Common Weakness Enumeration
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Back to CWE stats page
CWE-121
Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CVE-2026-1951 (GCVE-0-2026-1951)
Vulnerability from cvelistv5 – Published: 2026-04-24 06:13 – Updated: 2026-04-24 13:08
VLAI
Title
No checking of the length of the buffer with the directory name in AS320T
Summary
Delta Electronics AS320T has no checking of the length of the buffer with the directory name
vulnerability.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
Date Public
2026-04-24 05:26
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1951",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-24T13:07:44.270512Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-24T13:08:01.910Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AS320T",
"vendor": "DeltaWW",
"versions": [
{
"lessThanOrEqual": "1.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:deltaww:as320t:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.10",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Sergey Fedonin and Ivan Kurnakov (Positive Technologies)"
}
],
"datePublic": "2026-04-24T05:26:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Delta Electronics AS320T has no checking of the length of the buffer with the directory name\n\n vulnerability."
}
],
"value": "Delta Electronics AS320T has no checking of the length of the buffer with the directory name\n\n vulnerability."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100: Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-24T06:13:35.539Z",
"orgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"shortName": "Deltaww"
},
"references": [
{
"url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2026-00006_AS320T%20Multiple%20vulnerabilities%20(CVE-2026-1949,%201950,%201951,%201952).pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade firmware to v1.12 or later\u003cbr\u003e"
}
],
"value": "Upgrade firmware to v1.12 or later"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "No checking of the length of the buffer with the directory name in AS320T",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "759f5e80-c8e1-4224-bead-956d7b33c98b",
"assignerShortName": "Deltaww",
"cveId": "CVE-2026-1951",
"datePublished": "2026-04-24T06:13:35.539Z",
"dateReserved": "2026-02-05T05:43:01.572Z",
"dateUpdated": "2026-04-24T13:08:01.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2016 (GCVE-0-2026-2016)
Vulnerability from cvelistv5 – Published: 2026-02-06 11:02 – Updated: 2026-02-23 09:24 X_Open Source
VLAI
Title
happyfish100 libfastcommon base64.c base64_decode stack-based overflow
Summary
A security vulnerability has been detected in happyfish100 libfastcommon up to 1.0.84. Affected by this vulnerability is the function base64_decode of the file src/base64.c. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. The identifier of the patch is 82f66af3e252e3e137dba0c3891570f085e79adf. Applying a patch is the recommended action to fix this issue.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.344598 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.344598 | signaturepermissions-required |
| https://vuldb.com/?submit.743873 | third-party-advisory |
| https://github.com/happyfish100/libfastcommon/issues/55 | issue-tracking |
| https://github.com/happyfish100/libfastcommon/iss… | issue-tracking |
| https://github.com/happyfish100/libfastcommon/iss… | exploitissue-tracking |
| https://github.com/happyfish100/libfastcommon/com… | patch |
| https://github.com/happyfish100/libfastcommon/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| happyfish100 | libfastcommon |
Affected:
1.0.0
Affected: 1.0.1 Affected: 1.0.2 Affected: 1.0.3 Affected: 1.0.4 Affected: 1.0.5 Affected: 1.0.6 Affected: 1.0.7 Affected: 1.0.8 Affected: 1.0.9 Affected: 1.0.10 Affected: 1.0.11 Affected: 1.0.12 Affected: 1.0.13 Affected: 1.0.14 Affected: 1.0.15 Affected: 1.0.16 Affected: 1.0.17 Affected: 1.0.18 Affected: 1.0.19 Affected: 1.0.20 Affected: 1.0.21 Affected: 1.0.22 Affected: 1.0.23 Affected: 1.0.24 Affected: 1.0.25 Affected: 1.0.26 Affected: 1.0.27 Affected: 1.0.28 Affected: 1.0.29 Affected: 1.0.30 Affected: 1.0.31 Affected: 1.0.32 Affected: 1.0.33 Affected: 1.0.34 Affected: 1.0.35 Affected: 1.0.36 Affected: 1.0.37 Affected: 1.0.38 Affected: 1.0.39 Affected: 1.0.40 Affected: 1.0.41 Affected: 1.0.42 Affected: 1.0.43 Affected: 1.0.44 Affected: 1.0.45 Affected: 1.0.46 Affected: 1.0.47 Affected: 1.0.48 Affected: 1.0.49 Affected: 1.0.50 Affected: 1.0.51 Affected: 1.0.52 Affected: 1.0.53 Affected: 1.0.54 Affected: 1.0.55 Affected: 1.0.56 Affected: 1.0.57 Affected: 1.0.58 Affected: 1.0.59 Affected: 1.0.60 Affected: 1.0.61 Affected: 1.0.62 Affected: 1.0.63 Affected: 1.0.64 Affected: 1.0.65 Affected: 1.0.66 Affected: 1.0.67 Affected: 1.0.68 Affected: 1.0.69 Affected: 1.0.70 Affected: 1.0.71 Affected: 1.0.72 Affected: 1.0.73 Affected: 1.0.74 Affected: 1.0.75 Affected: 1.0.76 Affected: 1.0.77 Affected: 1.0.78 Affected: 1.0.79 Affected: 1.0.80 Affected: 1.0.81 Affected: 1.0.82 Affected: 1.0.83 Affected: 1.0.84 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2016",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T13:08:24.871953Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T13:08:43.137Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libfastcommon",
"vendor": "happyfish100",
"versions": [
{
"status": "affected",
"version": "1.0.0"
},
{
"status": "affected",
"version": "1.0.1"
},
{
"status": "affected",
"version": "1.0.2"
},
{
"status": "affected",
"version": "1.0.3"
},
{
"status": "affected",
"version": "1.0.4"
},
{
"status": "affected",
"version": "1.0.5"
},
{
"status": "affected",
"version": "1.0.6"
},
{
"status": "affected",
"version": "1.0.7"
},
{
"status": "affected",
"version": "1.0.8"
},
{
"status": "affected",
"version": "1.0.9"
},
{
"status": "affected",
"version": "1.0.10"
},
{
"status": "affected",
"version": "1.0.11"
},
{
"status": "affected",
"version": "1.0.12"
},
{
"status": "affected",
"version": "1.0.13"
},
{
"status": "affected",
"version": "1.0.14"
},
{
"status": "affected",
"version": "1.0.15"
},
{
"status": "affected",
"version": "1.0.16"
},
{
"status": "affected",
"version": "1.0.17"
},
{
"status": "affected",
"version": "1.0.18"
},
{
"status": "affected",
"version": "1.0.19"
},
{
"status": "affected",
"version": "1.0.20"
},
{
"status": "affected",
"version": "1.0.21"
},
{
"status": "affected",
"version": "1.0.22"
},
{
"status": "affected",
"version": "1.0.23"
},
{
"status": "affected",
"version": "1.0.24"
},
{
"status": "affected",
"version": "1.0.25"
},
{
"status": "affected",
"version": "1.0.26"
},
{
"status": "affected",
"version": "1.0.27"
},
{
"status": "affected",
"version": "1.0.28"
},
{
"status": "affected",
"version": "1.0.29"
},
{
"status": "affected",
"version": "1.0.30"
},
{
"status": "affected",
"version": "1.0.31"
},
{
"status": "affected",
"version": "1.0.32"
},
{
"status": "affected",
"version": "1.0.33"
},
{
"status": "affected",
"version": "1.0.34"
},
{
"status": "affected",
"version": "1.0.35"
},
{
"status": "affected",
"version": "1.0.36"
},
{
"status": "affected",
"version": "1.0.37"
},
{
"status": "affected",
"version": "1.0.38"
},
{
"status": "affected",
"version": "1.0.39"
},
{
"status": "affected",
"version": "1.0.40"
},
{
"status": "affected",
"version": "1.0.41"
},
{
"status": "affected",
"version": "1.0.42"
},
{
"status": "affected",
"version": "1.0.43"
},
{
"status": "affected",
"version": "1.0.44"
},
{
"status": "affected",
"version": "1.0.45"
},
{
"status": "affected",
"version": "1.0.46"
},
{
"status": "affected",
"version": "1.0.47"
},
{
"status": "affected",
"version": "1.0.48"
},
{
"status": "affected",
"version": "1.0.49"
},
{
"status": "affected",
"version": "1.0.50"
},
{
"status": "affected",
"version": "1.0.51"
},
{
"status": "affected",
"version": "1.0.52"
},
{
"status": "affected",
"version": "1.0.53"
},
{
"status": "affected",
"version": "1.0.54"
},
{
"status": "affected",
"version": "1.0.55"
},
{
"status": "affected",
"version": "1.0.56"
},
{
"status": "affected",
"version": "1.0.57"
},
{
"status": "affected",
"version": "1.0.58"
},
{
"status": "affected",
"version": "1.0.59"
},
{
"status": "affected",
"version": "1.0.60"
},
{
"status": "affected",
"version": "1.0.61"
},
{
"status": "affected",
"version": "1.0.62"
},
{
"status": "affected",
"version": "1.0.63"
},
{
"status": "affected",
"version": "1.0.64"
},
{
"status": "affected",
"version": "1.0.65"
},
{
"status": "affected",
"version": "1.0.66"
},
{
"status": "affected",
"version": "1.0.67"
},
{
"status": "affected",
"version": "1.0.68"
},
{
"status": "affected",
"version": "1.0.69"
},
{
"status": "affected",
"version": "1.0.70"
},
{
"status": "affected",
"version": "1.0.71"
},
{
"status": "affected",
"version": "1.0.72"
},
{
"status": "affected",
"version": "1.0.73"
},
{
"status": "affected",
"version": "1.0.74"
},
{
"status": "affected",
"version": "1.0.75"
},
{
"status": "affected",
"version": "1.0.76"
},
{
"status": "affected",
"version": "1.0.77"
},
{
"status": "affected",
"version": "1.0.78"
},
{
"status": "affected",
"version": "1.0.79"
},
{
"status": "affected",
"version": "1.0.80"
},
{
"status": "affected",
"version": "1.0.81"
},
{
"status": "affected",
"version": "1.0.82"
},
{
"status": "affected",
"version": "1.0.83"
},
{
"status": "affected",
"version": "1.0.84"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "liloler (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in happyfish100 libfastcommon up to 1.0.84. Affected by this vulnerability is the function base64_decode of the file src/base64.c. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. The identifier of the patch is 82f66af3e252e3e137dba0c3891570f085e79adf. Applying a patch is the recommended action to fix this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T09:24:15.968Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-344598 | happyfish100 libfastcommon base64.c base64_decode stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.344598"
},
{
"name": "VDB-344598 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.344598"
},
{
"name": "Submit #743873 | happyfish100 libfastcommon V1.0.84 and earlier Heap-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.743873"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/happyfish100/libfastcommon/issues/55"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/happyfish100/libfastcommon/issues/55#issuecomment-3776757848"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/happyfish100/libfastcommon/issues/55#issue-3836362577"
},
{
"tags": [
"patch"
],
"url": "https://github.com/happyfish100/libfastcommon/commit/82f66af3e252e3e137dba0c3891570f085e79adf"
},
{
"tags": [
"product"
],
"url": "https://github.com/happyfish100/libfastcommon/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2026-02-05T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-02-05T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-02-18T01:03:36.000Z",
"value": "VulDB entry last update"
}
],
"title": "happyfish100 libfastcommon base64.c base64_decode stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-2016",
"datePublished": "2026-02-06T11:02:08.107Z",
"dateReserved": "2026-02-05T19:35:28.683Z",
"dateUpdated": "2026-02-23T09:24:15.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2017 (GCVE-0-2026-2017)
Vulnerability from cvelistv5 – Published: 2026-02-06 11:32 – Updated: 2026-02-23 09:24
VLAI
Title
IP-COM W30AP POST Request wx3auth R7WebsSecurityHandler stack-based overflow
Summary
A vulnerability was detected in IP-COM W30AP up to 1.0.0.11(1340). Affected by this issue is the function R7WebsSecurityHandler of the file /goform/wx3auth of the component POST Request Handler. The manipulation of the argument data results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
9.8 (Critical)
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.344599 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.344599 | signaturepermissions-required |
| https://vuldb.com/?submit.744062 | third-party-advisory |
| https://vuldb.com/?submit.744063 | third-party-advisory |
| https://gitee.com/GXB0_0/iot-vul/blob/master/IP-C… | related |
| https://gitee.com/GXB0_0/iot-vul/blob/master/IP-C… | exploit |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2017",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T13:02:57.978366Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T13:03:11.589Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"POST Request Handler"
],
"product": "W30AP",
"vendor": "IP-COM",
"versions": [
{
"status": "affected",
"version": "1.0.0.11(1340)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "GuoXB (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in IP-COM W30AP up to 1.0.0.11(1340). Affected by this issue is the function R7WebsSecurityHandler of the file /goform/wx3auth of the component POST Request Handler. The manipulation of the argument data results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 10,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T09:24:34.451Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-344599 | IP-COM W30AP POST Request wx3auth R7WebsSecurityHandler stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.344599"
},
{
"name": "VDB-344599 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.344599"
},
{
"name": "Submit #744062 | IP-COM W30APv4.0 \u003c= v1.0.0.11(1340) Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.744062"
},
{
"name": "Submit #744063 | IP-COM W30APv4.0 \u003c= v1.0.0.11(1340) Stack-based Buffer Overflow (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.744063"
},
{
"tags": [
"related"
],
"url": "https://gitee.com/GXB0_0/iot-vul/blob/master/IP-COM/W30AP/wx3auth-sprintf.md"
},
{
"tags": [
"exploit"
],
"url": "https://gitee.com/GXB0_0/iot-vul/blob/master/IP-COM/W30AP/wx3auth-sprintf.md#poc"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-05T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-02-05T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-02-06T15:08:02.000Z",
"value": "VulDB entry last update"
}
],
"title": "IP-COM W30AP POST Request wx3auth R7WebsSecurityHandler stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-2017",
"datePublished": "2026-02-06T11:32:12.618Z",
"dateReserved": "2026-02-05T19:37:56.554Z",
"dateUpdated": "2026-02-23T09:24:34.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2069 (GCVE-0-2026-2069)
Vulnerability from cvelistv5 – Published: 2026-02-06 22:02 – Updated: 2026-02-23 09:28
VLAI
Title
ggml-org llama.cpp GBNF Grammar llama-grammar.cpp llama_grammar_advance_stack stack-based overflow
Summary
A flaw has been found in ggml-org llama.cpp up to 55abc39. Impacted is the function llama_grammar_advance_stack of the file llama.cpp/src/llama-grammar.cpp of the component GBNF Grammar Handler. This manipulation causes stack-based buffer overflow. The attack needs to be launched locally. The exploit has been published and may be used. Patch name: 18993. To fix this issue, it is recommended to deploy a patch.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.344636 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.344636 | signaturepermissions-required |
| https://vuldb.com/?submit.745263 | third-party-advisory |
| https://github.com/ggml-org/llama.cpp/issues/18988 | issue-tracking |
| https://github.com/ggml-org/llama.cpp/issues/1898… | issue-tracking |
| https://github.com/user-attachments/files/2476110… | exploit |
| https://github.com/ggml-org/llama.cpp/pull/18993 | issue-trackingpatch |
| https://github.com/ggml-org/llama.cpp/ | product |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2069",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T15:18:13.164026Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T15:18:27.688Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"GBNF Grammar Handler"
],
"product": "llama.cpp",
"vendor": "ggml-org",
"versions": [
{
"status": "affected",
"version": "55abc39"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "TYGLS (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in ggml-org llama.cpp up to 55abc39. Impacted is the function llama_grammar_advance_stack of the file llama.cpp/src/llama-grammar.cpp of the component GBNF Grammar Handler. This manipulation causes stack-based buffer overflow. The attack needs to be launched locally. The exploit has been published and may be used. Patch name: 18993. To fix this issue, it is recommended to deploy a patch."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T09:28:33.822Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-344636 | ggml-org llama.cpp GBNF Grammar llama-grammar.cpp llama_grammar_advance_stack stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.344636"
},
{
"name": "VDB-344636 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.344636"
},
{
"name": "Submit #745263 | llama.cpp commit 55abc39 Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.745263"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/ggml-org/llama.cpp/issues/18988"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/ggml-org/llama.cpp/issues/18988#event-4426704865"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/user-attachments/files/24761101/poc.zip"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/ggml-org/llama.cpp/pull/18993"
},
{
"tags": [
"product"
],
"url": "https://github.com/ggml-org/llama.cpp/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-02-06T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-02-10T05:46:24.000Z",
"value": "VulDB entry last update"
}
],
"title": "ggml-org llama.cpp GBNF Grammar llama-grammar.cpp llama_grammar_advance_stack stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-2069",
"datePublished": "2026-02-06T22:02:08.933Z",
"dateReserved": "2026-02-06T07:41:07.150Z",
"dateUpdated": "2026-02-23T09:28:33.822Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21224 (GCVE-0-2026-21224)
Vulnerability from cvelistv5 – Published: 2026-01-13 17:56 – Updated: 2026-04-01 13:49
VLAI
Title
Azure Connected Machine Agent Elevation of Privilege Vulnerability
Summary
Stack-based buffer overflow in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Azure Connected Machine Agent |
Affected:
1.0.0 , < 1.60.03293.2680
(custom)
|
Date Public
2026-01-13 16:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21224",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-13T21:44:09.699915Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T21:44:16.042Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Azure Connected Machine Agent",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "1.60.03293.2680",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:azure_connected_machine_agent:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.60.03293.2680",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-01-13T16:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Stack-based buffer overflow in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T13:49:00.969Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Azure Connected Machine Agent Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21224"
}
],
"title": "Azure Connected Machine Agent Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-21224",
"datePublished": "2026-01-13T17:56:51.530Z",
"dateReserved": "2025-12-11T21:02:05.732Z",
"dateUpdated": "2026-04-01T13:49:00.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2180 (GCVE-0-2026-2180)
Vulnerability from cvelistv5 – Published: 2026-02-08 19:32 – Updated: 2026-02-23 09:48
VLAI
Title
Tenda RX3 fast_setting_wifi_set stack-based overflow
Summary
A vulnerability was identified in Tenda RX3 16.03.13.11. Affected is an unknown function of the file /goform/fast_setting_wifi_set. Such manipulation of the argument ssid_5g leads to stack-based buffer overflow. The attack can be launched remotely. The exploit is publicly available and might be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.344883 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.344883 | signaturepermissions-required |
| https://vuldb.com/?submit.749703 | third-party-advisory |
| https://github.com/LX-66-LX/cve-new/issues/4 | exploitissue-tracking |
| https://www.tenda.com.cn/ | product |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2180",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-09T17:10:04.977397Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T17:12:13.986Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:rx3_firmware:*:*:*:*:*:*:*:*"
],
"product": "RX3",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.13.11"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "LX-66-LX (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in Tenda RX3 16.03.13.11. Affected is an unknown function of the file /goform/fast_setting_wifi_set. Such manipulation of the argument ssid_5g leads to stack-based buffer overflow. The attack can be launched remotely. The exploit is publicly available and might be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T09:48:12.741Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-344883 | Tenda RX3 fast_setting_wifi_set stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.344883"
},
{
"name": "VDB-344883 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.344883"
},
{
"name": "Submit #749703 | Tenda RX3 V16.03.13.11 Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.749703"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/LX-66-LX/cve-new/issues/4"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-02-07T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-02-09T01:15:33.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda RX3 fast_setting_wifi_set stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-2180",
"datePublished": "2026-02-08T19:32:10.881Z",
"dateReserved": "2026-02-07T15:19:12.136Z",
"dateUpdated": "2026-02-23T09:48:12.741Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2181 (GCVE-0-2026-2181)
Vulnerability from cvelistv5 – Published: 2026-02-08 19:32 – Updated: 2026-02-23 09:48
VLAI
Title
Tenda RX3 openSchedWifi stack-based overflow
Summary
A security flaw has been discovered in Tenda RX3 16.03.13.11. Affected by this vulnerability is an unknown functionality of the file /goform/openSchedWifi. Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.344884 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.344884 | signaturepermissions-required |
| https://vuldb.com/?submit.749710 | third-party-advisory |
| https://github.com/LX-66-LX/cve-new/issues/5 | exploitissue-tracking |
| https://www.tenda.com.cn/ | product |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2181",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-09T17:09:12.760893Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T17:09:29.582Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:rx3_firmware:*:*:*:*:*:*:*:*"
],
"product": "RX3",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.13.11"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "LX-66-LX (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in Tenda RX3 16.03.13.11. Affected by this vulnerability is an unknown functionality of the file /goform/openSchedWifi. Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T09:48:28.958Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-344884 | Tenda RX3 openSchedWifi stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.344884"
},
{
"name": "VDB-344884 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.344884"
},
{
"name": "Submit #749710 | Tenda RX3 V16.03.13.11 Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.749710"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/LX-66-LX/cve-new/issues/5"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-02-07T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-02-09T01:15:33.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda RX3 openSchedWifi stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-2181",
"datePublished": "2026-02-08T19:32:13.684Z",
"dateReserved": "2026-02-07T15:19:17.004Z",
"dateUpdated": "2026-02-23T09:48:28.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2185 (GCVE-0-2026-2185)
Vulnerability from cvelistv5 – Published: 2026-02-08 20:32 – Updated: 2026-02-23 09:49
VLAI
Title
Tenda RX3 MAC Filtering Configuration Endpoint setBlackRule set_device_name stack-based overflow
Summary
A flaw has been found in Tenda RX3 16.03.13.11. This issue affects the function set_device_name of the file /goform/setBlackRule of the component MAC Filtering Configuration Endpoint. This manipulation of the argument devName/mac causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.344888 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.344888 | signaturepermissions-required |
| https://vuldb.com/?submit.749715 | third-party-advisory |
| https://github.com/LX-66-LX/cve-new/issues/6 | exploitissue-tracking |
| https://www.tenda.com.cn/ | product |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2185",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-09T21:07:48.682740Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T21:07:57.607Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:rx3_firmware:*:*:*:*:*:*:*:*"
],
"modules": [
"MAC Filtering Configuration Endpoint"
],
"product": "RX3",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.13.11"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "LX-66-LX (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in Tenda RX3 16.03.13.11. This issue affects the function set_device_name of the file /goform/setBlackRule of the component MAC Filtering Configuration Endpoint. This manipulation of the argument devName/mac causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T09:49:21.723Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-344888 | Tenda RX3 MAC Filtering Configuration Endpoint setBlackRule set_device_name stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.344888"
},
{
"name": "VDB-344888 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.344888"
},
{
"name": "Submit #749715 | Tenda RX3 V16.03.13.11 Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.749715"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/LX-66-LX/cve-new/issues/6"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-02-07T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-02-09T01:15:32.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda RX3 MAC Filtering Configuration Endpoint setBlackRule set_device_name stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-2185",
"datePublished": "2026-02-08T20:32:09.908Z",
"dateReserved": "2026-02-07T15:29:25.365Z",
"dateUpdated": "2026-02-23T09:49:21.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2186 (GCVE-0-2026-2186)
Vulnerability from cvelistv5 – Published: 2026-02-08 21:02 – Updated: 2026-02-23 09:49
VLAI
Title
Tenda RX3 SetIpMacBind fromSetIpMacBind stack-based overflow
Summary
A vulnerability has been found in Tenda RX3 16.03.13.11. Impacted is the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument list leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.344889 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.344889 | signaturepermissions-required |
| https://vuldb.com/?submit.749718 | third-party-advisory |
| https://github.com/LX-66-LX/cve-new/issues/7 | exploitissue-tracking |
| https://www.tenda.com.cn/ | product |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2186",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-09T21:08:17.361623Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T21:08:28.920Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:rx3_firmware:*:*:*:*:*:*:*:*"
],
"product": "RX3",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.13.11"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "LX-66-LX (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Tenda RX3 16.03.13.11. Impacted is the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument list leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the public and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T09:49:37.836Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-344889 | Tenda RX3 SetIpMacBind fromSetIpMacBind stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.344889"
},
{
"name": "VDB-344889 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.344889"
},
{
"name": "Submit #749718 | Tenda RX3 V16.03.13.11 Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.749718"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/LX-66-LX/cve-new/issues/7"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-02-07T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-02-09T01:15:32.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda RX3 SetIpMacBind fromSetIpMacBind stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-2186",
"datePublished": "2026-02-08T21:02:08.184Z",
"dateReserved": "2026-02-07T17:16:24.891Z",
"dateUpdated": "2026-02-23T09:49:37.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2187 (GCVE-0-2026-2187)
Vulnerability from cvelistv5 – Published: 2026-02-08 21:02 – Updated: 2026-02-23 09:49
VLAI
Title
Tenda RX3 formSetQosBand set_qosMib_list stack-based overflow
Summary
A vulnerability was found in Tenda RX3 16.03.13.11. The affected element is the function set_qosMib_list of the file /goform/formSetQosBand. Performing a manipulation of the argument list results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made public and could be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.344890 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.344890 | signaturepermissions-required |
| https://vuldb.com/?submit.749721 | third-party-advisory |
| https://github.com/LX-66-LX/cve-new/issues/8 | exploitissue-tracking |
| https://www.tenda.com.cn/ | product |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2187",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-09T20:53:56.388298Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T20:54:20.290Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:rx3_firmware:*:*:*:*:*:*:*:*"
],
"product": "RX3",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.13.11"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "LX-66-LX (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda RX3 16.03.13.11. The affected element is the function set_qosMib_list of the file /goform/formSetQosBand. Performing a manipulation of the argument list results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made public and could be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T09:49:51.970Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-344890 | Tenda RX3 formSetQosBand set_qosMib_list stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.344890"
},
{
"name": "VDB-344890 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.344890"
},
{
"name": "Submit #749721 | Tenda RX3 V16.03.13.11 Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.749721"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/LX-66-LX/cve-new/issues/8"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-02-07T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-02-09T01:15:32.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda RX3 formSetQosBand set_qosMib_list stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-2187",
"datePublished": "2026-02-08T21:02:11.500Z",
"dateReserved": "2026-02-07T17:16:30.200Z",
"dateUpdated": "2026-02-23T09:49:51.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation ID: MIT-10
Phases: Operation, Build and Compilation
Strategy: Environment Hardening
Description:
- Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
- D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation
Phase: Architecture and Design
Description:
- Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Phase: Implementation
Description:
- Implement and perform bounds checking on input.
Mitigation
Phase: Implementation
Description:
- Do not use dangerous functions such as gets. Use safer, equivalent functions which check for boundary errors.
Mitigation ID: MIT-11
Phases: Operation, Build and Compilation
Strategy: Environment Hardening
Description:
- Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
- Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
- For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].
No CAPEC attack patterns related to this CWE.