a2dir-816_a2_firmwaren/adir-816_a2_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-4263
Matching Score-4
Assigner-Zephyr Project
ShareView Details
Matching Score-4
Assigner-Zephyr Project
CVSS Score-7.6||HIGH
EPSS-0.08% / 25.29%
||
7 Day CHG~0.00%
Published-13 Oct, 2023 | 20:42
Updated-13 Feb, 2025 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver

Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver

Action-Not Available
Vendor-Zephyr Project
Product-zephyrZephyr
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2023-41215
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.59% / 80.93%
||
7 Day CHG+0.11%
Published-03 May, 2024 | 02:12
Updated-13 May, 2025 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-2622 DDP Set Date-Time Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Set Date-Time Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20086.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-2622dap-2622_firmwareDAP-2622dap_2622_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-41207
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-2.61% / 85.08%
||
7 Day CHG+0.18%
Published-03 May, 2024 | 02:12
Updated-12 Mar, 2025 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1325 SetHostIPv6StaticSettings StaticAddress Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1325 SetHostIPv6StaticSettings StaticAddress Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18833.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1325_firmwaredap-1325DAP-1325dap-1325
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-41214
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-2.61% / 85.08%
||
7 Day CHG+0.18%
Published-03 May, 2024 | 02:12
Updated-12 Mar, 2025 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1325 setDhcpAssignRangeUpdate lan_ipaddr Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1325 setDhcpAssignRangeUpdate lan_ipaddr Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18841.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1325_firmwaredap-1325DAP-1325dap-1325_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-41210
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-2.61% / 85.08%
||
7 Day CHG+0.18%
Published-03 May, 2024 | 02:12
Updated-12 Mar, 2025 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1325 SetHostIPv6StaticSettings StaticDNS2 Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1325 SetHostIPv6StaticSettings StaticDNS2 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18836.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1325_firmwaredap-1325DAP-1325dap-1325_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-41213
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-2.61% / 85.08%
||
7 Day CHG+0.18%
Published-03 May, 2024 | 02:12
Updated-12 Mar, 2025 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1325 setDhcpAssignRangeUpdate lan_ipaddr Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1325 setDhcpAssignRangeUpdate lan_ipaddr Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18840.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1325_firmwaredap-1325DAP-1325dap-1325_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found