EUVD-2026-33696

FlexRIC v2.0.0 uses hardcoded assertions to validate Information Element IE counts in decoded E2AP messages. A remote unauthenticated attacker can send a valid E2AP PDU containing an unexpected number of IEs e.g., an E2setupRequest with extra optional fields to crash the near-RT RIC port 36421 or...

FlexRIC 安全漏洞

FlexRIC is an open-source RAN intelligent controller developed by Mosaic5G. Version FlexRIC v2.0.0 contains a security vulnerability. This vulnerability stems from the iApp message distributor using assert for validation of the allowlist, which may allow remote unauthenticated attackers to send...

FlexRIC 安全漏洞

FlexRIC is an open-source RAN intelligent controller developed by Mosaic5G. Version FlexRIC v2.0.0 contains a security vulnerability. This vulnerability arises from the use of the assert function to enforce mapping relationships before sending the E2SETUPREQUEST message. This could allow remote...

EUVD-2026-33659

FlexRIC v2.0.0 crashes when an SCTP association is closed before an E2SETUPREQUEST is sent. The near-RT RIC assumes a mapping between SCTP association and E2 node always exists in the cleanup path and enforces this via assert. A remote unauthenticated attacker can crash the near-RT RIC port 36421...

CVE-2026-37227

FlexRIC v2.0.0 is affected by a crash-inducing flaw in near-RT RIC E2AP handlers. Reachable assert(0) calls exist in stub handlers for whitelisted but unimplemented E2AP message types (e.g., E2nodeConfigurationUpdate). A remote unauthenticated attacker can send a decodable E2AP PDU of such a type...

PT-2026-45456

FlexRIC v2.0.0 contains reachable assert0 calls in stub message handlers for whitelisted but unimplemented E2AP message types in the near-RT RIC. A remote unauthenticated attacker can send a decodable E2AP PDU of such a type e.g., E2nodeConfigurationUpdate to crash the near-RT RIC process port...

PT-2026-45430

FlexRIC v2.0.0 crashes when an SCTP association is closed before an E2 SETUP REQUEST is sent. The near-RT RIC assumes a mapping between SCTP association and E2 node always exists in the cleanup path and enforces this via assert. A remote unauthenticated attacker can crash the near-RT RIC port 364...

CVE-2026-37223

FlexRIC v2.0.0 contains a reachable assertion in the iApp message dispatcher. The dispatcher validates incoming E2AP messages against a 9-entry whitelist using assert(), allowing a remote unauthenticated attacker to send decodable E2AP PDUs with a type not in the whitelist to crash the iApp proce...

CVE-2026-37220

FlexRIC v2.0.0 crashes when an SCTP association is closed before an E2SETUPREQUEST is sent. The near-RT RIC assumes a mapping between SCTP association and E2 node always exists in the cleanup path and enforces this via assert. A remote unauthenticated attacker can crash the near-RT RIC port 36421...

CVE-2026-37226

FlexRIC v2.0.0 is vulnerable: when the iApp receives an E42_RIC_SUBSCRIPTION_REQUEST referencing a non-existent E2 Node, the lookup returns NULL and triggers an abort in Debug builds (SIGABRT) or a segfault in Release builds (SIGSEGV), allowing a remote unauthenticated attacker to crash the iApp ...

PT-2026-45453

FlexRIC v2.0.0 contains a reachable assertion in the iApp message dispatcher. The dispatcher validates incoming E2AP messages against a 9-entry whitelist using assert. A remote unauthenticated attacker can send any decodable E2AP PDU with a message type not in the whitelist to crash the iApp...

PT-2026-45507

FlexRIC v2.0.0 contains a reachable assertion in e2ap recv sctp msg src/lib/ep/e2ap ep.c. The function allocates a fixed 32KB receive buffer and enforces assertrc = 32,768 bytes to crash the near-RT RIC, iApp, E2 Agent, or xApp process via SIGABRT. No valid E2AP PDU is required. All four SCTP...

CVE-2023-43959

An issue in YeaLinkSIP-T19P-E2 v.53.84.0.15 allows a remote privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component...

CVE-2022-42139

Delta Electronics DVW-W02W2-E2 1.5.0.10 is vulnerable to Command Injection via Crafted URL...

CVE-2025-66737

Yealink T21PE2 Phone 52.84.0.15 is vulnerable to Directory Traversal. A remote normal privileged attacker can read arbitrary files via a crafted request result read function of the diagnostic component...

CVE-2025-66738

An issue in Yealink T21PE2 Phone 52.84.0.15 allows a remote normal privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component...

CVE-2025-66738

An issue in Yealink T21PE2 Phone 52.84.0.15 allows a remote normal privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component...

CVE-2025-66738

An issue in Yealink T21PE2 Phone 52.84.0.15 allows a remote normal privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component...

CVE-2025-66738

An issue in Yealink T21PE2 Phone 52.84.0.15 allows a remote normal privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component...

PT-2025-53600

Name of the Vulnerable Software and Affected Versions Yealink T21P E2 Phone version 52.84.0.15 Description The Yealink T21P E2 Phone version 52.84.0.15 contains a directory traversal flaw. A remote attacker with normal privileges can read arbitrary files through a crafted request to the diagnosti...