42 matches found
Astra Linux – Vulnerability in net-snmp
Net-SNMP provides various tools related to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials could use a malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable to cause a NULL pointer dereference. Version 5.9.2 includes a patch to address...
Exploit for CVE-2026-8836
CVE-2026-8836 — lwIP SNMPv3 Stack Overflow PoC Proof of conce...
CVE-2026-8836
A flaw was found in lwIP. A remote attacker can exploit a stack-based buffer overflow vulnerability in the snmpparseinboundframe function within the SNMPv3 User-based Security Model USM Handler. By manipulating specific authentication parameters, an attacker could potentially achieve arbitrary co...
CVE-2026-8836 lwIP snmpv3 USM snmp_msg.c snmp_parse_inbound_frame stack-based overflow
A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmpparseinboundframe of the file src/apps/snmp/snmpmsg.c of the component snmpv3 USM Handler. Performing a manipulation of the argument msgAuthenticationParameters results in stack-based buffer overflow. The attack may be...
CVE-2026-8836
Summary: lwIP up to 2.2.1 contains a vulnerability in the SNMPv3 USM handler. The issue is in the function snmp_parse_inbound_frame (file: src/apps/snmp/snmp_msg.c) where manipulating msgAuthenticationParameters can cause a stack-based buffer overflow. The attack is potentially remote. A patch is...
CVE-2026-20048
A vulnerability in the Simple Network Management Protocol SNMP subsystem of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper processing when...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004189)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004189 advisory. In the Linux kernel before 4.20.12, net/ipv4/netfilter/nfnatsnmpbasicmain.c in the SNMP NAT module has insufficient ASN.1 length checks aka an array index error,...
CVE-2025-13373
Advantech iView versions 5.7.05.7057 and prior do not properly sanitize SNMP v1 trap Port 162 requests, which could allow an attacker to inject SQL commands...
CVE-2025-55087
In NextX Duo's snmp addon versions before 6.4.4, a part of the Eclipse Foundation ThreadX, an attacker could cause an out-of-bound read by a crafted SNMPv3 security parameters...
EUVD-2019-16172
Malware in sbrugna...
PT-2025-9097 · Git +1 · Net-Snmp
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A heap buffer overflow issue was identified, which can cause a crash. The crash occurs during the setup engineID, init snmpv3 post premib config, and snmp call callbacks functions...
Siemens SCALANCE Series 访问控制错误漏洞
Siemens SCALANCE Series is a family of industrial communication devices from Siemens, Germany. An access control error vulnerability exists in the Siemens SCALANCE Series that arises from an affected device with the user role being affected by incorrect authorization in the SNMPv3 view...
CVE-2025-21091
When SNMP v1 or v2c are disabled on the BIG-IP, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2024-8450
Certain switch models from PLANET Technology have a Hard-coded community string in the SNMPv1 service, allowing unauthorized remote attackers to use this community string to access the SNMPv1 service with read-write privileges...
CVE-2024-5460
CVE-2024-5460 affects Brocade Fabric OS versions before 9.0.0, where a hard-coded, default SNMP community string in the SNMP daemon config enables an authenticated, remote attacker to read data from the device. Exploitation via SNMP v1 with the static community string is implied; the vulnerabilit...
DEBIAN-CVE-2022-24809
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-only credentials can use a malformed OID in a GET-NEXT to the nsVacmAccessTable to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong...
DEBIAN-CVE-2022-24808
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users shou...
DEBIAN-CVE-2022-24806
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can exploit an Improper Input Validation vulnerability when SETing malformed OIDs in master agent and subagent simultaneously. Version 5.9.2 contains a...
DEBIAN-CVE-2022-24805
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access. A user with read-only credentials can exploit the issue. Version 5.9.2 contains...
CVE-2023-31925
Brocade SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication passwords in plaintext. A privileged user could retrieve these credentials with knowledge and access to these log files. SNMP credentials could be seen in SANnav SupportSave if the capture is performed after an SNMP configurati...