181 matches found
CVE-2025-11778
CVE-2025-11778 affects Circutor SGE-PLC1000/SGE-PLC50 (v0.9.2). The issue is a stack-based buffer overflow in the TACACSPLUS implementation, specifically in the read_packet() function, enabling remote memory corruption. Multiple connected sources corroborate the vulnerability in the same software...
CVE-2025-11778 Stack-based buffer overflow vulnreability in Circutor SGE-PLC1000/SGE-PLC50
Stack-based buffer overflow in Circutor SGE-PLC1000/SGE-PLC50 v0.9.2. This vulnerability allows an attacker to remotely exploit memory corruption through the 'readpacket' function of the TACACSPLUS implementation...
CVE-2025-11778 Stack-based buffer overflow vulnreability in Circutor SGE-PLC1000/SGE-PLC50
Stack-based buffer overflow in Circutor SGE-PLC1000/SGE-PLC50 v0.9.2. This vulnerability allows an attacker to remotely exploit memory corruption through the 'readpacket' function of the TACACSPLUS implementation...
CIRCUTOR SGE-PLC1000和CIRCUTOR SGE-PLC50 安全漏洞
The CIRCUTOR SGE-PLC1000 and CIRCUTOR SGE-PLC50 are both a network concentrator from CIRCUTOR Spain. A security vulnerability exists in the CIRCUTOR SGE-PLC1000 and CIRCUTOR SGE-PLC50 version v9.0.2, which stems from the AddEvent function not validating the length of the username input, which cou...
CIRCUTOR SGE-PLC1000和CIRCUTOR SGE-PLC50 安全漏洞
The CIRCUTOR SGE-PLC1000 and CIRCUTOR SGE-PLC50 are both a network concentrator from CIRCUTOR Spain. A security vulnerability exists in the CIRCUTOR SGE-PLC1000 and CIRCUTOR SGE-PLC50 version v9.0.2, which stems from the firmware containing hard-coded keys that could lead to bypassing access...
PT-2025-48676
Name of the Vulnerable Software and Affected Versions Circutor SGE-PLC1000/SGE-PLC50 version 9.0.2 Description A stack-based buffer overflow exists in the SetUserPassword function. The newPassword parameter is incorporated into a shell command string using sprintf without proper sanitisation or...
PT-2025-48679
Out-of-bounds read vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'DownloadFile' function converts a parameter to an integer using 'atoi' and then uses it as an index in the 'FilesDownload' array with '&FilesDownloadiVar2'. If the parameter is too large, it will access memory beyond...
PT-2025-48672
Name of the Vulnerable Software and Affected Versions Circutor SGE-PLC1000/SGE-PLC50 version 9.0.2 Description A stack-based buffer overflow exists in the software due to insufficient bounds checking when handling user-supplied input. The ShowDownload function utilizes sprintf to format a string,...
PT-2025-48673
Name of the Vulnerable Software and Affected Versions Circutor SGE-PLC1000/SGE-PLC50 version 9.0.2 Description A stack-based buffer overflow exists in the AddEvent function when handling user-supplied usernames. The issue occurs because the function copies the username input to a fixed-size buffe...
CIRCUTOR SGE-PLC1000和CIRCUTOR SGE-PLC50 安全漏洞
The CIRCUTOR SGE-PLC1000 and CIRCUTOR SGE-PLC50 are both a network concentrator from CIRCUTOR Spain. A security vulnerability exists in the CIRCUTOR SGE-PLC1000 and CIRCUTOR SGE-PLC50 v9.0.2, which stems from the ShowMeterDatabase function not validating the length of the meter parameter, which...
CIRCUTOR SGE-PLC1000和CIRCUTOR SGE-PLC50 缓冲区错误漏洞
The CIRCUTOR SGE-PLC1000 and CIRCUTOR SGE-PLC50 are both a network concentrator from CIRCUTOR Spain. A buffer error vulnerability exists in the CIRCUTOR SGE-PLC1000 and CIRCUTOR SGE-PLC50 v9.0.2, which stems from the DownloadFile function not validating the parameter range, which could lead to...
PT-2025-48668
Name of the Vulnerable Software and Affected Versions Circutor SGE-PLC1000/SGE-PLC50 version 0.9.2 Description A stack-based buffer overflow exists in the TACACSPLUS implementation of the software. This allows a remote attacker to corrupt memory and potentially gain control of the system. The iss...
PT-2025-48669
Name of the Vulnerable Software and Affected Versions CircutorSGE-PLC1000/SGE-PLC50 version 9.0.2 Description A stack-based buffer overflow exists in the SetLan function of the software. This function is triggered when a new configuration is applied via a management web request to the 'index.cgi'...
CIRCUTOR SGE-PLC1000和CIRCUTOR SGE-PLC50 安全漏洞
The CIRCUTOR SGE-PLC1000 and CIRCUTOR SGE-PLC50 are both a network concentrator from CIRCUTOR Spain. A security vulnerability exists in the CIRCUTOR SGE-PLC1000 and CIRCUTOR SGE-PLC50 version v9.0.2, which stems from the ShowDownload function not validating the length of the meter parameter, whic...
CIRCUTOR SGE-PLC1000和CIRCUTOR SGE-PLC50 安全漏洞
The CIRCUTOR SGE-PLC1000 and CIRCUTOR SGE-PLC50 are both a network concentrator from CIRCUTOR Spain. A security vulnerability exists in the CIRCUTOR SGE-PLC1000 and CIRCUTOR SGE-PLC50 v9.0.2, which stems from the showMeterReport function not validating the length of the meter parameter, which cou...
PT-2025-48671
Name of the Vulnerable Software and Affected Versions Circutor SGE-PLC1000/SGE-PLC50 version 9.0.2 Description The affected firmware contains a hardcoded static authentication key. An attacker with local access can extract this key by analyzing the firmware image or memory dump. This allows the...
CIRCUTOR SGE-PLC1000和CIRCUTOR SGE-PLC50 安全漏洞
The CIRCUTOR SGE-PLC1000 and CIRCUTOR SGE-PLC50 are both a network concentrator from CIRCUTOR Spain. A security vulnerability exists in the CIRCUTOR SGE-PLC1000 and CIRCUTOR SGE-PLC50 v9.0.2, which stems from the ShowSupervisorParameters function not validating the length of the meter parameter,...
CIRCUTOR SGE-PLC1000和CIRCUTOR SGE-PLC50 安全漏洞
The CIRCUTOR SGE-PLC1000 and CIRCUTOR SGE-PLC50 are both a network concentrator from CIRCUTOR Spain. A security vulnerability exists in the CIRCUTOR SGE-PLC1000 and CIRCUTOR SGE-PLC50 version v0.9.2, which stems from a stack buffer overflow in the readpacket function of the TACACSPLUS...
CIRCUTOR SGE-PLC1000和CIRCUTOR SGE-PLC50 安全漏洞
The CIRCUTOR SGE-PLC1000 and CIRCUTOR SGE-PLC50 are both a network concentrator from CIRCUTOR Spain. A security vulnerability exists in the CIRCUTOR SGE-PLC1000 and CIRCUTOR SGE-PLC50 version v9.0.2, which stems from an uncleared parameter in the SetLan function and could lead to command injectio...
CIRCUTOR SGE-PLC1000和CIRCUTOR SGE-PLC50 安全漏洞
The CIRCUTOR SGE-PLC1000 and CIRCUTOR SGE-PLC50 are both a network concentrator from CIRCUTOR Spain. A security vulnerability exists in the CIRCUTOR SGE-PLC1000 and CIRCUTOR SGE-PLC50 v9.0.2, which stems from the ShowMeterPasswords function not validating the length of the meter parameter, which...