235 matches found
CVE-2025-41732 Stack-based buffer overflow via unsafe sscanf in check_cookie()
An unauthenticated remote attacker can abuse unsafe sscanf calls within the checkcookie function to write arbitrary data into fixed-size stack buffers which leads to full device compromise...
EUVD-2025-202414
An unauthenticated remote attacker can abuse unsafe sscanf calls within the checkcookie function to write arbitrary data into fixed-size stack buffers which leads to full device compromise...
CVE-2025-41732
CVE-2025-41732 describes a stack-based overflow caused by unsafe sscanf usage in the check_cookie() function, permitting an unauthenticated remote attacker to write into fixed-size stack buffers and potentially compromise the device. The Open documentation consistently states a full device compro...
CVE-2025-41732 Stack-based buffer overflow via unsafe sscanf in check_cookie()
An unauthenticated remote attacker can abuse unsafe sscanf calls within the checkcookie function to write arbitrary data into fixed-size stack buffers which leads to full device compromise...
EUVD-2025-202415
An unauthenticated remote attacker can abuse unsafe sscanf calls within the checkaccount function to write arbitrary data into fixed-size stack buffers which leads to full device compromise...
CVE-2025-41730
CVE-2025-41730 is an unauthenticated remote exploit reported for WAGO Industrial-Managed-Switches and related Red Hat/NVD variants. The root cause is unsafe uses of sscanf in the check_account() function, which can write data into fixed-size stack buffers, resulting in a stack-based overflow and ...
CVE-2025-41730 Stack-based buffer overflow via unsafe sscanf in check_account()
An unauthenticated remote attacker can abuse unsafe sscanf calls within the checkaccount function to write arbitrary data into fixed-size stack buffers which leads to full device compromise...
CVE-2025-41730 Stack-based buffer overflow via unsafe sscanf in check_account()
An unauthenticated remote attacker can abuse unsafe sscanf calls within the checkaccount function to write arbitrary data into fixed-size stack buffers which leads to full device compromise...
PT-2025-50320
Name of the Vulnerable Software and Affected Versions versions prior to 2025-41732 Description An unauthenticated remote attacker can exploit unsafe sscanf calls within the check cookie function to write arbitrary data into fixed-size stack buffers, potentially leading to full device compromise...
WAGO Indsutrial-Managed-Switches 安全漏洞
WAGO Indsutrial-Managed-Switches is a series of high-performance network devices from WAGO, Germany. A security vulnerability exists in WAGO Indsutrial-Managed-Switches, which stems from an unsafe sscanf call in the checkcookie function, which could lead to full control of the device...
PT-2025-50319
Name of the Vulnerable Software and Affected Versions versions prior to 2.3 Description An unauthenticated remote attacker can exploit unsafe sscanf calls within the check account function to write arbitrary data into fixed-size stack buffers, potentially leading to full device compromise. The...
CVE-2025-60692
A stack-based buffer overflow vulnerability exists in the libshared.so library of Cisco Linksys E1200 v2 routers Firmware E1200v2.0.11.001us.tar.gz. The functions getmacfromip and getipfrommac use sscanf with overly permissive "%100s" format specifiers to parse entries from /proc/net/arp into...
EUVD-2025-175333
A stack-based buffer overflow vulnerability exists in the libshared.so library of Cisco Linksys E1200 v2 routers Firmware E1200v2.0.11.001us.tar.gz. The functions getmacfromip and getipfrommac use sscanf with overly permissive "%100s" format specifiers to parse entries from /proc/net/arp into...
EUVD-2025-175300
A local stack-based buffer overflow vulnerability exists in the infostat.cgi and cstecgi.cgi binaries of ToToLink routers A720R V4.1.5cu.614B20230630, LR1200GB V9.1.0u.6619B20230130, and NR1800X V9.1.0u.6681B20230703. Both programs parse the contents of /proc/net/arp using sscanf with "%s" format...
CVE-2025-60692
A stack-based buffer overflow vulnerability exists in the libshared.so library of Cisco Linksys E1200 v2 routers Firmware E1200v2.0.11.001us.tar.gz. The functions getmacfromip and getipfrommac use sscanf with overly permissive "%100s" format specifiers to parse entries from /proc/net/arp into...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989034)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989034 advisory. In the Linux kernel, the following vulnerability has been resolved: cifs: potential buffer overflow in handling symlinks Smatch printed a warning:...
Tenda AC20 sscanf function buffer overflow vulnerability
Tenda AC20 is a home router from Tenda. The Tenda AC20 suffers from a buffer overflow vulnerability, which originates from the incorrect operation of the sscanf function parameter timeZone in the file /goform/fastsettingwifiset, for which no detailed vulnerability details are available at this ti...
CVE-2025-11385
A vulnerability has been found in Tenda AC20 up to 16.03.08.12. The affected element is the function sscanf of the file /goform/fastsettingwifiset. The manipulation of the argument timeZone leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the publi...
CVE-2025-11385 Tenda AC20 fast_setting_wifi_set sscanf buffer overflow
A vulnerability has been found in Tenda AC20 up to 16.03.08.12. The affected element is the function sscanf of the file /goform/fastsettingwifiset. The manipulation of the argument timeZone leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the publi...
CVE-2025-11385 Tenda AC20 fast_setting_wifi_set sscanf buffer overflow
A vulnerability has been found in Tenda AC20 up to 16.03.08.12. The affected element is the function sscanf of the file /goform/fastsettingwifiset. The manipulation of the argument timeZone leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the publi...