What is the CVSS score of CVE-2026-30871?

CVE-2026-30871 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of OpenWrt Project are affected by CVE-2026-30871?

OpenWrt's mDNS daemon contains a critical remote code execution vulnerability (CVE-2026-30871) affecting versions before 24.10.6 and 25.12.1 that allows unauthenticated attackers to crash the service…. A patch is available.

How to fix or mitigate CVE-2026-30871?

Within 24 hours: Inventory all OpenWrt devices and document current firmware versions. Within 7 days: Upgrade affected systems to OpenWrt 24.10.6 or 25.12.1 or later. Within 30 days: Verify patch deployment across all devices and implement network segmentation to restrict mDNS traffic (UDP port 5353) to trusted networks only.

OpenWrt Project CVE-2026-30871

EUVD-2026-13247 CRITICAL

Stack-based Buffer Overflow (CWE-121)

2026-03-19 GitHub_M

Buffer Overflow Stack Overflow

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 05:49 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

25.12.1,24.10.6

EUVD ID Assigned

Mar 19, 2026 - 22:00 euvd

EUVD-2026-13247

Analysis Generated

Mar 19, 2026 - 22:00 vuln.today

CVE Published

Mar 19, 2026 - 21:49 nvd

CRITICAL 9.8

DescriptionNVD

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the mdns daemon has a Stack-based Buffer Overflow vulnerability in the parse_question function. The issue is triggered by PTR queries for reverse DNS domains (.in-addr.arpa and .ip6.arpa). DNS packets received on UDP port 5353 are expanded by dn_expand into an 8096-byte global buffer (name_buffer), which is then copied via an unbounded strcpy into a fixed 256-byte stack buffer when handling TYPE_PTR queries. The overflow is possible because dn_expand converts non-printable ASCII bytes (e.g., 0x01) into multi-character octal representations (e.g., \001), significantly inflating the expanded name beyond the stack buffer's capacity. A crafted DNS packet can exploit this expansion behavior to overflow the stack buffer, making the vulnerability reachable through normal multicast DNS packet processing. This issue has been fixed in versions 24.10.6 and 25.12.1.

AnalysisAI

Remote code execution in OpenWrt mdns daemon (versions before 24.10.6 and 25.12.1) allows unauthenticated attackers to crash the service or execute arbitrary code by sending specially crafted DNS PTR queries to UDP port 5353, exploiting a stack buffer overflow in the parse_question function. The vulnerability occurs when domain names are expanded and copied without bounds checking, with non-printable characters inflating the payload beyond the fixed 256-byte buffer. …

RemediationAI

Within 24 hours: Inventory all OpenWrt devices and document current firmware versions. Within 7 days: Upgrade affected systems to OpenWrt 24.10.6 or 25.12.1 or later. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-30871 vulnerability details – vuln.today

Back

OpenWrt Project CVE-2026-30871

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code