Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-12847

Summary
Assigner-GV
Assigner Org ID-0df08a0e-a200-4957-9bb0-084f562506f9
Published At-24 Jun, 2026 | 03:34
Updated At-24 Jun, 2026 | 13:16
Rejected At-
Credits

GeoVision GV-I/O Box DVRSearch buffer overflow vulnerabilities in CMD_IP_SET command

GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with it. Upon receiving a UDP message, the server reads at most 1460 bytes into a local buffer and a pointer to the buffer is stored in a global variable: #### Gateway field stack overflow The following code is vulnerable to a stack overflow that is attacker-controlled: v7 = strlen(g_network_config->gateway); memcpy(&reply_buf[216], g_network_config->gateway, v7);

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GV
Assigner Org ID:0df08a0e-a200-4957-9bb0-084f562506f9
Published At:24 Jun, 2026 | 03:34
Updated At:24 Jun, 2026 | 13:16
Rejected At:
▼CVE Numbering Authority (CNA)
GeoVision GV-I/O Box DVRSearch buffer overflow vulnerabilities in CMD_IP_SET command

GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with it. Upon receiving a UDP message, the server reads at most 1460 bytes into a local buffer and a pointer to the buffer is stored in a global variable: #### Gateway field stack overflow The following code is vulnerable to a stack overflow that is attacker-controlled: v7 = strlen(g_network_config->gateway); memcpy(&reply_buf[216], g_network_config->gateway, v7);

Affected Products
Vendor
GeoVision Inc.
Product
GV-I/O Box 4E
Platforms
  • Linux
Default Status
unaffected
Versions
Affected
  • V2.09
Unaffected
  • v2.12
Problem Types
TypeCWE IDDescription
CWECWE-121CWE-121 Stack-based buffer overflow
Type: CWE
CWE ID: CWE-121
Description: CWE-121 Stack-based buffer overflow
Metrics
VersionBase scoreBase severityVector
3.110.0CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 10.0
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-100CAPEC-100 Overflow Buffers
CAPEC ID: CAPEC-100
Description: CAPEC-100 Overflow Buffers
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Philippe Laulheret of Cisco Talos
remediation reviewer
Kelly Patterson of Cisco Talos
coordinator
Robert Sherwin of Cisco Talos
Timeline
EventDate
Finder Reports Vulnerabilties to Vendor2026-04-21 07:34:00
Event: Finder Reports Vulnerabilties to Vendor
Date: 2026-04-21 07:34:00
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.geovision.com.tw/cyber_security.php
vendor-advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2026-2377
third-party-advisory
Hyperlink: https://www.geovision.com.tw/cyber_security.php
Resource:
vendor-advisory
Hyperlink: https://talosintelligence.com/vulnerability_reports/TALOS-2026-2377
Resource:
third-party-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:0df08a0e-a200-4957-9bb0-084f562506f9
Published At:24 Jun, 2026 | 05:17
Updated At:25 Jun, 2026 | 14:02

GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with it. Upon receiving a UDP message, the server reads at most 1460 bytes into a local buffer and a pointer to the buffer is stored in a global variable: #### Gateway field stack overflow The following code is vulnerable to a stack overflow that is attacker-controlled: v7 = strlen(g_network_config->gateway); memcpy(&reply_buf[216], g_network_config->gateway, v7);

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.110.0CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
N/A
Type: Secondary
Version: 3.1
Base score: 10.0
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-121Secondary0df08a0e-a200-4957-9bb0-084f562506f9
CWE ID: CWE-121
Type: Secondary
Source: 0df08a0e-a200-4957-9bb0-084f562506f9
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://talosintelligence.com/vulnerability_reports/TALOS-2026-23770df08a0e-a200-4957-9bb0-084f562506f9
N/A
https://www.geovision.com.tw/cyber_security.php0df08a0e-a200-4957-9bb0-084f562506f9
N/A
Hyperlink: https://talosintelligence.com/vulnerability_reports/TALOS-2026-2377
Source: 0df08a0e-a200-4957-9bb0-084f562506f9
Resource: N/A
Hyperlink: https://www.geovision.com.tw/cyber_security.php
Source: 0df08a0e-a200-4957-9bb0-084f562506f9
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

39Records found

CVE-2026-12846
Matching Score-10
Assigner-0df08a0e-a200-4957-9bb0-084f562506f9
ShareView Details
Matching Score-10
Assigner-0df08a0e-a200-4957-9bb0-084f562506f9
CVSS Score-10||CRITICAL
EPSS-0.43% / 34.36%
||
7 Day CHG~0.00%
Published-24 Jun, 2026 | 03:34
Updated-25 Jun, 2026 | 14:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GeoVision GV-I/O Box DVRSearch buffer overflow vulnerabilities in CMD_IP_SET command

GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with it. Upon receiving a UDP message, the server reads at most 1460 bytes into a local buffer and a pointer to the buffer is stored in a global variable: #### Net Mask field stack overflow The following code is vulnerable to a stack overflow that is attacker-controlled: v6 = strlen(g_network_config->net_mask); memcpy(&reply_buf[184], g_network_config->net_mask, v6);

Action-Not Available
Vendor-GeoVision Inc.
Product-GV-I/O Box 4E
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-12848
Matching Score-10
Assigner-0df08a0e-a200-4957-9bb0-084f562506f9
ShareView Details
Matching Score-10
Assigner-0df08a0e-a200-4957-9bb0-084f562506f9
CVSS Score-10||CRITICAL
EPSS-0.43% / 34.36%
||
7 Day CHG~0.00%
Published-24 Jun, 2026 | 03:34
Updated-25 Jun, 2026 | 14:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GeoVision GV-I/O Box DVRSearch buffer overflow vulnerabilities in CMD_IP_SET command

GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with it. Upon receiving a UDP message, the server reads at most 1460 bytes into a local buffer and a pointer to the buffer is stored in a global variable: #### DNS field stack overflow The following code is vulnerable to a stack overflow that is attacker-controlled: v8 = strlen(g_network_config->dns_addr); memcpy(&reply_buf[248], g_network_config->dns_addr, v8);

Action-Not Available
Vendor-GeoVision Inc.
Product-GV-I/O Box 4E
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-12485
Matching Score-10
Assigner-0df08a0e-a200-4957-9bb0-084f562506f9
ShareView Details
Matching Score-10
Assigner-0df08a0e-a200-4957-9bb0-084f562506f9
CVSS Score-10||CRITICAL
EPSS-0.44% / 35.03%
||
7 Day CHG~0.00%
Published-24 Jun, 2026 | 03:34
Updated-25 Jun, 2026 | 14:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GeoVision GV-I/O Box DVRSearch buffer overflow vulnerabilities in CMD_IP_SET command

GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with it. Upon receiving a UDP message, the server reads at most 1460 bytes into a local buffer and a pointer to the buffer is stored in a global variable: #### IP field stack overflow The following code is vulnerable to a stack overflow that is attacker-controlled: v3 = strlen(g_network_config->ip_addr); memcpy(&reply_buf[36], g_network_config->ip_addr, v3);

Action-Not Available
Vendor-GeoVision Inc.
Product-GV-I/O Box 4E
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-42369
Matching Score-8
Assigner-0df08a0e-a200-4957-9bb0-084f562506f9
ShareView Details
Matching Score-8
Assigner-0df08a0e-a200-4957-9bb0-084f562506f9
CVSS Score-10||CRITICAL
EPSS-0.51% / 39.98%
||
7 Day CHG~0.00%
Published-04 May, 2026 | 00:47
Updated-19 May, 2026 | 15:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GeoVision GV-VMS V20 WebCam Server stack overflow vulnerability

GV-VMS V20 is a Video Monitoring Software used to gather the feeds of many surveillance cameras and manage other security devices. It is a native application accessed locally, but it is also possible to enable remote access via the "WebCam Server" feature. Once enabled, it is possible to access to the management and monitoring feature via a regular Web interface. This webersever is another native application, compiled without ASLR, which makes exploitation much easier and more likely. Most of the features require authentication before being reachable and leverage a standard login page to grant access. However the `gvapi` endpoint uses its own authentication mechanism via an `HTTP Authorization` header. It supports both `Basic` authentication and the `Digest` modes of authentication.   #### Stack-overflow via unbound copy of base64 decoded string The `b64decoder` string is sized dynamically, but it is then copied to the `Buffer` stack variable one character at the time at [0], and there's no bound-check. As such, if the decoded string is bigger than 256 characters (the size of the `Buffer` variable) then a stack overflow occurs. Because the data can be fully controlled by an attacker and lack of ASLR, this vulnerability can easily be exploited to gain full code execution as SYSTEM on the machine running the service.

Action-Not Available
Vendor-GeoVision Inc.
Product-GV-VMS V20.0.2
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-57879
Matching Score-6
Assigner-0df08a0e-a200-4957-9bb0-084f562506f9
ShareView Details
Matching Score-6
Assigner-0df08a0e-a200-4957-9bb0-084f562506f9
CVSS Score-9.8||CRITICAL
EPSS-0.53% / 40.86%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 07:17
Updated-26 Jun, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GV-LPC2011/LPC2211 - unauthorized buffer overflow via AuthMode/AuthValue path (ssvr)

An unauthenticated stack-based buffer overflow vulnerability exists in ssvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing RTSP custom authentication data. A remote attacker may exploit this vulnerability by sending a crafted RTSP request, resulting in memory corruption, denial of service, or potentially arbitrary code execution.

Action-Not Available
Vendor-GeoVision Inc.
Product-GV-LPCLPC2011/2211
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-57881
Matching Score-6
Assigner-0df08a0e-a200-4957-9bb0-084f562506f9
ShareView Details
Matching Score-6
Assigner-0df08a0e-a200-4957-9bb0-084f562506f9
CVSS Score-9.8||CRITICAL
EPSS-0.38% / 29.56%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 07:17
Updated-26 Jun, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GV-LPC2011/LPC2211 - unauthorized stack-based buffer overflow vulnerability (vlsvr)

An unauthenticated stack-based buffer overflow vulnerability exists in vlsvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient length validation when processing remote login data. A remote attacker may exploit this vulnerability by sending crafted login data with overly long input, resulting in memory corruption, denial of service, or potentially arbitrary code execution.

Action-Not Available
Vendor-GeoVision Inc.
Product-GV-LPCLPC2011/2211
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-57878
Matching Score-6
Assigner-0df08a0e-a200-4957-9bb0-084f562506f9
ShareView Details
Matching Score-6
Assigner-0df08a0e-a200-4957-9bb0-084f562506f9
CVSS Score-9.8||CRITICAL
EPSS-0.53% / 40.93%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 07:17
Updated-26 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GV-LPC2011/LPC2211 - unauthorized buffer overflow vulnerability (thttpd)

An unauthenticated stack-based buffer overflow vulnerability exists in thttpd in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing web request parameters in a specific request path. A remote attacker may exploit this vulnerability by sending a crafted HTTP request with overly long input, resulting in memory corruption, denial of service, or potentially arbitrary code execution.

Action-Not Available
Vendor-GeoVision Inc.
Product-GV-LPCLPC2011/2211
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-57880
Matching Score-6
Assigner-0df08a0e-a200-4957-9bb0-084f562506f9
ShareView Details
Matching Score-6
Assigner-0df08a0e-a200-4957-9bb0-084f562506f9
CVSS Score-9.8||CRITICAL
EPSS-0.53% / 40.86%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 07:17
Updated-26 Jun, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GV-LPC2011/LPC2211 - unauthorized buffer overflow via RTSP Digest username (ssvr)

An unauthenticated stack-based buffer overflow vulnerability exists in ssvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when parsing RTSP Digest authentication fields. A remote attacker may exploit this vulnerability by sending a crafted RTSP request containing overly long authentication data, resulting in memory corruption, denial of service, or potentially arbitrary code execution.

Action-Not Available
Vendor-GeoVision Inc.
Product-GV-LPCLPC2011/2211
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-12488
Matching Score-6
Assigner-0df08a0e-a200-4957-9bb0-084f562506f9
ShareView Details
Matching Score-6
Assigner-0df08a0e-a200-4957-9bb0-084f562506f9
CVSS Score-6.2||MEDIUM
EPSS-0.20% / 9.70%
||
7 Day CHG~0.00%
Published-24 Jun, 2026 | 03:34
Updated-25 Jun, 2026 | 14:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GeoVision GV-VMS V20 GV-Cloud memory corruption vulnerability

A memory corruption vulnerability exists in the GV-Cloud functionality of GeoVision GV-VMS V20 20.0.2.  A specially crafted network request can lead to a denial of service. An attacker can impersonate the legitimate server to trigger this vulnerability.

Action-Not Available
Vendor-GeoVision Inc.
Product-GeoVision
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2022-20702
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-10||CRITICAL
EPSS-4.60% / 90.51%
||
7 Day CHG+0.29%
Published-10 Feb, 2022 | 17:06
Updated-06 Nov, 2024 | 16:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV Series Routers Vulnerabilities

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv260_firmwarerv340_firmwarerv345prv345rv160w_firmwarerv345p_firmwarerv160_firmwarerv260w_firmwarerv340w_firmwarerv160wrv260rv260wrv340wrv260prv345_firmwarerv340rv260p_firmwarerv160Cisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-20704
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-10||CRITICAL
EPSS-2.30% / 81.16%
||
7 Day CHG+0.15%
Published-10 Feb, 2022 | 17:06
Updated-06 Nov, 2024 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV Series Routers Vulnerabilities

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv260_firmwarerv340_firmwarerv345prv345rv160w_firmwarerv345p_firmwarerv160_firmwarerv260w_firmwarerv340w_firmwarerv160wrv260rv260wrv340wrv260prv345_firmwarerv340rv260p_firmwarerv160Cisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-20712
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-10||CRITICAL
EPSS-3.03% / 85.87%
||
7 Day CHG+0.11%
Published-10 Feb, 2022 | 17:06
Updated-06 Nov, 2024 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV Series Routers Vulnerabilities

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv340_firmwarerv340wrv345prv345rv345_firmwarerv345p_firmwarerv340rv340w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-20701
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-10||CRITICAL
EPSS-9.75% / 94.94%
||
7 Day CHG+0.60%
Published-10 Feb, 2022 | 17:06
Updated-28 Oct, 2025 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-17||Apply updates per vendor instructions.
Cisco Small Business RV Series Routers Vulnerabilities

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv340w_firmwarerv340wrv340_firmwarerv345p_firmwarerv340rv345rv345_firmwarerv345pCisco Small Business RV Series Router FirmwareSmall Business RV160, RV260, RV340, and RV345 Series Routers
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-20705
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-10||CRITICAL
EPSS-80.03% / 99.57%
||
7 Day CHG~0.00%
Published-10 Feb, 2022 | 17:06
Updated-06 Nov, 2024 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV Series Routers Vulnerabilities

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv260_firmwarerv340_firmwarerv345prv345rv160w_firmwarerv345p_firmwarerv160_firmwarerv260w_firmwarerv340w_firmwarerv160wrv260rv260wrv340wrv260prv345_firmwarerv340rv260p_firmwarerv160Cisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-20699
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-10||CRITICAL
EPSS-72.46% / 99.37%
||
7 Day CHG~0.00%
Published-10 Feb, 2022 | 17:06
Updated-28 Oct, 2025 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-17||Apply updates per vendor instructions.
Cisco Small Business RV Series Routers Vulnerabilities

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv340w_firmwarerv340wrv340_firmwarerv345p_firmwarerv340rv345rv345_firmwarerv345pCisco Small Business RV Series Router FirmwareSmall Business RV160, RV260, RV340, and RV345 Series Routers
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2022-20707
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-10||CRITICAL
EPSS-75.32% / 99.45%
||
7 Day CHG~0.00%
Published-10 Feb, 2022 | 17:06
Updated-06 Nov, 2024 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV Series Routers Vulnerabilities

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv340_firmwarerv340wrv345prv345rv345_firmwarerv345p_firmwarerv340rv340w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-20700
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-10||CRITICAL
EPSS-5.66% / 92.02%
||
7 Day CHG+0.21%
Published-10 Feb, 2022 | 17:06
Updated-28 Oct, 2025 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-17||Apply updates per vendor instructions.
Cisco Small Business RV Series Routers Vulnerabilities

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv340w_firmwarerv260rv160rv160wrv160w_firmwarerv345_firmwarerv345prv260prv160_firmwarerv260w_firmwarerv260wrv260p_firmwarerv340wrv340_firmwarerv345p_firmwarerv340rv260_firmwarerv345Cisco Small Business RV Series Router FirmwareSmall Business RV160, RV260, RV340, and RV345 Series Routers
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-20709
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-10||CRITICAL
EPSS-3.80% / 88.70%
||
7 Day CHG+0.24%
Published-10 Feb, 2022 | 17:06
Updated-06 Nov, 2024 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV Series Routers Vulnerabilities

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv340_firmwarerv340wrv345prv345rv345_firmwarerv345p_firmwarerv340rv340w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-3943
Matching Score-4
Assigner-Kaspersky
ShareView Details
Matching Score-4
Assigner-Kaspersky
CVSS Score-10||CRITICAL
EPSS-0.95% / 56.85%
||
7 Day CHG~0.00%
Published-21 May, 2024 | 13:32
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple buffer overflow in ZkTeco-based OEM devices

Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.

Action-Not Available
Vendor-ZKTeco Co., Ltd.
Product-ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0smartec_st_fr041mesmartec_st_fr043facedepot_7b
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-37541
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||CRITICAL
EPSS-0.68% / 47.80%
||
7 Day CHG~0.00%
Published-01 May, 2026 | 00:00
Updated-20 May, 2026 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3.3.005. In canformat_gvret.cpp, the length field in GVRET binary data is not properly validated, allowing remote attackers to cause a denial of service or possibly execute arbitrary code via crafted GVRET frames.

Action-Not Available
Vendor-openvehiclesn/a
Product-open_vehicle_monitoring_systemopen_vehicle_monitoring_system_firmwaren/a
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2021-26727
Matching Score-4
Assigner-Nozomi Networks Inc.
ShareView Details
Matching Score-4
Assigner-Nozomi Networks Inc.
CVSS Score-10||CRITICAL
EPSS-2.28% / 81.05%
||
7 Day CHG~0.00%
Published-24 Oct, 2022 | 00:00
Updated-07 May, 2025 | 14:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
spx_restservice SubNet_handler_func Multiple Command Injections and Stack-Based Buffer Overflows

Multiple command injections and stack-based buffer overflows vulnerabilities in the SubNet_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.

Action-Not Available
Vendor-lannerincLanner Inc
Product-iac-ast2500a_firmwareiac-ast2500aIAC-AST2500A
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-26728
Matching Score-4
Assigner-Nozomi Networks Inc.
ShareView Details
Matching Score-4
Assigner-Nozomi Networks Inc.
CVSS Score-10||CRITICAL
EPSS-2.28% / 81.05%
||
7 Day CHG~0.00%
Published-24 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
spx_restservice KillDupUsr_func Command Injection and Stack-Based Buffer Overflow

Command injection and stack-based buffer overflow vulnerabilities in the KillDupUsr_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.

Action-Not Available
Vendor-lannerincLanner Inc
Product-iac-ast2500a_firmwareiac-ast2500aIAC-AST2500A
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-21960
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-10||CRITICAL
EPSS-2.64% / 83.71%
||
7 Day CHG+0.17%
Published-04 Feb, 2022 | 22:29
Updated-15 Apr, 2025 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in both the LLMNR functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted network packet can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability.

Action-Not Available
Vendor-sealeveln/a
Product-seaconnect_370w_firmwareseaconnect_370wSealevel
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2024-39791
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-10||CRITICAL
EPSS-1.11% / 62.02%
||
7 Day CHG~0.00%
Published-08 Aug, 2024 | 19:36
Updated-21 Aug, 2024 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vonets WiFi Bridges Stack-based Buffer Overflow

Stack-based buffer overflow vulnerabilities affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated remote attacker to execute arbitrary code.

Action-Not Available
Vendor-vonetsVonetsvonets
Product-vap11g-500s_firmwarevap11g-500_firmwarevga-1000var1200-hvap11n-300_firmwarevar1200-l_firmwarevbg1200var1200-lvap11g-500svap11ac_firmwarevar600-h_firmwarevap11s-5g_firmwarevga-1000_firmwarevar1200-h_firmwarevap11n-300vap11g-500vap11g-300_firmwarevar11n-300vap11s-5gvap11g-300vap11s_firmwarevap11gvap11acvbg1200_firmwarevap11svap11g_firmwarevar600-hvar11n-300_firmwareVAP11S-5GVAP11N-300VBG1200VAP11GVAR11N-300VGA-1000VAR1200-LVAR1200-HVAP11SVAP11G-300VAP11G-500VAP11G-500SVAP11ACVAR600-Hvap11g-500s_firmwarevap11n-300_firmwarevap11s_firmwarevar1200-l_firmwarevbg1200_firmwarevap11ac_firmwarevar600-h_firmwarevap11s-5g_firmwarevga-1000_firmwarevap11g_firmwarevar1200-h_firmwarevap11g-300_firmwarevar11n-300_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-36258
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-10||CRITICAL
EPSS-12.45% / 95.72%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 14:21
Updated-21 Aug, 2025 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-WAVLINK Technology Ltd.
Product-wl-wn533a8_firmwarewl-wn533a8Wavlink AC3000
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2020-14498
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.6||CRITICAL
EPSS-2.90% / 85.26%
||
7 Day CHG~0.00%
Published-26 Aug, 2020 | 13:30
Updated-23 Feb, 2026 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HMS Industrial Networks AB eCatcher Stack-based Buffer Overflow

HMS Industrial Networks AB eCatcher all versions prior to 6.5.5 is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.

Action-Not Available
Vendor-hms-networksHMS Industrial Networks AB
Product-ecatchereCatcher
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-20230
Matching Score-4
Assigner-CPAN Security Group
ShareView Details
Matching Score-4
Assigner-CPAN Security Group
CVSS Score-10||CRITICAL
EPSS-0.64% / 46.23%
||
7 Day CHG~0.00%
Published-21 Apr, 2026 | 15:26
Updated-22 Apr, 2026 | 17:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Storable versions before 3.05 for Perl has a stack overflow

Storable versions before 3.05 for Perl has a stack overflow. The retrieve_hook function stored the length of the class name into a signed integer but in read operations treated the length as unsigned. This allowed an attacker to craft data that could trigger the overflow.

Action-Not Available
Vendor-nwclarkNWCLARK
Product-storableStorable
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2022-2972
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-10||CRITICAL
EPSS-1.10% / 61.53%
||
7 Day CHG~0.00%
Published-23 Sep, 2022 | 15:28
Updated-16 Apr, 2025 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MZ Automation libIEC61850 Stack-Based Buffer Overflow

MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) is vulnerable to a stack-based buffer overflow, which could allow an attacker to crash the device or remotely execute arbitrary code.

Action-Not Available
Vendor-mz-automationMZ Automation
Product-libiec61850libIEC61850
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-20703
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-10||CRITICAL
EPSS-9.20% / 94.71%
||
7 Day CHG+0.57%
Published-10 Feb, 2022 | 17:06
Updated-28 Oct, 2025 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-17||Apply updates per vendor instructions.
Cisco Small Business RV Series Routers Vulnerabilities

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv340w_firmwarerv260rv160rv160wrv160w_firmwarerv345_firmwarerv345prv260prv160_firmwarerv260w_firmwarerv260wrv260p_firmwarerv340wrv340_firmwarerv345p_firmwarerv340rv260_firmwarerv345Cisco Small Business RV Series Router FirmwareSmall Business RV160, RV260, RV340, and RV345 Series Routers
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-295
Improper Certificate Validation
CVE-2022-20710
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-10||CRITICAL
EPSS-2.43% / 82.23%
||
7 Day CHG+0.09%
Published-10 Feb, 2022 | 17:06
Updated-06 Nov, 2024 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV Series Routers Vulnerabilities

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv340_firmwarerv340wrv345prv345rv345_firmwarerv345p_firmwarerv340rv340w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-20711
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-10||CRITICAL
EPSS-4.92% / 91.05%
||
7 Day CHG+0.31%
Published-10 Feb, 2022 | 17:06
Updated-06 Nov, 2024 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV Series Routers Vulnerabilities

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv340_firmwarerv340wrv345prv345rv345_firmwarerv345p_firmwarerv340rv340w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-20708
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-10||CRITICAL
EPSS-14.86% / 96.29%
||
7 Day CHG+0.90%
Published-10 Feb, 2022 | 17:06
Updated-28 Oct, 2025 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-17||Apply updates per vendor instructions.
Cisco Small Business RV Series Routers Vulnerabilities

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv340w_firmwarerv340wrv340_firmwarerv345p_firmwarerv340rv345rv345_firmwarerv345pCisco Small Business RV Series Router FirmwareSmall Business RV160, RV260, RV340, and RV345 Series Routers
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-26730
Matching Score-4
Assigner-Nozomi Networks Inc.
ShareView Details
Matching Score-4
Assigner-Nozomi Networks Inc.
CVSS Score-10||CRITICAL
EPSS-0.98% / 57.85%
||
7 Day CHG~0.00%
Published-24 Oct, 2022 | 00:00
Updated-07 May, 2025 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
spx_restservice Login_handler_func Subfunction Stack-Based Buffer Overflow

A stack-based buffer overflow vulnerability in a subfunction of the Login_handler_func function of spx_restservice allows an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.

Action-Not Available
Vendor-lannerincLanner Inc
Product-iac-ast2500a_firmwareiac-ast2500aIAC-AST2500A
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-2970
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-10||CRITICAL
EPSS-1.06% / 60.55%
||
7 Day CHG~0.00%
Published-23 Sep, 2022 | 15:28
Updated-16 Apr, 2025 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MZ Automation libIEC61850 Stack-Based Buffer Overflow

MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior to commit a3b04b7bc4872a5a39e5de3fdc5fbde52c09e10e) does not sanitize input before memcpy is used, which could allow an attacker to crash the device or remotely execute arbitrary code.

Action-Not Available
Vendor-mz-automationMZ Automation
Product-libiec61850libIEC61850
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-20749
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-10||CRITICAL
EPSS-4.01% / 89.30%
||
7 Day CHG+0.15%
Published-10 Feb, 2022 | 17:06
Updated-06 Nov, 2024 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV Series Routers Vulnerabilities

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv340_firmwarerv340wrv345prv345rv345_firmwarerv345p_firmwarerv340rv340w_firmwareCisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-20706
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-10||CRITICAL
EPSS-5.57% / 91.91%
||
7 Day CHG+0.35%
Published-10 Feb, 2022 | 17:06
Updated-06 Nov, 2024 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV Series Routers Vulnerabilities

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv260_firmwarerv340_firmwarerv345prv345rv160w_firmwarerv345p_firmwarerv160_firmwarerv260w_firmwarerv340w_firmwarerv160wrv260rv260wrv340wrv260prv345_firmwarerv340rv260p_firmwarerv160Cisco Small Business RV Series Router Firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-54328
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||CRITICAL
EPSS-0.52% / 40.34%
||
7 Day CHG~0.00%
Published-06 Apr, 2026 | 00:00
Updated-07 Apr, 2026 | 17:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in SMS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. A Stack-based Buffer Overflow occurs while parsing SMS RP-DATA messages.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_2400exynos_1330exynos_980_firmwareexynos_2500_firmwareexynos_2200exynos_1080exynos_1480_firmwareexynos_9110exynos_850exynos_w920exynos_modem_5300_firmwareexynos_1280_firmwareexynos_modem_5400_firmwareexynos_w920_firmwareexynos_850_firmwareexynos_modem_5123exynos_2400_firmwareexynos_1380_firmwareexynos_990exynos_modem_5123_firmwareexynos_990_firmwareexynos_w1000_firmwareexynos_2200_firmwareexynos_w930_firmwareexynos_w930exynos_1330_firmwareexynos_2500exynos_w1000exynos_1080_firmwareexynos_1280exynos_980exynos_9110_firmwareexynos_modem_5400exynos_2100exynos_1580_firmwareexynos_2100_firmwareexynos_modem_5300exynos_1580exynos_1380exynos_1480n/a
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2021-26729
Matching Score-4
Assigner-Nozomi Networks Inc.
ShareView Details
Matching Score-4
Assigner-Nozomi Networks Inc.
CVSS Score-10||CRITICAL
EPSS-2.28% / 81.05%
||
7 Day CHG~0.00%
Published-24 Oct, 2022 | 00:00
Updated-07 May, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
spx_restservice Login_handler_func Command Injection and Multiple Stack-Based Buffer Overflows

Command injection and multiple stack-based buffer overflows vulnerabilities in the Login_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.

Action-Not Available
Vendor-lannerincLanner Inc
Product-iac-ast2500a_firmwareiac-ast2500aIAC-AST2500A
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-21961
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-10||CRITICAL
EPSS-2.64% / 83.71%
||
7 Day CHG+0.17%
Published-04 Feb, 2022 | 22:29
Updated-15 Apr, 2025 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the NBNS functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted network packet can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability.

Action-Not Available
Vendor-sealeveln/a
Product-seaconnect_370w_firmwareseaconnect_370wSealevel
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
Details not found