Common Weakness Enumeration
CWE-121
AllowedStack-based Buffer Overflow
Abstraction: Variant · Status: Draft
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
5212 vulnerabilities reference this CWE, most recent first.
CVE-2025-1876 (GCVE-0-2025-1876)
Vulnerability from cvelistv5 – Published: 2025-03-03 17:00 – Updated: 2025-03-04 16:22 Unsupported When Assigned
VLAI
EPSS
VEX
Title
D-Link DAP-1562 HTTP Header http_request_parse stack-based overflow
Summary
A vulnerability, which was classified as critical, has been found in D-Link DAP-1562 1.10. Affected by this issue is the function http_request_parse of the component HTTP Header Handler. The manipulation of the argument Authorization leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.298190 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.298190 | signaturepermissions-required |
| https://vuldb.com/?submit.506106 | third-party-advisory |
| https://witty-maiasaura-083.notion.site/D-link-DA… | exploit |
| https://www.dlink.com/ | product |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1876",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-04T16:22:51.104479Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T16:22:55.482Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://witty-maiasaura-083.notion.site/D-link-DAP-1562-http_request_parse-Vulnerability-1a4b2f2a636180a2a67de271ad5fe6d7"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"HTTP Header Handler"
],
"product": "DAP-1562",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in D-Link DAP-1562 1.10. Affected by this issue is the function http_request_parse of the component HTTP Header Handler. The manipulation of the argument Authorization leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in D-Link DAP-1562 1.10 entdeckt. Davon betroffen ist die Funktion http_request_parse der Komponente HTTP Header Handler. Mit der Manipulation des Arguments Authorization mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T17:00:08.762Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-298190 | D-Link DAP-1562 HTTP Header http_request_parse stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.298190"
},
{
"name": "VDB-298190 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.298190"
},
{
"name": "Submit #506106 | D-Link DAP-1562 1.10 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.506106"
},
{
"tags": [
"exploit"
],
"url": "https://witty-maiasaura-083.notion.site/D-link-DAP-1562-http_request_parse-Vulnerability-1a4b2f2a636180a2a67de271ad5fe6d7"
},
{
"tags": [
"product"
],
"url": "https://www.dlink.com/"
}
],
"tags": [
"unsupported-when-assigned"
],
"timeline": [
{
"lang": "en",
"time": "2025-03-03T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-03T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-03T13:19:16.000Z",
"value": "VulDB entry last update"
}
],
"title": "D-Link DAP-1562 HTTP Header http_request_parse stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-1876",
"datePublished": "2025-03-03T17:00:08.762Z",
"dateReserved": "2025-03-03T12:14:02.634Z",
"dateUpdated": "2025-03-04T16:22:55.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1853 (GCVE-0-2025-1853)
Vulnerability from cvelistv5 – Published: 2025-03-03 06:00 – Updated: 2025-03-12 21:12
VLAI
EPSS
VEX
Title
Tenda AC8 Parameter SetIpMacBind sub_49E098 stack-based overflow
Summary
A vulnerability was found in Tenda AC8 16.03.34.06 and classified as critical. This issue affects the function sub_49E098 of the file /goform/SetIpMacBind of the component Parameter Handler. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.298121 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.298121 | signaturepermissions-required |
| https://vuldb.com/?submit.505374 | third-party-advisory |
| https://github.com/Raining-101/IOT_cve/blob/main/… | exploit |
| https://www.tenda.com.cn/ | product |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1853",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-03T13:25:29.288026Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T21:12:21.882Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Parameter Handler"
],
"product": "AC8",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.34.06"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Raining101 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda AC8 16.03.34.06 and classified as critical. This issue affects the function sub_49E098 of the file /goform/SetIpMacBind of the component Parameter Handler. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in Tenda AC8 16.03.34.06 gefunden. Es geht hierbei um die Funktion sub_49E098 der Datei /goform/SetIpMacBind der Komponente Parameter Handler. Durch Beeinflussen des Arguments list mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T06:00:08.840Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-298121 | Tenda AC8 Parameter SetIpMacBind sub_49E098 stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.298121"
},
{
"name": "VDB-298121 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.298121"
},
{
"name": "Submit #505374 | Tenda ac8 V16.03.34.06 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.505374"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Raining-101/IOT_cve/blob/main/tenda-ac8_sub_49E098.md"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-02T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-02T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-02T21:15:43.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC8 Parameter SetIpMacBind sub_49E098 stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-1853",
"datePublished": "2025-03-03T06:00:08.840Z",
"dateReserved": "2025-03-02T20:10:34.302Z",
"dateUpdated": "2025-03-12T21:12:21.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1851 (GCVE-0-2025-1851)
Vulnerability from cvelistv5 – Published: 2025-03-03 05:00 – Updated: 2025-03-03 17:19
VLAI
EPSS
VEX
Title
Tenda AC7 SetFirewallCfg formSetFirewallCfg stack-based overflow
Summary
A vulnerability, which was classified as critical, was found in Tenda AC7 up to 15.03.06.44. This affects the function formSetFirewallCfg of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.298119 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.298119 | signaturepermissions-required |
| https://vuldb.com/?submit.505271 | third-party-advisory |
| https://github.com/Raining-101/IOT_cve/blob/main/… | exploit |
| https://www.tenda.com.cn/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Tenda | AC7 |
Affected:
15.03.06.0
Affected: 15.03.06.1 Affected: 15.03.06.2 Affected: 15.03.06.3 Affected: 15.03.06.4 Affected: 15.03.06.5 Affected: 15.03.06.6 Affected: 15.03.06.7 Affected: 15.03.06.8 Affected: 15.03.06.9 Affected: 15.03.06.10 Affected: 15.03.06.11 Affected: 15.03.06.12 Affected: 15.03.06.13 Affected: 15.03.06.14 Affected: 15.03.06.15 Affected: 15.03.06.16 Affected: 15.03.06.17 Affected: 15.03.06.18 Affected: 15.03.06.19 Affected: 15.03.06.20 Affected: 15.03.06.21 Affected: 15.03.06.22 Affected: 15.03.06.23 Affected: 15.03.06.24 Affected: 15.03.06.25 Affected: 15.03.06.26 Affected: 15.03.06.27 Affected: 15.03.06.28 Affected: 15.03.06.29 Affected: 15.03.06.30 Affected: 15.03.06.31 Affected: 15.03.06.32 Affected: 15.03.06.33 Affected: 15.03.06.34 Affected: 15.03.06.35 Affected: 15.03.06.36 Affected: 15.03.06.37 Affected: 15.03.06.38 Affected: 15.03.06.39 Affected: 15.03.06.40 Affected: 15.03.06.41 Affected: 15.03.06.42 Affected: 15.03.06.43 Affected: 15.03.06.44 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1851",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-03T17:19:37.187929Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T17:19:41.764Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/Raining-101/IOT_cve/blob/main/ac7_V15.03.06.44_SetFirewallCfg.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC7",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "15.03.06.0"
},
{
"status": "affected",
"version": "15.03.06.1"
},
{
"status": "affected",
"version": "15.03.06.2"
},
{
"status": "affected",
"version": "15.03.06.3"
},
{
"status": "affected",
"version": "15.03.06.4"
},
{
"status": "affected",
"version": "15.03.06.5"
},
{
"status": "affected",
"version": "15.03.06.6"
},
{
"status": "affected",
"version": "15.03.06.7"
},
{
"status": "affected",
"version": "15.03.06.8"
},
{
"status": "affected",
"version": "15.03.06.9"
},
{
"status": "affected",
"version": "15.03.06.10"
},
{
"status": "affected",
"version": "15.03.06.11"
},
{
"status": "affected",
"version": "15.03.06.12"
},
{
"status": "affected",
"version": "15.03.06.13"
},
{
"status": "affected",
"version": "15.03.06.14"
},
{
"status": "affected",
"version": "15.03.06.15"
},
{
"status": "affected",
"version": "15.03.06.16"
},
{
"status": "affected",
"version": "15.03.06.17"
},
{
"status": "affected",
"version": "15.03.06.18"
},
{
"status": "affected",
"version": "15.03.06.19"
},
{
"status": "affected",
"version": "15.03.06.20"
},
{
"status": "affected",
"version": "15.03.06.21"
},
{
"status": "affected",
"version": "15.03.06.22"
},
{
"status": "affected",
"version": "15.03.06.23"
},
{
"status": "affected",
"version": "15.03.06.24"
},
{
"status": "affected",
"version": "15.03.06.25"
},
{
"status": "affected",
"version": "15.03.06.26"
},
{
"status": "affected",
"version": "15.03.06.27"
},
{
"status": "affected",
"version": "15.03.06.28"
},
{
"status": "affected",
"version": "15.03.06.29"
},
{
"status": "affected",
"version": "15.03.06.30"
},
{
"status": "affected",
"version": "15.03.06.31"
},
{
"status": "affected",
"version": "15.03.06.32"
},
{
"status": "affected",
"version": "15.03.06.33"
},
{
"status": "affected",
"version": "15.03.06.34"
},
{
"status": "affected",
"version": "15.03.06.35"
},
{
"status": "affected",
"version": "15.03.06.36"
},
{
"status": "affected",
"version": "15.03.06.37"
},
{
"status": "affected",
"version": "15.03.06.38"
},
{
"status": "affected",
"version": "15.03.06.39"
},
{
"status": "affected",
"version": "15.03.06.40"
},
{
"status": "affected",
"version": "15.03.06.41"
},
{
"status": "affected",
"version": "15.03.06.42"
},
{
"status": "affected",
"version": "15.03.06.43"
},
{
"status": "affected",
"version": "15.03.06.44"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Raining101 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in Tenda AC7 up to 15.03.06.44. This affects the function formSetFirewallCfg of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in Tenda AC7 bis 15.03.06.44 gefunden. Betroffen hiervon ist die Funktion formSetFirewallCfg der Datei /goform/SetFirewallCfg. Durch Manipulieren des Arguments firewallEn mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T05:00:07.574Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-298119 | Tenda AC7 SetFirewallCfg formSetFirewallCfg stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.298119"
},
{
"name": "VDB-298119 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.298119"
},
{
"name": "Submit #505271 | Tenda ac7 V15.03.06.44 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.505271"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Raining-101/IOT_cve/blob/main/ac7_V15.03.06.44_SetFirewallCfg.md"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-02T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-02T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-02T21:09:38.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC7 SetFirewallCfg formSetFirewallCfg stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-1851",
"datePublished": "2025-03-03T05:00:07.574Z",
"dateReserved": "2025-03-02T20:04:35.439Z",
"dateUpdated": "2025-03-03T17:19:41.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1814 (GCVE-0-2025-1814)
Vulnerability from cvelistv5 – Published: 2025-03-02 11:00 – Updated: 2025-03-03 20:29
VLAI
EPSS
VEX
Title
Tenda AC6 WifiExtraSet stack-based overflow
Summary
A vulnerability, which was classified as critical, has been found in Tenda AC6 15.03.05.16. Affected by this issue is some unknown functionality of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.298082 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.298082 | signaturepermissions-required |
| https://vuldb.com/?submit.506532 | third-party-advisory |
| https://github.com/Raining-101/IOT_cve/blob/main/… | exploit |
| https://www.tenda.com.cn/ | product |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1814",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-03T17:16:31.046219Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T20:29:12.616Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC6",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "15.03.05.16"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Raining101 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Tenda AC6 15.03.05.16. Affected by this issue is some unknown functionality of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in Tenda AC6 15.03.05.16 entdeckt. Dies betrifft einen unbekannten Teil der Datei /goform/WifiExtraSet. Durch Manipulation des Arguments wpapsk_crypto mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-02T11:00:09.784Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-298082 | Tenda AC6 WifiExtraSet stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.298082"
},
{
"name": "VDB-298082 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.298082"
},
{
"name": "Submit #506532 | Tenda AC6 V15.03.05.16 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.506532"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Raining-101/IOT_cve/blob/main/ac6.md_goform_WifiExtraSet.md"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-01T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-01T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-01T10:21:51.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC6 WifiExtraSet stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-1814",
"datePublished": "2025-03-02T11:00:09.784Z",
"dateReserved": "2025-03-01T09:16:37.777Z",
"dateUpdated": "2025-03-03T20:29:12.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1758 (GCVE-0-2025-1758)
Vulnerability from cvelistv5 – Published: 2025-03-19 15:28 – Updated: 2025-03-19 17:32
VLAI
EPSS
VEX
Summary
Improper Input Validation vulnerability in Progress LoadMaster allows : Buffer OverflowThis issue affects:
* LoadMaster: 7.2.40.0 and above
* ECS: All versions
* Multi-Tenancy: 7.1.35.4 and above
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Progress | LoadMaster |
Affected:
7.2.40.0 , < 7.2.61.1
(LoadMaster)
Affected: 7.1.54.4 , < 7.1.35.14 (Multi Tenancy) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1758",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-19T17:32:46.165734Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T17:32:53.423Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "LoadMaster",
"vendor": "Progress",
"versions": [
{
"lessThan": "7.2.61.1",
"status": "affected",
"version": "7.2.40.0",
"versionType": "LoadMaster"
},
{
"lessThan": "7.1.35.14",
"status": "affected",
"version": "7.1.54.4",
"versionType": "Multi Tenancy"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nicholas Zubrisky (@NZubrisky) of Trend Micro Security Research"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability in Progress LoadMaster allows : Buffer Overflow\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003e* LoadMaster: 7.2.40.0 and above\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e* ECS: All versions\u003c/span\u003e\u003c/p\u003e\u003cp\u003e* Multi-Tenancy: 7.1.35.4 and above\u003cbr\u003e\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability in Progress LoadMaster allows : Buffer OverflowThis issue affects:\n\n* LoadMaster: 7.2.40.0 and above\n\n* ECS: All versions\n\n* Multi-Tenancy: 7.1.35.4 and above"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T15:28:09.883Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"url": "https://docs.progress.com/bundle/release-notes_loadmaster-7-2-61-1/page/Security-Updates.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2025-1758",
"datePublished": "2025-03-19T15:28:09.883Z",
"dateReserved": "2025-02-27T16:09:05.410Z",
"dateUpdated": "2025-03-19T17:32:53.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1594 (GCVE-0-2025-1594)
Vulnerability from cvelistv5 – Published: 2025-02-23 21:00 – Updated: 2025-02-24 12:03
VLAI
EPSS
VEX
Title
FFmpeg AAC Encoder aacenc_tns.c ff_aac_search_for_tns stack-based overflow
Summary
A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity
6.3 (Medium)
6.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.296589 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.296589 | signaturepermissions-required |
| https://vuldb.com/?submit.496929 | third-party-advisory |
| https://trac.ffmpeg.org/ticket/11418#comment:3 | issue-tracking |
| https://trac.ffmpeg.org/attachment/ticket/11418/poc | exploitissue-tracking |
| https://ffmpeg.org/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | FFmpeg |
Affected:
3.4.0
Affected: 3.4.1 Affected: 3.4.2 Affected: 3.4.3 Affected: 3.4.4 Affected: 3.4.5 Affected: 3.4.6 Affected: 3.4.7 Affected: 3.4.8 Affected: 3.4.9 Affected: 3.4.10 Affected: 3.4.11 Affected: 3.4.12 Affected: 3.4.13 Affected: 4.2.0 Affected: 4.2.1 Affected: 4.2.2 Affected: 4.2.3 Affected: 4.2.4 Affected: 4.2.5 Affected: 4.2.6 Affected: 4.2.7 Affected: 4.2.8 Affected: 4.2.9 Affected: 4.2.10 Affected: 4.3.0 Affected: 4.3.1 Affected: 4.3.2 Affected: 4.3.3 Affected: 4.3.4 Affected: 4.3.5 Affected: 4.3.6 Affected: 4.3.7 Affected: 4.3.8 Affected: 4.4.0 Affected: 4.4.1 Affected: 4.4.2 Affected: 4.4.3 Affected: 4.4.4 Affected: 4.4.5 Affected: 5.1.0 Affected: 5.1.1 Affected: 5.1.2 Affected: 5.1.3 Affected: 5.1.4 Affected: 5.1.5 Affected: 5.1.6 Affected: 6.1.0 Affected: 6.1.1 Affected: 6.1.2 Affected: 7.0 Affected: 7.0.0 Affected: 7.0.1 Affected: 7.0.2 Affected: 7.1 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1594",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-24T12:02:17.104118Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-24T12:03:02.141Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"AAC Encoder"
],
"product": "FFmpeg",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.4.0"
},
{
"status": "affected",
"version": "3.4.1"
},
{
"status": "affected",
"version": "3.4.2"
},
{
"status": "affected",
"version": "3.4.3"
},
{
"status": "affected",
"version": "3.4.4"
},
{
"status": "affected",
"version": "3.4.5"
},
{
"status": "affected",
"version": "3.4.6"
},
{
"status": "affected",
"version": "3.4.7"
},
{
"status": "affected",
"version": "3.4.8"
},
{
"status": "affected",
"version": "3.4.9"
},
{
"status": "affected",
"version": "3.4.10"
},
{
"status": "affected",
"version": "3.4.11"
},
{
"status": "affected",
"version": "3.4.12"
},
{
"status": "affected",
"version": "3.4.13"
},
{
"status": "affected",
"version": "4.2.0"
},
{
"status": "affected",
"version": "4.2.1"
},
{
"status": "affected",
"version": "4.2.2"
},
{
"status": "affected",
"version": "4.2.3"
},
{
"status": "affected",
"version": "4.2.4"
},
{
"status": "affected",
"version": "4.2.5"
},
{
"status": "affected",
"version": "4.2.6"
},
{
"status": "affected",
"version": "4.2.7"
},
{
"status": "affected",
"version": "4.2.8"
},
{
"status": "affected",
"version": "4.2.9"
},
{
"status": "affected",
"version": "4.2.10"
},
{
"status": "affected",
"version": "4.3.0"
},
{
"status": "affected",
"version": "4.3.1"
},
{
"status": "affected",
"version": "4.3.2"
},
{
"status": "affected",
"version": "4.3.3"
},
{
"status": "affected",
"version": "4.3.4"
},
{
"status": "affected",
"version": "4.3.5"
},
{
"status": "affected",
"version": "4.3.6"
},
{
"status": "affected",
"version": "4.3.7"
},
{
"status": "affected",
"version": "4.3.8"
},
{
"status": "affected",
"version": "4.4.0"
},
{
"status": "affected",
"version": "4.4.1"
},
{
"status": "affected",
"version": "4.4.2"
},
{
"status": "affected",
"version": "4.4.3"
},
{
"status": "affected",
"version": "4.4.4"
},
{
"status": "affected",
"version": "4.4.5"
},
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "5.1.1"
},
{
"status": "affected",
"version": "5.1.2"
},
{
"status": "affected",
"version": "5.1.3"
},
{
"status": "affected",
"version": "5.1.4"
},
{
"status": "affected",
"version": "5.1.5"
},
{
"status": "affected",
"version": "5.1.6"
},
{
"status": "affected",
"version": "6.1.0"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "6.1.2"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
},
{
"status": "affected",
"version": "7.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "0x20z (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in FFmpeg up to 7.1. This affects the function ff_aac_search_for_tns of the file libavcodec/aacenc_tns.c of the component AAC Encoder. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in FFmpeg bis 7.1 gefunden. Betroffen hiervon ist die Funktion ff_aac_search_for_tns der Datei libavcodec/aacenc_tns.c der Komponente AAC Encoder. Durch das Manipulieren mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-23T21:00:13.152Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-296589 | FFmpeg AAC Encoder aacenc_tns.c ff_aac_search_for_tns stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.296589"
},
{
"name": "VDB-296589 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.296589"
},
{
"name": "Submit #496929 | FFmpeg git master stack-buffer-overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.496929"
},
{
"tags": [
"issue-tracking"
],
"url": "https://trac.ffmpeg.org/ticket/11418#comment:3"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://trac.ffmpeg.org/attachment/ticket/11418/poc"
},
{
"tags": [
"product"
],
"url": "https://ffmpeg.org/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-22T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-02-22T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-02-22T23:15:30.000Z",
"value": "VulDB entry last update"
}
],
"title": "FFmpeg AAC Encoder aacenc_tns.c ff_aac_search_for_tns stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-1594",
"datePublished": "2025-02-23T21:00:13.152Z",
"dateReserved": "2025-02-22T22:10:24.824Z",
"dateUpdated": "2025-02-24T12:03:02.141Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1547 (GCVE-0-2025-1547)
Vulnerability from cvelistv5 – Published: 2025-12-04 22:11 – Updated: 2026-02-26 16:57
VLAI
EPSS
VEX
Title
WatchGuard Firebox Authenticated Stack Overflow in Certificate Request Command
Summary
A stack-based buffer overflow vulnerability [CWE-121] in WatchGuard Fireware OS's certificate request command could allow an authenticated privileged user to execute arbitrary code via specially crafted CLI commands.This issue affects Fireware OS: from 12.0 through 12.5.12+701324, from 12.6 through 12.11.2.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| WatchGuard | Fireware OS |
Affected:
12.0 , ≤ 12.5.12+701324
(semver)
Affected: 12.6 , ≤ 12.11.2 (semver) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1547",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-06T04:55:44.969088Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T16:57:31.557Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Fireware OS",
"vendor": "WatchGuard",
"versions": [
{
"lessThanOrEqual": "12.5.12+701324",
"status": "affected",
"version": "12.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "12.11.2",
"status": "affected",
"version": "12.6",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:12.0",
"versionEndIncluding": "12.5.12+701324",
"versionStartIncluding": "12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:12.6",
"versionEndIncluding": "12.11.2",
"versionStartIncluding": "12.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Cody Sixteen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A stack-based buffer overflow vulnerability [CWE-121] in WatchGuard Fireware OS\u0027s certificate request command could allow an authenticated privileged user to execute arbitrary code via specially crafted CLI commands.\u003cp\u003eThis issue affects Fireware OS: from 12.0 through 12.5.12+701324, from 12.6 through 12.11.2.\u003c/p\u003e"
}
],
"value": "A stack-based buffer overflow vulnerability [CWE-121] in WatchGuard Fireware OS\u0027s certificate request command could allow an authenticated privileged user to execute arbitrary code via specially crafted CLI commands.This issue affects Fireware OS: from 12.0 through 12.5.12+701324, from 12.6 through 12.11.2."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T22:11:09.164Z",
"orgId": "5d1c2695-1a31-4499-88ae-e847036fd7e3",
"shortName": "WatchGuard"
},
"references": [
{
"url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00013"
}
],
"source": {
"advisory": "WGSA-2025-00013",
"defect": [
"WGPSIRT-183"
],
"discovery": "EXTERNAL"
},
"title": "WatchGuard Firebox Authenticated Stack Overflow in Certificate Request Command",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5d1c2695-1a31-4499-88ae-e847036fd7e3",
"assignerShortName": "WatchGuard",
"cveId": "CVE-2025-1547",
"datePublished": "2025-12-04T22:11:09.164Z",
"dateReserved": "2025-02-21T10:16:59.942Z",
"dateUpdated": "2026-02-26T16:57:31.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-1539 (GCVE-0-2025-1539)
Vulnerability from cvelistv5 – Published: 2025-02-21 15:00 – Updated: 2025-02-21 15:42 Unsupported When Assigned
VLAI
EPSS
VEX
Title
D-Link DAP-1320 storagein.pd-XXXXXX replace_special_char stack-based overflow
Summary
A vulnerability, which was classified as critical, has been found in D-Link DAP-1320 1.00. Affected by this issue is the function replace_special_char of the file /storagein.pd-XXXXXX. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.296480 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.296480 | signaturepermissions-required |
| https://vuldb.com/?submit.497496 | third-party-advisory |
| https://tasty-foxtrot-3a8.notion.site/D-link-DAP-… | exploit |
| https://legacy.us.dlink.com/pages/product.aspx?id… | related |
| https://www.dlink.com/ | product |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1539",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-21T15:40:55.478976Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-21T15:42:32.332Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DAP-1320",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "1.00"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "hand_king (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in D-Link DAP-1320 1.00. Affected by this issue is the function replace_special_char of the file /storagein.pd-XXXXXX. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in D-Link DAP-1320 1.00 entdeckt. Davon betroffen ist die Funktion replace_special_char der Datei /storagein.pd-XXXXXX. Durch Manipulieren mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-21T15:00:14.905Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-296480 | D-Link DAP-1320 storagein.pd-XXXXXX replace_special_char stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.296480"
},
{
"name": "VDB-296480 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.296480"
},
{
"name": "Submit #497496 | D-Link DAP-1320 1.00 Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.497496"
},
{
"tags": [
"exploit"
],
"url": "https://tasty-foxtrot-3a8.notion.site/D-link-DAP-1320-replace_special_char-Vulnerability-1960448e6195809c94f9fd2ff1f59bcf?pvs=4"
},
{
"tags": [
"related"
],
"url": "https://legacy.us.dlink.com/pages/product.aspx?id=4b2bbe2e3f1d440ea65bc56c7e3dcc5c"
},
{
"tags": [
"product"
],
"url": "https://www.dlink.com/"
}
],
"tags": [
"unsupported-when-assigned"
],
"timeline": [
{
"lang": "en",
"time": "2025-02-21T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-02-21T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-02-21T09:49:03.000Z",
"value": "VulDB entry last update"
}
],
"title": "D-Link DAP-1320 storagein.pd-XXXXXX replace_special_char stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-1539",
"datePublished": "2025-02-21T15:00:14.905Z",
"dateReserved": "2025-02-21T08:43:32.227Z",
"dateUpdated": "2025-02-21T15:42:32.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1533 (GCVE-0-2025-1533)
Vulnerability from cvelistv5 – Published: 2025-05-12 09:28 – Updated: 2025-05-12 14:28
VLAI
EPSS
VEX
Summary
A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be triggered by input manipulation, may leading to a system crash (BSOD) or other potentially undefined execution.
Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - - Stack-based Buffer Overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.asus.com/content/asus-product-securit… | vendor-advisory |
| https://www.talosintelligence.com/vulnerability_r… |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ASUS | Armoury Crate |
Affected:
V6.1.13 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1533",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-12T14:27:47.329040Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-12T14:28:16.070Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Armoury Crate",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "V6.1.13 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be triggered by input manipulation, may leading to a system crash (BSOD) or other potentially undefined execution.\u003cbr\u003eRefer to the \u0027Security Update for Armoury Crate App\u0027 section on the ASUS Security Advisory for more information."
}
],
"value": "A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be triggered by input manipulation, may leading to a system crash (BSOD) or other potentially undefined execution.\nRefer to the \u0027Security Update for Armoury Crate App\u0027 section on the ASUS Security Advisory for more information."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 - Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-12T09:28:12.314Z",
"orgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
"shortName": "ASUS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.asus.com/content/asus-product-security-advisory/"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2144"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
"assignerShortName": "ASUS",
"cveId": "CVE-2025-1533",
"datePublished": "2025-05-12T09:28:12.314Z",
"dateReserved": "2025-02-21T02:44:34.685Z",
"dateUpdated": "2025-05-12T14:28:16.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1366 (GCVE-0-2025-1366)
Vulnerability from cvelistv5 – Published: 2025-02-17 00:00 – Updated: 2025-02-18 15:58
VLAI
EPSS
VEX
Title
MicroWord eScan Antivirus VirusPopUp strcpy stack-based overflow
Summary
A vulnerability was found in MicroWord eScan Antivirus 7.0.32 on Linux and classified as critical. Affected by this issue is the function strcpy of the component VirusPopUp. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
5.3 (Medium)
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.295970 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.295970 | signaturepermissions-required |
| https://github.com/dmknght/FIS_RnD/blob/main/esca… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MicroWord | eScan Antivirus |
Affected:
7.0.32
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1366",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T15:57:51.992123Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T15:58:00.838Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"VirusPopUp"
],
"product": "eScan Antivirus",
"vendor": "MicroWord",
"versions": [
{
"status": "affected",
"version": "7.0.32"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in MicroWord eScan Antivirus 7.0.32 on Linux and classified as critical. Affected by this issue is the function strcpy of the component VirusPopUp. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in MicroWord eScan Antivirus 7.0.32 f\u00fcr Linux gefunden. Sie wurde als kritisch eingestuft. Davon betroffen ist die Funktion strcpy der Komponente VirusPopUp. Durch Manipulation mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-17T00:00:16.054Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-295970 | MicroWord eScan Antivirus VirusPopUp strcpy stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.295970"
},
{
"name": "VDB-295970 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.295970"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/dmknght/FIS_RnD/blob/main/escan_av_usb_protection_multiple_vulns.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-16T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-02-16T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-02-16T09:57:22.000Z",
"value": "VulDB entry last update"
}
],
"title": "MicroWord eScan Antivirus VirusPopUp strcpy stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-1366",
"datePublished": "2025-02-17T00:00:16.054Z",
"dateReserved": "2025-02-16T08:52:19.693Z",
"dateUpdated": "2025-02-18T15:58:00.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation MIT-10
Operation
Build and Compilation
Strategy: Environment Hardening
- Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
- D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation
Architecture and Design
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Implementation
Implement and perform bounds checking on input.
Mitigation
Implementation
Do not use dangerous functions such as gets. Use safer, equivalent functions which check for boundary errors.
Mitigation MIT-11
Operation
Build and Compilation
Strategy: Environment Hardening
- Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
- Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
- For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].
No CAPEC attack patterns related to this CWE.