Vulnerabilities (CVE)

Filtered by CWE-121
Total 2786 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-49908 1 Tp-link 2 Eap225, Eap225 Firmware 2026-06-17 N/A 7.2 HIGH
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `profile` parameter at offset `0x0045abc8` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225.
CVE-2023-49907 1 Tp-link 4 Eap115, Eap115 Firmware, Eap225 and 1 more 2026-06-17 N/A 7.2 HIGH
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `band` parameter at offset `0x0045aad8` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225.
CVE-2023-49906 1 Tp-link 2 Eap225, Eap225 Firmware 2026-06-17 N/A 7.2 HIGH
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `ssid` parameter at offset `0x0045ab7c` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225.
CVE-2023-49867 2 Level1, Realtek 3 Wbr-6013, Wbr-6013 Firmware, Rtl819x Jungle Software Development Kit 2026-06-17 N/A 7.2 HIGH
A stack-based buffer overflow vulnerability exists in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger this vulnerability.
CVE-2023-49595 2 Level1, Realtek 3 Wbr-6013, Wbr-6013 Firmware, Rtl819x Jungle Software Development Kit 2026-06-17 N/A 7.2 HIGH
A stack-based buffer overflow vulnerability exists in the boa rollback_control_code functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2023-49424 1 Tenda 2 Ax12, Ax12 Firmware 2026-06-17 N/A 9.8 CRITICAL
Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg.
CVE-2023-49236 1 Trendnet 2 Tv-ip1314pi, Tv-ip1314pi Firmware 2026-06-17 N/A 9.8 CRITICAL
A stack-based buffer overflow was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices, leading to arbitrary command execution. This occurs because of lack of length validation during an sscanf of a user-entered scale field in the RTSP playback function of davinci.
CVE-2023-49073 2 Level1, Realtek 3 Wbr-6013, Wbr-6013 Firmware, Rtl819x Jungle Software Development Kit 2026-06-17 N/A 7.2 HIGH
A stack-based buffer overflow vulnerability exists in the boa formFilter functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2023-48906 2026-06-17 N/A 4.3 MEDIUM
Stack Overflow vulnerability in Btstack 1.6 and earlier allows attackers to cause a denial of service via crafted input to the char_for_nibble function.
CVE-2023-48725 1 Netgear 2 Rax30, Rax30 Firmware 2026-06-17 N/A 7.2 HIGH
A stack-based buffer overflow vulnerability exists in the JSON Parsing getblockschedule() functionality of Netgear RAX30 1.0.11.96 and 1.0.7.78. A specially crafted HTTP request can lead to code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2023-48724 1 Tp-link 2 Eap225, Eap225 Firmware 2026-06-17 N/A 7.5 HIGH
A memory corruption vulnerability exists in the web interface functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted HTTP POST request can lead to denial of service of the device's web interface. An attacker can send an unauthenticated HTTP POST request to trigger this vulnerability.
CVE-2023-48270 2 Level1, Realtek 3 Wbr-6013, Wbr-6013 Firmware, Rtl819x Jungle Software Development Kit 2026-06-17 N/A 7.2 HIGH
A stack-based buffer overflow vulnerability exists in the boa formDnsv6 functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2023-47856 2 Level1, Realtek 3 Wbr-6013, Wbr-6013 Firmware, Rtl819x Jungle Software Development Kit 2026-06-17 N/A 7.2 HIGH
A stack-based buffer overflow vulnerability exists in the boa set_RadvdPrefixParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2023-46720 1 Fortinet 1 Fortios 2026-06-17 N/A 6.7 MEDIUM
A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.12 and 6.4.6 through 6.4.15 and 6.2.9 through 6.2.16 and 6.0.13 through 6.0.18 allows attacker to execute unauthorized code or commands via specially crafted CLI commands.
CVE-2023-46718 1 Fortinet 2 Fortios, Fortiproxy 2026-06-17 N/A 6.7 MEDIUM
A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.12 and 6.4.6 through 6.4.15 and 6.2.9 through 6.2.16 and 6.0.13 through 6.0.18 allows attacker to execute unauthorized code or commands via specially crafted CLI commands.
CVE-2023-46714 1 Fortinet 1 Fortios 2026-06-17 N/A 7.2 HIGH
A stack-based buffer overflow [CWE-121] vulnerability in Fortinet FortiOS version 7.2.1 through 7.2.6 and version 7.4.0 through 7.4.1 allows a privileged attacker over the administrative interface to execute arbitrary code or commands via crafted HTTP or HTTPs requests.
CVE-2023-46564 1 Totolink 2 X2000r, X2000r Firmware 2026-06-17 N/A 9.8 CRITICAL
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formDMZ.
CVE-2023-46563 1 Totolink 2 X2000r, X2000r Firmware 2026-06-17 N/A 9.8 CRITICAL
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIpQoS.
CVE-2023-46562 1 Totolink 2 X2000r, X2000r Firmware 2026-06-17 N/A 9.8 CRITICAL
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formDosCfg.
CVE-2023-46560 1 Totolink 2 X2000r, X2000r Firmware 2026-06-17 N/A 9.8 CRITICAL
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formTcpipSetup.