Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Lifecycle Timeline
6DescriptionCVE.org
Out-of-bounds read vulnerability in ASR Kestrel (nr_fw modules) allows Overflow Buffers.
This vulnerability is associated with program files Code/Nr/nr_fw/RA/src/NrPwrCtrl.C.
This issue affects Kestrel: before 2026/02/10.
AnalysisAI
Out-of-bounds read in ASR Kestrel's nr_fw power control module enables authenticated remote attackers to trigger buffer overflow conditions, potentially disclosing sensitive information and compromising system integrity with low-to-moderate impact across security boundaries. Exploitable over the network with low complexity by attackers holding low-privilege credentials. EPSS data unavailable; not currently listed in CISA KEV. Vendor advisory confirms patch released February 10, 2026.
Technical ContextAI
The vulnerability resides in the nr_fw module's power control component (NrPwrCtrl.C), part of ASR Kestrel's Radio Access (RA) subsystem for New Radio (5G NR) functionality. CWE-125 out-of-bounds read occurs when code accesses memory beyond allocated buffer boundaries without writing, typically during parsing or data processing operations. In telecommunications baseband processors and firmware, such flaws can expose cryptographic material, configuration data, or adjacent memory contents. The affected CPE string (cpe:2.3:a:asr:kestrel:*:*:*:*:*:*:*:*) indicates impact across all Kestrel versions prior to the February 2026 release, suggesting the flaw existed in the power control logic across multiple firmware iterations.
RemediationAI
Upgrade ASR Kestrel firmware to the version released on or after February 10, 2026, which addresses the out-of-bounds read in the nr_fw power control module. Consult the vendor Product Security Incident Response Team (PSIRT) advisory at https://www.asrmicro.com/en/goods/psirt?cid=44 for specific firmware build numbers, installation procedures, and compatibility notes for your deployment. If immediate patching is infeasible in production telecommunications environments, implement network segmentation to restrict access to Kestrel management interfaces to trusted administrator networks only, reducing exposure to the PR:L (low-privilege authenticated) attack vector. Monitor authentication logs for suspicious low-privilege account activity targeting nr_fw module endpoints. Consider application-layer firewall rules to block unusual power control API requests if such granular controls are supported. Note that access restrictions reduce exploitation probability but do not eliminate the underlying memory safety flaw-patching remains the definitive remediation.
Out-of-bounds access in ASR180x 、ASR190x in lte-telephony, This vulnerability is associated with program files apps/lz
Out-of-bounds write in ASR180x in lte-telephony, May cause a buffer underrun. This vulnerability is associated with pr
Improper Resource Shutdown or Release vulnerability in ASR180x 、ASR190x in tr069 modules allows Resource Leak Exposure.
Improper Resource Shutdown or Release vulnerability in ASR180x 、ASR190x in tr069 modules allows Resource Leak Exposure.
Improper Resource Shutdown or Release vulnerability in ASR180x 、ASR190x in router modules allows Resource Leak Exposure.
Improper Resource Shutdown or Release vulnerability in ASR Falcon_Linux、Kestrel、Lapwing_Linux on Linux (traffic_stat mod
Improper Resource Shutdown or Release vulnerability in ASR180x 、ASR190x in router components allows Resource Leak Ex
Resource leak vulnerability in ASR180x in router allows Resource Leak Exposure. This vulnerability is associated with p
Improper Resource Shutdown or Release vulnerability in ASR Falcon_Linux、Kestrel、Lapwing_Linux on Linux (con_mgr compon
Resource leak vulnerability in ASR180x、ASR190x in con_mgr allows Resource Leak Exposure.This issue affects Falcon_Linux、
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-26358