Vulnerabilities (CVE)

Filtered by CWE-121
Total 2849 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-57071 1 Tenda 2 G3, G3 Firmware 2026-06-17 N/A 7.5 HIGH
Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the vpnUsers parameter in the formAddVpnUsers function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-57070 1 Tenda 2 G3, G3 Firmware 2026-06-17 N/A 7.5 HIGH
Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the gstUp parameter in the guestWifiRuleRefresh function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-57069 1 Tenda 2 G3, G3 Firmware 2026-06-17 N/A 7.5 HIGH
Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the pPppUser parameter in the getsinglepppuser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-57064 1 Tenda 2 G3, G3 Firmware 2026-06-17 N/A 7.5 HIGH
Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the bindDhcpIndex parameter in the modifyDhcpRule function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-57063 1 Tenda 2 G3, G3 Firmware 2026-06-17 N/A 7.5 HIGH
Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the portMappingIndex parameter in the formDelPortMapping function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-57062 1 Tenda 2 G3, G3 Firmware 2026-06-17 N/A 7.5 HIGH
Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the delDhcpIndex parameter in the formDelDhcpRule function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-57061 1 Tenda 2 G3, G3 Firmware 2026-06-17 N/A 7.5 HIGH
Tenda G3 v3.0br_V15.11.0.17 was discovered to contain multiple stack overflows in the formIPMacBindModify function via the ruleId, ip, mac, v6 and remark parameters. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-57060 1 Tenda 2 G3, G3 Firmware 2026-06-17 N/A 7.5 HIGH
Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the rules parameter in the dns_forward_rule_store function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-57059 1 Tenda 2 G3, G3 Firmware 2026-06-17 N/A 7.5 HIGH
Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the dhcpIndex parameter in the addDhcpRule function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-57058 1 Tenda 2 G3, G3 Firmware 2026-06-17 N/A 7.5 HIGH
Tenda G3 v3.0br_V15.11.0.17 was discovered to contain multiple stack overflows in the formSetDebugCfg function via the pEnable, pLevel, and pModule parameters. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-57057 1 Tenda 2 G3, G3 Firmware 2026-06-17 N/A 7.5 HIGH
Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the listStr parameter in the ipMacBindListStore function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-55852 1 Tenda 2 Ac8, Ac8 Firmware 2026-06-17 N/A 7.5 HIGH
Tenda AC8 v16.03.34.06 is vulnerable to Buffer Overflow in the formWifiBasicSet function via the parameter security or security_5g.
CVE-2025-55763 1 Civetweb Project 1 Civetweb 2026-06-17 N/A 7.5 HIGH
Buffer Overflow in the URI parser of CivetWeb 1.14 through 1.16 (latest) allows a remote attacker to achieve remote code execution via a crafted HTTP request. This vulnerability is triggered during request processing and may allow an attacker to corrupt heap memory, potentially leading to denial of service or arbitrary code execution.
CVE-2025-55503 1 Tenda 2 Ac6, Ac6 Firmware 2026-06-17 N/A 7.3 HIGH
Tenda AC6 V15.03.06.23_multi has a stack overflow vulnerability via the deviceName parameter in the saveParentControlInfo function.
CVE-2025-55498 1 Tenda 2 Ac6, Ac6 Firmware 2026-06-17 N/A 7.5 HIGH
Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the time parameter in the fromSetSysTime function.
CVE-2025-55483 1 Tenda 2 Ac6, Ac6 Firmware 2026-06-17 N/A 7.5 HIGH
Tenda AC6 V15.03.06.23_multi is vulnerable to Buffer Overflow in the function formSetMacFilterCfg via the parameters macFilterType and deviceList.
CVE-2025-55482 1 Tenda 2 Ac6, Ac6 Firmware 2026-06-17 N/A 7.5 HIGH
Tenda AC6 V15.03.06.23_multi is vulnerable to Buffer Overflow in the formSetCfm function.
CVE-2025-55117 1 Bmc 1 Control-m\/agent 2026-06-17 N/A 5.3 MEDIUM
A stack-based buffer overflow can be remotely triggered when formatting an error message in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: * Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting "use_openssl=n"; * Control-M/Agent 9.0.21 and 9.0.22: Agent router configuration uses the non-default settings "JAVA_AR=N" and "use_openssl=n".
CVE-2025-55116 1 Bmc 1 Control-m\/agent 2026-06-17 N/A 8.8 HIGH
A buffer overflow in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions.
CVE-2025-55095 1 Eclipse 1 Threadx Usbx 2026-06-17 N/A 4.2 MEDIUM
The function _ux_host_class_storage_media_mount() is responsible for mounting partitions on a USB mass storage device. When it encounters an extended partition entry in the partition table, it recursively calls itself to mount the next logical partition. This recursion occurs in _ux_host_class_storage_partition_read(), which parses up to four partition entries. If an extended partition is found (with type UX_HOST_CLASS_STORAGE_PARTITION_EXTENDED or EXTENDED_LBA_MAPPED), the code invokes: _ux_host_class_storage_media_mount(storage, sector + _ux_utility_long_get(...)); There is no limit on the recursion depth or tracking of visited sectors. As a result, a malicious or malformed disk image can include cyclic or excessively deep chains of extended partitions, causing the function to recurse until stack overflow occurs.