Skip to main content

Stack-based Buffer Overflow

memory HIGH

A stack-based buffer overflow occurs when a program writes more data to a buffer located on the stack than it was allocated to hold.

How It Works

A stack-based buffer overflow occurs when a program writes more data to a buffer located on the stack than it was allocated to hold. The stack stores local variables, function parameters, and critical control information including the return address that tells the CPU where to resume execution after a function completes. When an attacker overflows a buffer, they can overwrite adjacent memory, including this return address.

The classic exploitation path involves carefully crafting input to overwrite the return address with a pointer to attacker-controlled code. Historically, attackers would inject shellcode directly into the overflowed buffer, then redirect execution to it. Modern defenses like Data Execution Prevention (DEP/NX) mark the stack as non-executable, forcing attackers to use Return-Oriented Programming (ROP) instead—chaining together existing code snippets ("gadgets") to perform malicious operations without injecting new code.

Address Space Layout Randomization (ASLR) randomizes memory addresses to make exploitation harder, but attackers can defeat it through information disclosure vulnerabilities that leak memory addresses. Stack canaries—random values placed between buffers and control data—can detect overwrites, but may be bypassed through brute-force attacks or by carefully avoiding them in partial overwrites.

Impact

  • Arbitrary code execution at the privilege level of the vulnerable process
  • Complete system compromise if the vulnerable process runs with elevated privileges (root/SYSTEM)
  • Memory corruption leading to crashes and denial of service
  • Bypass of authentication mechanisms by redirecting execution flow around security checks
  • Data theft or modification through code injection that accesses sensitive memory regions

Real-World Examples

The Morris Worm (1988) exploited a stack overflow in the Unix fingerd daemon, becoming one of the first major internet worms. The Code Red worm (2001) leveraged a stack overflow in Microsoft IIS (CVE-2001-0500) to compromise hundreds of thousands of web servers, demonstrating the massive scale of automated exploitation.

More recently, EternalBlue exploited stack corruption in Windows SMB (CVE-2017-0144), enabling the WannaCry and NotPetya ransomware outbreaks that caused billions in damage. The Heartbleed bug (CVE-2014-0160), while technically a heap-based read overflow, demonstrated how buffer handling errors remain prevalent even in security-critical software like OpenSSL.

Mitigation

  • Stack canaries (compile with -fstack-protector-all or equivalent) to detect overwrites before return
  • Address Space Layout Randomization (ASLR) to randomize memory locations
  • DEP/NX bit enforcement to prevent code execution from stack memory
  • Memory-safe string functions (use strncpy, snprintf, strlcpy instead of strcpy, sprintf, gets)
  • Compiler hardening flags (-D_FORTIFY_SOURCE=2, control-flow integrity)
  • Input validation with strict bounds checking on all externally-supplied data
  • Memory-safe languages (Rust, Go) for new development to eliminate the vulnerability class entirely

Recent CVEs (2223)

EPSS 0% CVSS 8.8
HIGH This Week

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the list1 parameter at ip/goform/DhcpListClient. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at ip/goform/NatStaticSetting. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the funcpara1 parameter at ip/goform/exeCommand. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the function urldecode. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Lr350 Firmware
NVD GitHub
EPSS 1% CVSS 7.7
HIGH POC This Week

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the addWlProfileClientMode function. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Cp450 Firmware
NVD GitHub
EPSS 1% CVSS 7.3
HIGH POC This Week

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setUrlFilterRules function. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Cp450 Firmware
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the SetPortForwardRules function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Cp450 Firmware
NVD GitHub
EPSS 1% CVSS 7.3
HIGH POC This Week

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the CloudACMunualUpdate function. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Cp450 Firmware
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpPortFilterRules function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Cp450 Firmware
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setStaticDhcpConfig function. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Cp450 Firmware
NVD GitHub
EPSS 1% CVSS 3.8
LOW POC Monitor

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setLanguageCfg function. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Cp450 Firmware
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setMacFilterRules function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Cp450 Firmware
NVD GitHub
EPSS 1% CVSS 7.3
HIGH POC This Week

TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the getSaveConfig function. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Cp450 Firmware
NVD GitHub
EPSS 1% CVSS 5.7
MEDIUM POC This Month

A buffer overflow vulnerability in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 via formTcpipSetup allows remote authenticated users to trigger a denial of service (DoS) through the parameter "curTime.". Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow D-Link +2
NVD GitHub
EPSS 0% CVSS 6.2
MEDIUM This Month

Buffer Overflow vulnerability in emp-ot v.0.2.4 allows a remote attacker to execute arbitrary code via the FerretCOT<T>::read_pre_data128_from_file function. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

HDF5 through 1.14.3 contains a stack buffer overflow in H5R__decode_heap, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Denial Of Service +2
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

MP-SPDZ v0.3.8 was discovered to contain a stack overflow via the function OTExtensionWithMatrix::extend in /OT/OTExtensionWithMatrix.cpp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Denial Of Service +1
NVD GitHub
EPSS 1% CVSS 8.1
HIGH This Week

nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Stack Overflow Glibc +8
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption when size of buffer from previous call is used without validation or re-initialization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Ar8035 Firmware +23
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability was found in Tenda i21 1.0.0.14(4656). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability was found in Tenda i21 1.0.0.14(4656). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability was found in Tenda i21 1.0.0.14(4656) and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability has been found in Tenda i21 1.0.0.14(4656) and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability, which was classified as critical, was found in Tenda i21 1.0.0.14(4656). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability, which was classified as critical, has been found in Tenda i21 1.0.0.14(4656). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability classified as critical was found in Tenda i21 1.0.0.14(4656). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 1% CVSS 5.3
MEDIUM This Month

An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Radio Frequency Manager service accessed via the PAPI protocol. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Arubaos
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Radio Frequency Manager service accessed via the PAPI protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Arubaos
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An unauthenticated Denial of Service (DoS) vulnerability exists in the Auth service accessed via the PAPI protocol provided by ArubaOS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Denial Of Service +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Arubaos
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Arubaos
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Stack Overflow Arubaos
NVD
EPSS 15% CVSS 9.8
CRITICAL Act Now

There is a buffer overflow vulnerability in the underlying Local User Authentication Database service that could lead to unauthenticated remote code execution by sending specially crafted packets. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Aruba +1
NVD
EPSS 15% CVSS 9.8
CRITICAL Act Now

There is a buffer overflow vulnerability in the underlying Automatic Reporting service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Aruba +1
NVD
EPSS 15% CVSS 9.8
CRITICAL Act Now

There is a buffer overflow vulnerability in the underlying Utility daemon that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Aruba +1
NVD
EPSS 44% CVSS 9.8
CRITICAL POC THREAT Act Now

There is a buffer overflow vulnerability in the underlying L2/L3 Management service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Aruba +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Cncsoft G2
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A stack-based buffer overflow was found in the putSDN() function of mail.c in hcode through 2.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability was found in Tenda A301 15.13.08.12_multi_TDE01. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability classified as critical has been found in Tenda i22 1.0.0.3(4687). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability was found in Tenda i21 1.0.0.14(4656). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability was found in Tenda i21 1.0.0.14(4656). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability was found in Tenda i21 1.0.0.14(4656). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability was found in Tenda i21 1.0.0.14(4656) and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability has been found in Tenda i21 1.0.0.14(4656) and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability, which was classified as critical, was found in Tenda i21 1.0.0.14(4656). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability, which was classified as critical, has been found in Tenda i21 1.0.0.14(4656). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability classified as critical was found in Tenda W9 1.0.0.7(4456). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability classified as critical has been found in Tenda W9 1.0.0.7(4456). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability was found in Tenda W9 1.0.0.7(4456). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability was found in Tenda W9 1.0.0.7(4456). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability was found in Tenda W9 1.0.0.7(4456). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability was found in Tenda AX1806 1.0.0.1 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD VulDB GitHub
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability has been found in Tenda AX1806 1.0.0.1 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability, which was classified as critical, was found in Tenda AX1806 1.0.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 15% CVSS 8.8
HIGH This Week

A vulnerability, which was classified as critical, has been found in Tenda AX1803 1.0.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability classified as critical has been found in Tenda W30E 1.0/1.0.1.25. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

A vulnerability was found in Tenda 4G300 1.01.42. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

A vulnerability was found in Tenda 4G300 1.01.42. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

A vulnerability was found in Tenda 4G300 1.01.42. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

A vulnerability was found in Tenda 4G300 1.01.42 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

A vulnerability has been found in Tenda 4G300 1.01.42 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability, which was classified as critical, was found in Tenda G3 15.11.0.17(9502). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

A vulnerability, which was classified as critical, has been found in Tenda G3 15.11.0.17(9502). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

A vulnerability was found in Tenda W15E 15.11.0.14. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

A vulnerability was found in Tenda W15E 15.11.0.14 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

A vulnerability has been found in Tenda W15E 15.11.0.14 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

A vulnerability, which was classified as critical, was found in Tenda W15E 15.11.0.14. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Tenda W15E 15.11.0.14. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

A vulnerability classified as critical was found in Tenda W15E 15.11.0.14. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

A vulnerability classified as critical has been found in Tenda W15E 15.11.0.14. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

A vulnerability was found in Tenda W15E 15.11.0.14. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

A vulnerability was found in Tenda W15E 15.11.0.14. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

A vulnerability was found in Tenda W15E 15.11.0.14. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

A vulnerability was found in Tenda W15E 15.11.0.14 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

A vulnerability has been found in Tenda W15E 15.11.0.14 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

A vulnerability, which was classified as critical, was found in Tenda W15E 15.11.0.14. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability, which was classified as critical, has been found in Tenda TX9 22.03.02.10. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability classified as critical was found in Tenda TX9 22.03.02.10. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 2% CVSS 8.8
HIGH This Week

A vulnerability classified as critical has been found in Tenda TX9 22.03.02.10. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability was found in Tenda TX9 22.03.02.10. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

A vulnerability classified as critical has been found in Tenda AC8 16.03.34.09. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

A vulnerability was found in Tenda AC8 16.03.34.09. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

A vulnerability was found in Tenda AC8 16.03.34.09. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 1% CVSS 7.5
HIGH POC This Week

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the page parameter in ip/goform/addressNat. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in ip/goform/addressNat. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Month

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in ip/goform/RouteStatic. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the funcpara1 parameter in ip/goform/setcfm. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD
EPSS 0% CVSS 7.3
HIGH POC This Week

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the PPPOEPassword parameter in ip/goform/QuickIndex. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD
EPSS 1% CVSS 5.9
MEDIUM POC This Month

Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability via the timeZone parameter in the formSetTimeZone function. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
Prev Page 15 of 25 Next

Quick Facts

Typical Severity
HIGH
Category
memory
Total CVEs
2223

Related CWEs

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy