CVE-2026-8775 Edimax BR-6428NS POST Request formL2TPSetup buffer overflow

A flaw has been found in Edimax BR-6428NS 1.10. This affects the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. This manipulation of the argument L2TPUserName causes buffer overflow. It is possible to initiate the attack remotely. The exploit has...

SUSE CVE-2026-43080

In the Linux kernel, the following vulnerability has been resolved: l2tp: Drop large packets with UDP encap syzbot reported a WARN on my patch series 1. The actual issue is an overflow of 16-bit UDP length field, and it exists in the upstream code. My series added a debug WARN with an overflow...

CVE-2026-43080

A flaw was found in the Linux kernel's L2TP Layer 2 Tunneling Protocol subsystem. This vulnerability allows a remote attacker to send an oversized PPPoL2TP packet with UDP encapsulation. Due to an overflow in the 16-bit UDP length field, the packet's length is incorrectly truncated, which can lea...

EUVD-2026-27571

In the Linux kernel, the following vulnerability has been resolved: l2tp: Drop large packets with UDP encap syzbot reported a WARN on my patch series 1. The actual issue is an overflow of 16-bit UDP length field, and it exists in the upstream code. My series added a debug WARN with an overflow...

CVE-2026-43080 l2tp: Drop large packets with UDP encap

In the Linux kernel, the following vulnerability has been resolved: l2tp: Drop large packets with UDP encap syzbot reported a WARN on my patch series 1. The actual issue is an overflow of 16-bit UDP length field, and it exists in the upstream code. My series added a debug WARN with an overflow...

CVE-2026-43080

In the Linux kernel, the following vulnerability has been resolved: l2tp: Drop large packets with UDP encap syzbot reported a WARN on my patch series 1. The actual issue is an overflow of 16-bit UDP length field, and it exists in the upstream code. My series added a debug WARN with an overflow...

CVE-2026-43080

Summary of CVE-2026-43080 (Linux kernel) : The issue resides in the L2TP/PPP over L2TP code path where an oversized PPPoL2TP packet sent with UDP encapsulation can trigger an overflow of the 16‑bit UDP length field, causing the length to be trimmed and potentially sending malformed packets. The p...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from l2tp’s failure to check for UDP length field overflows during UDP encapsulation. This could lead to the...

Linux Distros Unpatched Vulnerability : CVE-2026-43080

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - l2tp: Drop large packets with UDP encap syzbot reported a WARN on my patch series 1. The actual issue is an overflow of 16-bit UDP length field, and it exists i...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: l2tp: Pass the correct message length to ip6 AppendData. l2tpip6sendmsg needs to avoid accounting for the transport header twice when splicing more data into an already partially-occupied skbuff. To address this issue, we chec...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: l2tp: Fixed a memory leak in l2tpudpencaprecv. syzbot reported a memory leak in struct l2tpsession, l2tptunnel, sock, etc. 0 The referenced commit moved the validation of the protocol version in l2tpudpencaprecv. The new...

CVE-2026-7682

Edimax BR-6208AC (firmware 1.02) contains a vulnerability in the L2TP Mode setWAN function (/goform/setWAN). The L2TPUserName parameter can be manipulated to induce command injection. The issue is exploitable remotely and has publicly disclosed PoC/exploit code. Vendor did not respond to disclosu...

Edimax BR-6208AC 注入漏洞

The Edimax BR-6208AC is a wireless router produced by Edimax of Taiwan, China. Version 1.02 of the Edimax BR-6208AC has a vulnerability related to injection attacks. This vulnerability stems from the setWAN function in the L2TP Mode component, which processes the L2TPUserName parameter. This coul...

CVE-2026-33781

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on specific EX and QFX Series devices allow an unauthenticated, adjacent attacker to cause a complete Denial of Service DoS. On EX4k, and QFX5k platforms configur...

CVE-2026-39312

SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. In 5.2.5188 and earlier, a pre-authentication denial-of-service vulnerability exists in SoftEther VPN Developer Edition 5.2.5188 and likely earlier versions of Developer Edition. An unauthenticated remote attacker can cra...

CVE-2026-39312 Pre-Auth EAP-TLS DoS on SoftEther VPN Developer Edition

SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. In 5.2.5188 and earlier, a pre-authentication denial-of-service vulnerability exists in SoftEther VPN Developer Edition 5.2.5188 and likely earlier versions of Developer Edition. An unauthenticated remote attacker can cra...

Linux Distros Unpatched Vulnerability : CVE-2026-23120

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - l2tp: avoid one data-race in l2tptunneldelwork We should read sk-sksocket only when dealing with kernel sockets. syzbot reported the following data-race: BUG:...

CVE-2026-23120

In the Linux kernel, the following vulnerability has been resolved: l2tp: avoid one data-race in l2tptunneldelwork We should read sk-sksocket only when dealing with kernel sockets. syzbot reported the following data-race: BUG: KCSAN: data-race in l2tptunneldelwork / skcommonrelease write to...

CVE-2026-23120 l2tp: avoid one data-race in l2tp_tunnel_del_work()

In the Linux kernel, the following vulnerability has been resolved: l2tp: avoid one data-race in l2tptunneldelwork We should read sk-sksocket only when dealing with kernel sockets. syzbot reported the following data-race: BUG: KCSAN: data-race in l2tptunneldelwork / skcommonrelease write to...

CVE-2026-0620

When configured as L2TP/IPSec VPN server, Archer AXE75 V1 may accept connections using L2TP without IPSec protection, even when IPSec is enabled. This allows VPN sessions without encryption, exposing data in transit and compromising confidentiality...