Skip to main content

Stack-based Buffer Overflow

memory HIGH

A stack-based buffer overflow occurs when a program writes more data to a buffer located on the stack than it was allocated to hold.

How It Works

A stack-based buffer overflow occurs when a program writes more data to a buffer located on the stack than it was allocated to hold. The stack stores local variables, function parameters, and critical control information including the return address that tells the CPU where to resume execution after a function completes. When an attacker overflows a buffer, they can overwrite adjacent memory, including this return address.

The classic exploitation path involves carefully crafting input to overwrite the return address with a pointer to attacker-controlled code. Historically, attackers would inject shellcode directly into the overflowed buffer, then redirect execution to it. Modern defenses like Data Execution Prevention (DEP/NX) mark the stack as non-executable, forcing attackers to use Return-Oriented Programming (ROP) instead—chaining together existing code snippets ("gadgets") to perform malicious operations without injecting new code.

Address Space Layout Randomization (ASLR) randomizes memory addresses to make exploitation harder, but attackers can defeat it through information disclosure vulnerabilities that leak memory addresses. Stack canaries—random values placed between buffers and control data—can detect overwrites, but may be bypassed through brute-force attacks or by carefully avoiding them in partial overwrites.

Impact

  • Arbitrary code execution at the privilege level of the vulnerable process
  • Complete system compromise if the vulnerable process runs with elevated privileges (root/SYSTEM)
  • Memory corruption leading to crashes and denial of service
  • Bypass of authentication mechanisms by redirecting execution flow around security checks
  • Data theft or modification through code injection that accesses sensitive memory regions

Real-World Examples

The Morris Worm (1988) exploited a stack overflow in the Unix fingerd daemon, becoming one of the first major internet worms. The Code Red worm (2001) leveraged a stack overflow in Microsoft IIS (CVE-2001-0500) to compromise hundreds of thousands of web servers, demonstrating the massive scale of automated exploitation.

More recently, EternalBlue exploited stack corruption in Windows SMB (CVE-2017-0144), enabling the WannaCry and NotPetya ransomware outbreaks that caused billions in damage. The Heartbleed bug (CVE-2014-0160), while technically a heap-based read overflow, demonstrated how buffer handling errors remain prevalent even in security-critical software like OpenSSL.

Mitigation

  • Stack canaries (compile with -fstack-protector-all or equivalent) to detect overwrites before return
  • Address Space Layout Randomization (ASLR) to randomize memory locations
  • DEP/NX bit enforcement to prevent code execution from stack memory
  • Memory-safe string functions (use strncpy, snprintf, strlcpy instead of strcpy, sprintf, gets)
  • Compiler hardening flags (-D_FORTIFY_SOURCE=2, control-flow integrity)
  • Input validation with strict bounds checking on all externally-supplied data
  • Memory-safe languages (Rust, Go) for new development to eliminate the vulnerability class entirely

Recent CVEs (2223)

EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability via the vlan parameter in the formSetVlanInfo function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

Tenda AC10 v4.0 V16.03.10.13 and V16.03.10.20 firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability in the fromDhcpListClient function. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

Tenda A18 v15.03.05.05 firmware has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 0% CVSS 8.0
HIGH This Week

Tenda AC15 v15.03.20_multi, v15.03.05.19, and v15.03.05.18 firmware has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting function. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM POC This Month

Tenda AC10U v1.0 Firmware v15.03.06.49 has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability via the PPW parameter in the fromWizardHandle function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 6% CVSS 8.0
HIGH POC This Week

Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in the fromDhcpListClient function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Tenda W30E v1.0 firmware v1.0.1.25(633) has a stack overflow vulnerability via the page parameter in the fromNatlimit function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 1% CVSS 6.7
MEDIUM POC This Month

Tenda W30E v1.0 v1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in the fromAddressNat function. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM POC This Month

Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page parameter in the fromwebExcptypemanFilter function. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the qos parameter in the fromqossetting function. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 1% CVSS 8.0
HIGH POC This Week

Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the password parameter in the formaddUserName function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Tenda FH1205 V2.0.0.7(775) firmware has a stack overflow vulnerability located via the adslPwd parameter of the formWanParameterSetting function. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM POC This Month

Tenda F1203 V2.0.1.6 firmware has a stack overflow vulnerability located in the adslPwd parameter of the formWanParameterSetting function. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 1% CVSS 8.0
HIGH POC This Week

Tenda F1203 V2.0.1.6 firmware has a stack overflow vulnerability located in the PPW parameter of the fromWizardHandle function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 1% CVSS 7.4
HIGH POC This Week

Tenda FH1205 V2.0.0.7(775) firmware has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Tenda AC500 2.0.1.9(1307). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 2% CVSS 9.8
CRITICAL Act Now

A vulnerability classified as critical was found in Tenda AC500 2.0.1.9(1307). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

A vulnerability was found in Tenda AC500 2.0.1.9(1307). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

A vulnerability was found in Tenda AC500 2.0.1.9(1307). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

A vulnerability was found in Tenda AC500 2.0.1.9(1307). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD VulDB GitHub
EPSS 1% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Oracle +5
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Oracle +4
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Oracle +1
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Oracle +5
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability was found in Tenda W30E 1.0.1.25(633). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability was found in Tenda W30E 1.0.1.25(633) and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability, which was classified as critical, was found in Tenda W30E 1.0.1.25(633). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Tenda F1202 1.2.0.20(408). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

A vulnerability classified as critical was found in Tenda F1202 1.2.0.20(408). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

A vulnerability classified as critical has been found in Tenda F1202 1.2.0.20(408). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

A vulnerability was found in Tenda F1202 1.2.0.20(408). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability was found in Tenda W20E 15.11.0.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

A Stack Overflow vulnerability in Tenda AC15 v15.03.05.18 allows attackers to cause a denial of service via the LISTEN parameter in the fromDhcpListClient function. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 6.4
MEDIUM This Month

A buffer overflow vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged. Rated medium severity (CVSS 6.4). No vendor patch available.

Buffer Overflow Stack Overflow Lenovo +2
NVD
EPSS 1% CVSS 8.7
HIGH This Week

A Stack-based Buffer Overflow vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Juniper +2
NVD
EPSS 1% CVSS 8.7
HIGH This Week

A Stack-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) component of Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an rpd crash,. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Juniper +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Illustrator versions 28.3, 27.9.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function hnap_main. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow D-Link +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH This Week

Media Encoder versions 24.2.1, 23.6.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE +1
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Secure Boot Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Stack Overflow Windows 10 1507 +12
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Stack Overflow RCE +4
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE +6
NVD
EPSS 1% CVSS 8.0
HIGH This Week

Secure Boot Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Windows 10 1507 +13
NVD
EPSS 1% CVSS 6.7
MEDIUM This Month

Secure Boot Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Windows 10 1507 +12
NVD
EPSS 1% CVSS 6.3
MEDIUM This Month

Secure Boot Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.3). No vendor patch available.

Buffer Overflow Stack Overflow Windows 10 1507 +12
NVD
EPSS 1% CVSS 8.0
HIGH This Week

Secure Boot Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Windows 10 1507 +12
NVD
EPSS 1% CVSS 7.1
HIGH This Week

Secure Boot Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Stack Overflow Windows Server 2012
NVD
EPSS 1% CVSS 7.1
HIGH This Week

Secure Boot Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Stack Overflow Windows Server 2012
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In afe_callback of q6afe.c, there is a possible out of bounds write due to a buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Stack Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Kofax Power PDF TIF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow RCE +1
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

In Mbed TLS 3.3.0 through 3.5.2 before 3.6.0, a malicious client can cause information disclosure or a denial of service because of a stack buffer over-read (of less than 256 bytes) in a TLS 1.3. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Stack Overflow +2
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

TP-Link Omada ER605 DHCPv6 Client Options Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow TP-Link +2
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability in the page parameter of fromAddressNat function. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM POC This Month

Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the entrys parameter in the fromAddressNat function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the PPPOEPassword parameter in the formQuickIndex function. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 1% CVSS 8.0
HIGH POC This Week

Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability via the mitInterface parameter in the fromAddressNat function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the security parameter from the formWifiBasicSet function. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the security_5g parameter from formWifiBasicSet function. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM POC This Month

Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the schedStartTime parameter from setSchedWifi function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 1% CVSS 5.7
MEDIUM POC This Month

Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the list1 parameter from fromDhcpListClient function. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the page parameter from fromAddressNat function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the deviceId parameter from saveParentControlInfo function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 1% CVSS 8.0
HIGH POC This Week

Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the schedEndTime parameter from setSchedWifi function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 1% CVSS 8.0
HIGH POC This Week

Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the entrys parameter from fromAddressNat function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the urls parameter from saveParentControlInfo function. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the page parameter from fromDhcpListClient function. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the mitInterface parameter from fromAddressNat function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 1% CVSS 8.1
HIGH POC This Week

Tenda AC10U v15.03.06.48 has a stack overflow vulnerability in the deviceId, limitSpeed, limitSpeedUp parameter from formSetClientState function. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the urls parameter of the saveParentControlInfo function. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 1% CVSS 8.0
HIGH POC This Week

Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the time parameter of the saveParentControlInfo function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 1% CVSS 8.0
HIGH POC This Week

Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the schedEndTime parameter of the setSchedWifi function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the deviceMac parameter of the addWifiMacFilter function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability in the security_5g parameter of the formWifiBasicSet function. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Tenda FH1203 v2.0.1.6 firmware has a stack overflow vulnerability in the security parameter of the formWifiBasicSet function. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 1% CVSS 8.0
HIGH POC This Week

Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the deviceId parameter of the saveParentControlInfo function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 1% CVSS 8.0
HIGH POC This Week

Tenda FH1203 v2.0.1.6 has a stack overflow vulnerability in the page parameter of the fromDhcpListClient function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 1% CVSS 8.0
HIGH POC This Week

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the page parameter of the fromAddressNat function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the time parameter of the saveParentControlInfo function. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the schedEndTime parameter of the setSchedWifi function. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability in the entrys parameter of the fromAddressNat function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM POC This Month

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the schedStartTime parameter of the setSchedWifi function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the security_5g parameter of the formWifiBasicSet function. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the saveParentControlInfo function. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 1% CVSS 8.0
HIGH POC This Week

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the mitInterface parameter of the fromAddressNat function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceMac parameter of the addWifiMacFilter function. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the addWifiMacFilter function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Stack-based Buffer Overflow vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Aterm Wg1800Hp4 Firmware +58
NVD
Prev Page 16 of 25 Next

Quick Facts

Typical Severity
HIGH
Category
memory
Total CVEs
2223

Related CWEs

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy