29 matches found
ROS-20260319-73-0003
A vulnerability in the netsetvlan function of the Network module of the Grub2 operating system loader is related to the dereferencing of an expired pointer. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
CVE-2025-15230
A vulnerability was found in Tenda M3 1.0.0.134903. Affected by this issue is the function formSetVlanPolicy of the file /goform/setVlanPolicyData. Performing a manipulation of the argument qvlantruckport results in heap-based buffer overflow. Remote exploitation of the attack is possible. The...
CVE-2025-15231
A vulnerability was determined in Tenda M3 1.0.0.134903. This affects the function formSetRemoteVlanInfo of the file /goform/setVlanInfo. Executing a manipulation of the argument ID/vlan/port can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been public...
CVE-2025-15231
A vulnerability was determined in Tenda M3 1.0.0.134903. This affects the function formSetRemoteVlanInfo of the file /goform/setVlanInfo. Executing a manipulation of the argument ID/vlan/port can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been public...
CVE-2025-15231
A vulnerability was determined in Tenda M3 1.0.0.134903. This affects the function formSetRemoteVlanInfo of the file /goform/setVlanInfo. Executing a manipulation of the argument ID/vlan/port can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been public...
CVE-2025-15231 Tenda M3 setVlanInfo formSetRemoteVlanInfo stack-based overflow
A vulnerability was determined in Tenda M3 1.0.0.134903. This affects the function formSetRemoteVlanInfo of the file /goform/setVlanInfo. Executing a manipulation of the argument ID/vlan/port can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been public...
CVE-2025-15231 Tenda M3 setVlanInfo formSetRemoteVlanInfo stack-based overflow
A vulnerability was determined in Tenda M3 1.0.0.134903. This affects the function formSetRemoteVlanInfo of the file /goform/setVlanInfo. Executing a manipulation of the argument ID/vlan/port can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been public...
CVE-2025-15231
CVE-2025-15231 affects Tenda M3 router (version 1.0.0.13(4903)). The vulnerability is a stack-based buffer overflow in the function formSetRemoteVlanInfo within /goform/setVlanInfo caused by manipulating the ID/vlan/port parameters. Exploitation can be performed remotely and public exploit detail...
CVE-2025-15231
A vulnerability was determined in Tenda M3 1.0.0.134903. This affects the function formSetRemoteVlanInfo of the file /goform/setVlanInfo. Executing a manipulation of the argument ID/vlan/port can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been public...
CVE-2025-15230
A vulnerability was found in Tenda M3 1.0.0.134903. Affected by this issue is the function formSetVlanPolicy of the file /goform/setVlanPolicyData. Performing a manipulation of the argument qvlantruckport results in heap-based buffer overflow. Remote exploitation of the attack is possible. The...
CVE-2025-15230
The CVE-2025-15230 entry affects Tenda M3 1.0.0.13(4903). The vulnerability resides in the /goform/setVlanPolicyData::formSetVlanPolicy function, where manipulating the qvlan_truck_port argument causes a heap-based buffer overflow. Remote exploitation is possible, and an exploit has been publicly...
PT-2025-53850
Name of the Vulnerable Software and Affected Versions Tenda M3 version 1.0.0.134903 Description A flaw exists in the Tenda M3 router that could allow for remote code execution. The issue is due to a stack-based buffer overflow within the formSetRemoteVlanInfo function, located in the...
Tenda M3 安全漏洞
Tenda M3 is a wireless controller AC from Tenda, which is aimed at scenarios such as hotel chains, low-star hotels and small and medium-sized businesses. Tenda M3 has a stack buffer overflow vulnerability, the vulnerability stems from the incorrect operation of the parameters ID, vlan and port in...
Security update for grub2
This update for grub2 fixes the following issues: CVE-2025-54770: Fixed missing unregister call for netsetvlan command may lead to use-after-free bsc1252930 CVE-2025-54771: Fixed rubfileclose does not properly controls the fs refcount bsc1252931 CVE-2025-61661: Fixed out-of-bounds write in...
Grub2: use-after-free in net_set_vlan
...
EUVD-2025-198077
A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service DoS risk. This flaw is a Use-after-Free issue, caused because the netsetvlan command is not properly unregistered when the network module is unloaded from memory. An attacker who...
DEBIAN-CVE-2025-54770
A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service DoS risk. This flaw is a Use-after-Free issue, caused because the netsetvlan command is not properly unregistered when the network module is unloaded from memory. An attacker who...
CVE-2025-54770
A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service DoS risk. This flaw is a Use-after-Free issue, caused because the netsetvlan command is not properly unregistered when the network module is unloaded from memory. An attacker who...
UBUNTU-CVE-2025-54770
A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service DoS risk. This flaw is a Use-after-Free issue, caused because the netsetvlan command is not properly unregistered when the network module is unloaded from memory. An attacker who...
CVE-2025-54770
CVE-2025-54770 is a Use-After-Free in GRUB2’s network module (net_set_vlan) triggered when the network module is unloaded, allowing a local attacker to access freed memory and cause a DoS crash. Connected advisories (ALAS/OpenSUSE/SUSE) confirm this issue across grub2 packages and list affected r...