Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-46121

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-21 Jul, 2025 | 00:00
Updated At-28 Jul, 2025 | 19:42
Rejected At-
Credits

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the functions `stamgr_cfg_adpt_addStaFavourite` and `stamgr_cfg_adpt_addStaIot` pass a client hostname directly to snprintf as the format string. A remote attacker can exploit this flaw either by sending a crafted request to the authenticated endpoint `/admin/_conf.jsp`, or without authentication and without direct network access to the controller by spoofing the MAC address of a favourite station and embedding malicious format specifiers in the DHCP hostname field, resulting in unauthenticated format-string processing and arbitrary code execution on the controller.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:21 Jul, 2025 | 00:00
Updated At:28 Jul, 2025 | 19:42
Rejected At:
▼CVE Numbering Authority (CNA)

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the functions `stamgr_cfg_adpt_addStaFavourite` and `stamgr_cfg_adpt_addStaIot` pass a client hostname directly to snprintf as the format string. A remote attacker can exploit this flaw either by sending a crafted request to the authenticated endpoint `/admin/_conf.jsp`, or without authentication and without direct network access to the controller by spoofing the MAC address of a favourite station and embedding malicious format specifiers in the DHCP hostname field, resulting in unauthenticated format-string processing and arbitrary code execution on the controller.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.ruckuswireless.com/security_bulletins/330
N/A
https://sector7.computest.nl/post/2025-07-ruckus-unleashed/
N/A
Hyperlink: https://support.ruckuswireless.com/security_bulletins/330
Resource: N/A
Hyperlink: https://sector7.computest.nl/post/2025-07-ruckus-unleashed/
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-134CWE-134 Use of Externally-Controlled Format String
Type: CWE
CWE ID: CWE-134
Description: CWE-134 Use of Externally-Controlled Format String
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:21 Jul, 2025 | 15:15
Updated At:05 Aug, 2025 | 17:18

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the functions `stamgr_cfg_adpt_addStaFavourite` and `stamgr_cfg_adpt_addStaIot` pass a client hostname directly to snprintf as the format string. A remote attacker can exploit this flaw either by sending a crafted request to the authenticated endpoint `/admin/_conf.jsp`, or without authentication and without direct network access to the controller by spoofing the MAC address of a favourite station and embedding malicious format specifiers in the DHCP hostname field, resulting in unauthenticated format-string processing and arbitrary code execution on the controller.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
ruckuswireless
ruckuswireless
>>ruckus_unleashed>>Versions before 200.15.6.212.14(exclusive)
cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*
ruckuswireless
ruckuswireless
>>ruckus_unleashed>>Versions from 200.17(inclusive) to 200.17.7.0.139(exclusive)
cpe:2.3:a:ruckuswireless:ruckus_unleashed:*:*:*:*:*:*:*:*
ruckuswireless
ruckuswireless
>>ruckus_zonedirector>>Versions before 10.5.1.0.279(exclusive)
cpe:2.3:a:ruckuswireless:ruckus_zonedirector:*:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_c110>>-
cpe:2.3:h:commscope:ruckus_c110:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_e510>>-
cpe:2.3:h:commscope:ruckus_e510:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_h320>>-
cpe:2.3:h:commscope:ruckus_h320:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_h350>>-
cpe:2.3:h:commscope:ruckus_h350:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_h510>>-
cpe:2.3:h:commscope:ruckus_h510:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_h550>>-
cpe:2.3:h:commscope:ruckus_h550:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_m510>>-
cpe:2.3:h:commscope:ruckus_m510:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_m510-jp>>-
cpe:2.3:h:commscope:ruckus_m510-jp:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_r310>>-
cpe:2.3:h:commscope:ruckus_r310:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_r320>>-
cpe:2.3:h:commscope:ruckus_r320:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_r350>>-
cpe:2.3:h:commscope:ruckus_r350:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_r350e>>-
cpe:2.3:h:commscope:ruckus_r350e:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_r510>>-
cpe:2.3:h:commscope:ruckus_r510:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_r550>>-
cpe:2.3:h:commscope:ruckus_r550:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_r560>>-
cpe:2.3:h:commscope:ruckus_r560:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_r610>>-
cpe:2.3:h:commscope:ruckus_r610:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_r650>>-
cpe:2.3:h:commscope:ruckus_r650:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_r670>>-
cpe:2.3:h:commscope:ruckus_r670:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_r710>>-
cpe:2.3:h:commscope:ruckus_r710:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_r720>>-
cpe:2.3:h:commscope:ruckus_r720:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_r730>>-
cpe:2.3:h:commscope:ruckus_r730:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_r750>>-
cpe:2.3:h:commscope:ruckus_r750:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_r760>>-
cpe:2.3:h:commscope:ruckus_r760:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_r770>>-
cpe:2.3:h:commscope:ruckus_r770:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_r850>>-
cpe:2.3:h:commscope:ruckus_r850:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_t310c>>-
cpe:2.3:h:commscope:ruckus_t310c:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_t310n>>-
cpe:2.3:h:commscope:ruckus_t310n:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_t310s>>-
cpe:2.3:h:commscope:ruckus_t310s:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_t350c>>-
cpe:2.3:h:commscope:ruckus_t350c:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_t350d>>-
cpe:2.3:h:commscope:ruckus_t350d:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_t350se>>-
cpe:2.3:h:commscope:ruckus_t350se:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_t610>>-
cpe:2.3:h:commscope:ruckus_t610:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_t670>>-
cpe:2.3:h:commscope:ruckus_t670:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_t710>>-
cpe:2.3:h:commscope:ruckus_t710:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_t710s>>-
cpe:2.3:h:commscope:ruckus_t710s:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_t750>>-
cpe:2.3:h:commscope:ruckus_t750:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_t750se>>-
cpe:2.3:h:commscope:ruckus_t750se:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_t811-cm>>-
cpe:2.3:h:commscope:ruckus_t811-cm:-:*:*:*:*:*:*:*
commscope
commscope
>>ruckus_t811-cm_\(non-sfp\)>>-
cpe:2.3:h:commscope:ruckus_t811-cm_\(non-sfp\):-:*:*:*:*:*:*:*
commscope
commscope
>>zonedirector_1200>>-
cpe:2.3:h:commscope:zonedirector_1200:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-134Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-134
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://sector7.computest.nl/post/2025-07-ruckus-unleashed/cve@mitre.org
Exploit
Third Party Advisory
https://support.ruckuswireless.com/security_bulletins/330cve@mitre.org
Product
Hyperlink: https://sector7.computest.nl/post/2025-07-ruckus-unleashed/
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://support.ruckuswireless.com/security_bulletins/330
Source: cve@mitre.org
Resource:
Product

Change History

0
Information is not available yet

Similar CVEs

66Records found
CVE-2025-40600
Matching Score-4
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-4
Assigner-SonicWall, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 23.52%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 21:11
Updated-11 Aug, 2025 | 14:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a remote unauthenticated attacker to cause service disruption.

Action-Not Available
Vendor-SonicWall Inc.
Product-tz570tz570wtz470wnssp_13700nsv870nsv470nsv270nssp_11700nsa_2700sonicosnsa_3700nsa_5700tz570pnssp_15700tz670tz370wtz270tz270wtz470nsa_4700nsa_6700tz370nssp_10700SonicOS
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2018-10388
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-18.15% / 94.94%
||
7 Day CHG~0.00%
Published-23 Dec, 2019 | 22:45
Updated-05 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerability in the logMess function in TFTP Server SP 1.66 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via format string sequences in a TFTP error packet.

Action-Not Available
Vendor-open_tftp_server_projectn/a
Product-open_tftp_servern/a
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2018-10389
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.74% / 85.39%
||
7 Day CHG~0.00%
Published-23 Dec, 2019 | 22:45
Updated-05 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerability in the logMess function in TFTP Server MT 1.65 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via format string sequences in a TFTP error packet.

Action-Not Available
Vendor-open_tftp_server_projectn/a
Product-open_tftp_servern/a
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2020-27853
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.32% / 88.45%
||
7 Day CHG~0.00%
Published-27 Oct, 2020 | 17:53
Updated-04 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wire before 2020-10-16 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a format string. This affects Wire AVS (Audio, Video, and Signaling) 5.3 through 6.x before 6.4, the Wire Secure Messenger application before 3.49.918 for Android, and the Wire Secure Messenger application before 3.61 for iOS. This occurs via the value parameter to sdp_media_set_lattr in peerflow/sdp.c.

Action-Not Available
Vendor-wiren/a
Product-wirewire_-_audio\,_video\,_and_signalingwire_secure_messengern/a
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2022-3023
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.2||MEDIUM
EPSS-0.08% / 25.31%
||
7 Day CHG~0.00%
Published-04 Nov, 2022 | 00:00
Updated-02 May, 2025 | 13:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use of Externally-Controlled Format String in pingcap/tidb

Use of Externally-Controlled Format String in GitHub repository pingcap/tidb prior to 6.4.0, 6.1.3.

Action-Not Available
Vendor-pingcappingcap
Product-tidbpingcap/tidb
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2022-35244
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-9.8||CRITICAL
EPSS-0.25% / 47.78%
||
7 Day CHG+0.02%
Published-25 Oct, 2022 | 16:34
Updated-15 Apr, 2025 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A format string injection vulnerability exists in the XCMD getVarHA functionality of abode systems, inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to memory corruption, information disclosure, and denial of service. An attacker can send a malicious XML payload to trigger this vulnerability.

Action-Not Available
Vendor-goabodeabode systems, inc.
Product-iota_all-in-one_security_kitiota_all-in-one_security_kit_firmwareiota All-In-One Security Kit
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2022-27177
Matching Score-4
Assigner-Netflix, Inc.
ShareView Details
Matching Score-4
Assigner-Netflix, Inc.
CVSS Score-9.8||CRITICAL
EPSS-2.14% / 83.49%
||
7 Day CHG~0.00%
Published-01 Apr, 2022 | 22:17
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Python format string issue leading to information disclosure and potentially remote code execution in ConsoleMe for all versions prior to 1.2.2

Action-Not Available
Vendor-netflixn/a
Product-consolemeConsoleMe
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2020-13160
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-77.94% / 98.97%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 16:36
Updated-04 Aug, 2024 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution.

Action-Not Available
Vendor-anydeskn/aLinux Kernel Organization, IncFreeBSD Foundation
Product-freebsdanydesklinux_kerneln/a
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2022-26674
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-4.55% / 88.74%
||
7 Day CHG~0.00%
Published-22 Apr, 2022 | 06:50
Updated-16 Sep, 2024 | 17:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASUS RT-AX88U - Format String

ASUS RT-AX88U has a Format String vulnerability, which allows an unauthenticated remote attacker to write to arbitrary memory address and perform remote arbitrary code execution, arbitrary system operation or disrupt service.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-rt-ax88u_firmwarert-ax88uRT-AX88U
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2023-5746
Matching Score-4
Assigner-Synology Inc.
ShareView Details
Matching Score-4
Assigner-Synology Inc.
CVSS Score-9.8||CRITICAL
EPSS-5.89% / 90.23%
||
7 Day CHG~0.00%
Published-24 Oct, 2023 | 07:32
Updated-12 Sep, 2024 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability regarding use of externally-controlled format string is found in the cgi component. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.5-0185 may be affected: BC500 and TC500.

Action-Not Available
Vendor-Synology, Inc.
Product-bc500_firmwaretc500_firmwarebc500tc500Camera Firmwarecamera_firmware
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2020-1992
Matching Score-4
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Palo Alto Networks, Inc.
CVSS Score-8.1||HIGH
EPSS-2.29% / 84.06%
||
7 Day CHG~0.00%
Published-08 Apr, 2020 | 18:41
Updated-17 Sep, 2024 | 03:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PAN-OS on PA-7000 Series: Varrcvr daemon network-based denial of service or privilege escalation

A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-7000 Series devices with a Log Forwarding Card (LFC) allows remote attackers to crash the daemon creating a denial of service condition or potentially execute code with root privileges. This issue affects Palo Alto Networks PAN-OS 9.0 versions before 9.0.7; PAN-OS 9.1 versions before 9.1.2 on PA-7000 Series devices with an LFC installed and configured. This issue requires WildFire services to be configured and enabled. This issue does not affect PAN-OS 8.1 and earlier releases. This issue does not affect any other PA Series firewalls.

Action-Not Available
Vendor-Palo Alto Networks, Inc.
Product-pan-ospa-7050pa-7080PAN-OS
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2019-6840
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-0.50% / 65.10%
||
7 Day CHG~0.00%
Published-17 Sep, 2019 | 19:19
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Format String: CWE-134 vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15), which could allow an attacker to send a crafted message to the target server, thereby causing arbitrary commands to be executed.

Action-Not Available
Vendor-
Product-meg6260-0415_firmwaremeg6260-0410meg6501-0002meg6501-0001_firmwaremeg6260-0410_firmwaremeg6501-0001meg6260-0415meg6501-0002_firmwareU.motion Server
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2023-35087
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-1.06% / 76.71%
||
7 Day CHG~0.00%
Published-21 Jul, 2023 | 07:11
Updated-24 Oct, 2024 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASUS RT-AX56U V2 & RT-AC86U - Format String - 2

It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by lacking validation for a specific value when calling cm_processChangedConfigMsg in ccm_processREQ_CHANGED_CONFIG function in AiMesh system. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service. This issue affects RT-AX56U V2: 3.0.0.4.386_50460; RT-AC86U: 3.0.0.4_386_51529.

Action-Not Available
Vendor-ASUS (ASUSTeK Computer Inc.)
Product-rt-ax56u_v2rt-ax56u_v2_firmwarert-ac86u_firmwarert-ac86uRT-AX56U V2RT-AC86Urt-ax56u_v2rt-ac86u
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2021-41193
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.55% / 80.66%
||
7 Day CHG~0.00%
Published-01 Mar, 2022 | 18:25
Updated-23 Apr, 2025 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use of Externally-Controlled Format String in wire-avs

wire-avs is the audio visual signaling (AVS) component of Wire, an open-source messenger. A remote format string vulnerability in versions prior to 7.1.12 allows an attacker to cause a denial of service or possibly execute arbitrary code. The issue has been fixed in wire-avs 7.1.12. There are currently no known workarounds.

Action-Not Available
Vendor-wirewireapp
Product-wire-audio_video_signalingwire-avs
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2022-35876
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.2||HIGH
EPSS-0.11% / 29.45%
||
7 Day CHG+0.01%
Published-25 Oct, 2022 | 16:34
Updated-15 Apr, 2025 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a configuration value and then execute an XCMD to trigger these vulnerabilities.This vulnerability arises from format string injection via the `default_key_id` and `key` configuration parameters, as used within the `testWifiAP` XCMD handler

Action-Not Available
Vendor-goabodeabode systems, inc.
Product-iota_all-in-one_security_kit_firmwareiota All-In-One Security Kit
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2024-4641
Matching Score-4
Assigner-Moxa Inc.
ShareView Details
Matching Score-4
Assigner-Moxa Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.36% / 57.03%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 09:23
Updated-18 Sep, 2024 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OnCell G3470A-LTE Series: Authenticated Format String Errors

OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to accepting a format string from an external source as an argument. An attacker could modify an externally controlled format string to cause a memory leak and denial of service.

Action-Not Available
Vendor-Moxa Inc.
Product-oncell_g3470a-lte-eu-t_firmwareoncell_g3470a-lte-us-toncell_g3470a-lte-us-t_firmwareoncell_g3470a-lte-eu_firmwareoncell_g3470a-lte-eu-toncell_g3470a-lte-us_firmwareoncell_g3470a-lte-euoncell_g3470a-lte-usOnCell G3150A-LTE Seriesoncell_g3470a-lte-us
CWE ID-CWE-134
Use of Externally-Controlled Format String
  • Previous
  • 1
  • 2
  • Next
Details not found