By weakness (CWE)

CWE-121: related vulnerabilities

CVEs classified under CWE-121. Understanding the weakness class helps prioritize systemic fixes over one-off patches.

49 published vulnerabilities

  • CVE-2026-10062HIGH 8.8

    A stack-based buffer overflow vulnerability was discovered in the TRENDnet TEW-432BRP router (firmware version 3.10B20) affecting the route configuration function. An authenticated attacker can send specially crafted requests containing oversized IP, netmask, or gateway parameters to the /goform/formSetRoute endpoint, causing a buffer overflow that enables complete compromise of the device. The vulnerability requires valid login credentials but has been publicly disclosed. Critically, this device reached end-of-life in 2009—over 15 years ago—and the vendor has confirmed no patches or fixes will be developed.

  • CVE-2026-10063HIGH 8.8

    A stack-based buffer overflow vulnerability exists in the TRENDnet TEW-432BRP wireless router (firmware version 3.10B20) that allows authenticated attackers to remotely crash the device or potentially execute arbitrary code. The flaw is in the WPS (Wi-Fi Protected Setup) configuration function and can be triggered by sending a specially crafted request with an oversized PIN parameter. Critically, this router model reached end-of-life in 2009—over 15 years ago—and TRENDnet has confirmed they will not be providing patches or fixes.

  • CVE-2026-10065HIGH 8.8

    Shibby Tomato 1.28 contains a stack-based buffer overflow vulnerability in the UPS data retrieval function of its web interface. An authenticated attacker can manipulate the Date parameter to overflow a buffer on the stack, potentially executing arbitrary code on the affected device. Since Shibby Tomato is no longer maintained and has been superseded by FreshTomato, this vulnerability affects legacy installations that have not migrated to the actively supported successor.

  • CVE-2026-10066HIGH 8.8

    A stack-based buffer overflow vulnerability exists in Shibby Tomato firmware versions up to 1.28, specifically in the UPS Service component (tomatoups.cgi). An authenticated attacker with remote network access can trigger this flaw to potentially execute arbitrary code, compromise confidentiality and integrity, or cause denial of service. Notably, Shibby Tomato is no longer maintained; the project has been superseded by FreshTomato. Organizations still running unsupported Shibby Tomato instances face ongoing risk from this flaw without vendor patching.

  • CVE-2026-10067HIGH 8.8

    Shibby Tomato version 1.28 contains a stack-based buffer overflow vulnerability in the multimon.cgi component that allows authenticated attackers to execute arbitrary code remotely. The vulnerability exists in the sub_90F0 function and can be triggered through network requests without user interaction. Since Shibby Tomato is no longer maintained and has been superseded by FreshTomato, patches are not available from the original maintainers.

  • CVE-2026-10119HIGH 8.8

    A stack-based buffer overflow vulnerability exists in the TRENDnet TEW-432BRP router (firmware version 3.10B20) in the MAC filter configuration function. An authenticated attacker can send a specially crafted request to overflow the stack via the filter_name parameter, potentially allowing code execution on the device. This affects only legacy hardware that has been end-of-life since 2009—the vendor has explicitly stated no patches will be released due to the product's age and lack of ongoing support.

  • CVE-2026-10120HIGH 8.8

    A stack-based buffer overflow exists in the TRENDnet TEW-432BRP wireless router running firmware version 3.10B20. An attacker with network access and valid credentials can send a specially crafted request to the firewall configuration function, causing a buffer overflow that crashes the device or potentially executes arbitrary code. The vendor has confirmed the product reached end-of-life in 2009 and will not issue patches. Public exploit code is available.

  • CVE-2026-10121HIGH 8.8

    A stack-based buffer overflow vulnerability has been discovered in the TRENDnet TEW-432BRP wireless router running firmware version 3.10B20. The flaw exists in the URL filter configuration function and can be triggered by sending a specially crafted request containing an oversized keyword list parameter. An attacker with network access and valid credentials can exploit this remotely to crash the device or potentially execute arbitrary code. TRENDnet has confirmed the product reached end-of-life in 2009 and will not be issuing patches.

  • CVE-2026-10122HIGH 8.8

    A stack-based buffer overflow vulnerability exists in the TRENDnet TEW-432BRP wireless router (firmware version 3.10B20) within the protocol filter configuration function. An attacker with network access and valid login credentials can send a specially crafted request to overflow a buffer on the router's stack, potentially executing arbitrary code. TRENDnet has confirmed this product reached end-of-life 15 years ago and will not provide patches. While the exploit details are publicly available, this vulnerability poses limited enterprise risk due to the device's age and likely scarcity in production environments.

  • CVE-2026-10123HIGH 8.8

    A stack-based buffer overflow vulnerability exists in the TRENDnet TEW-432BRP wireless router (firmware version 3.10B20) affecting the domain filtering function. An authenticated attacker can exploit this by manipulating domain filter parameters to overflow the stack, potentially gaining control of the device. Notably, this product reached end-of-life in 2009 and is no longer supported by the vendor, meaning no patches will be issued.

  • CVE-2026-10124HIGH 8.8

    A stack-based buffer overflow has been discovered in Shibby Tomato, a Linux router distribution, affecting versions up to 1.28. The vulnerability exists in the RIP (Routing Information Protocol) daemon's IPv4 handling function and allows authenticated attackers to overflow memory on the system stack, potentially leading to code execution. The flaw has been publicly disclosed, and exploit code is available. Critically, Shibby Tomato is no longer maintained by its original developers, having been superseded by FreshTomato. This means no security patches will be released for affected installations.

  • CVE-2026-10125HIGH 8.8

    A stack-based buffer overflow exists in Edimax BR-6478AC version 1.23 routers when processing PPPoE setup requests. An authenticated attacker can send a crafted request with an oversized username parameter to the formPPPoESetup endpoint, causing the router to crash or potentially execute arbitrary code. The vulnerability requires login credentials but poses significant risk since routers are often accessible from the internet and public exploit code is available.

  • CVE-2026-10158HIGH 8.8

    A stack-based buffer overflow has been discovered in the TRENDnet TEW-432BRP wireless router (firmware version 3.10B20). An authenticated attacker can send a specially crafted request to the port forwarding configuration interface, exploiting improper input validation on the server_name parameter. This can lead to remote code execution on the device. The vulnerability is particularly concerning because exploit code has already been released publicly. However, the affected product reached end-of-life in 2009 and the vendor has stated they cannot provide patches.

  • CVE-2026-10159HIGH 8.8

    A stack-based buffer overflow vulnerability has been discovered in the TRENDnet TEW-432BRP wireless router (version 3.10B20), specifically in the system log configuration function. An attacker with network access and valid credentials can send a specially crafted request to trigger a memory overflow, potentially executing arbitrary code on the device. The vendor has confirmed the product reached end-of-life in 2009 and will not be patching this issue.

  • CVE-2026-10160HIGH 8.8

    A stack-based buffer overflow vulnerability exists in the TRENDnet TEW-432BRP wireless router (firmware version 3.10B20). An authenticated attacker can exploit this flaw by manipulating the 'start_wizard' parameter sent to the router's web interface, potentially allowing remote code execution. The vendor has confirmed this product reached end-of-life in 2009 and will not issue patches.

  • CVE-2026-10161HIGH 8.8

    A stack-based buffer overflow exists in the TRENDnet TEW-432BRP wireless router (firmware version 3.10B20) in a network-accessible configuration function. An authenticated attacker can send a specially crafted request to the `/goform/formResetStatistic` endpoint with a malicious `status_statistic` parameter that overflows memory and corrupts the stack, potentially leading to code execution or denial of service. The device has been out of support since 2009, and the vendor has explicitly stated they cannot patch this issue.

  • CVE-2026-10162HIGH 8.8

    TRENDnet's TEW-432BRP wireless router (version 3.10B20) contains a stack-based buffer overflow vulnerability in its password-setting function. An authenticated attacker can send specially crafted input to the formSetPassword endpoint to overflow memory and potentially execute code on the device. The device has been end-of-life since 2009, and the vendor explicitly will not release patches. While the attack requires login credentials, the high CVSS score reflects the severity of potential compromise.

  • CVE-2026-10165HIGH 8.8

    Edimax BR-6478AC wireless routers running firmware version 1.23 contain a critical flaw in their network configuration interface. An authenticated attacker can send a specially crafted network request to overflow the device's memory, potentially gaining complete control over the router. The vulnerability requires an existing user account but no additional interaction from administrators, making it a practical concern for organizations deploying these devices.

  • CVE-2026-10179HIGH 8.8

    A stack-based buffer overflow vulnerability affects the TRENDnet TEW-432BRP wireless router running firmware version 3.10B20. An authenticated attacker can send a specially crafted request to the wireless encryption settings function, causing a memory overflow that could lead to remote code execution. The router has been end-of-life since 2009, and the vendor has stated they cannot fix the issue due to the product's age.

  • CVE-2026-10181HIGH 8.8

    A stack-based buffer overflow vulnerability affects the TRENDnet TEW-432BRP wireless router (firmware version 3.10B20). An authenticated remote attacker can exploit this by manipulating the 'submit-url' parameter in the /goform/formSysCmd endpoint, potentially leading to code execution or system crash. However, this device has been end-of-life since 2009, and the vendor has stated it will not be patching the issue due to the product's age.

  • CVE-2026-10183HIGH 8.8

    A stack-based buffer overflow exists in the TRENDnet TEW-432BRP wireless router (firmware version 3.10B20) in the WLAN configuration handler. An authenticated attacker can send a specially crafted request to the `/goform/formWlanSetup` endpoint with an oversized 'enrollee' parameter, causing the application to crash or potentially execute arbitrary code on the device. The vendor confirms this product reached end-of-life in 2009 and will not issue patches.

  • CVE-2026-10188HIGH 8.8

    A stack-based buffer overflow vulnerability exists in Tenda W12 firmware version 3.0.0.7(4763). An authenticated remote attacker can exploit this flaw by manipulating the staMac parameter passed to the cgistaKickOff function in the HTTP daemon (/bin/httpd), potentially executing arbitrary code with elevated privileges. Public exploit code is available, elevating the practical risk of this vulnerability.

  • CVE-2026-10189HIGH 8.8

    A stack-based buffer overflow vulnerability exists in Tenda W12 firmware version 3.0.0.7(4763). The flaw is in the web server's time configuration function, which fails to properly validate user input in the 'sec' parameter. An authenticated attacker can exploit this over the network to crash the device or execute arbitrary code with the privileges of the web server process. Public exploit code is available, increasing practical risk.

  • CVE-2026-10191HIGH 8.8

    A stack-based buffer overflow exists in Tenda W12 firmware version 3.0.0.7(4763) within the Wi-Fi MAC filter configuration function. An authenticated attacker can exploit this by sending a specially crafted MAC address list parameter to the web interface, causing memory corruption that may lead to code execution, information disclosure, or service disruption. The vulnerability is reachable over the network and exploit code has been made publicly available.

  • CVE-2026-10192HIGH 8.8

    A stack-based buffer overflow vulnerability exists in Tenda W12 firmware version 3.0.0.7(4763). An authenticated attacker can send a specially crafted time-setting request to the web interface that causes a memory corruption condition, potentially allowing arbitrary code execution on the affected device. Public exploit code is available, increasing the practical risk.

  • CVE-2026-10206HIGH 8.8

    D-Link DI-8400 routers contain a stack-based buffer overflow vulnerability in the /dbsrv.asp file that can be exploited by authenticated attackers to gain complete control of the device. By manipulating a specific parameter, an attacker with valid credentials can overflow memory on the router and execute arbitrary code remotely. This vulnerability affects firmware versions up to 16.07.26A1, and proof-of-concept code is publicly available, raising the risk of active exploitation.

  • CVE-2026-10259HIGH 8.8

    H3C Magic B0 devices running firmware up to version 100R002 contain a remotely exploitable vulnerability in their web interface. An authenticated attacker can send a specially crafted request to the SetMobileAPInfoById function that causes a stack-based buffer overflow, potentially allowing them to execute arbitrary code on the affected device. Public exploit details are already available, elevating the practical risk.

  • CVE-2026-10270HIGH 8.8

    D-Link DI-7001 MINI routers running firmware version 19.09.19A1 and earlier contain a stack-based buffer overflow in the web API debug interface. An attacker with valid login credentials can send a specially crafted request to the /httpd_debug.asp endpoint that overflows a buffer, potentially allowing arbitrary code execution on the device. Exploit code has been publicly disclosed, elevating near-term risk.

  • CVE-2026-10292HIGH 8.8

    A stack-based buffer overflow exists in UTT HiPER 1200GW network devices running firmware version 2.5.3-170306 and earlier. The vulnerability resides in the task editing form handler and is exploitable by authenticated remote attackers. An attacker with valid credentials can send a specially crafted request that overflows a buffer, potentially allowing arbitrary code execution on the device. Public exploit code is available, increasing the risk of active exploitation.

  • CVE-2026-10293HIGH 8.8

    A stack-based buffer overflow vulnerability exists in UTT HiPER 1200GW networking devices (versions up to 2.5.3-170306). An attacker with valid login credentials can send a specially crafted request to the firewall configuration endpoint that causes the device to overflow its memory, potentially leading to code execution, data theft, or denial of service. Public exploit code is available, elevating the practical risk.

  • CVE-2026-11024HIGH 8.8

    A stack buffer overflow vulnerability exists in the Skia graphics library, which is used by Google Chrome. An attacker could craft a malicious HTML page that, when viewed by a user, potentially corrupts stack memory and compromises the browser process. The vulnerability requires user interaction (visiting a malicious webpage) but presents significant risk because it can lead to code execution with the privileges of the Chrome process. Google Chrome versions prior to 149.0.7827.53 are affected.

  • CVE-2026-35083HIGH 8.8

    A stack buffer overflow vulnerability exists in MBS Solutions' industrial gateway and protocol converter products. An attacker with valid user credentials can send a specially crafted network request to trigger memory corruption, allowing them to execute arbitrary code with root-level privileges. This is a serious vulnerability because it requires no user interaction, operates over the network, and completely bypasses system security once exploited.

  • CVE-2026-35084HIGH 8.8

    A stack buffer overflow vulnerability in the dali-devconfig component affects a broad range of MBS Solutions gateway and protocol conversion devices. An attacker with basic user-level access to the network can send a specially crafted request that overwrites memory on the device, potentially achieving full root-level system compromise. This is a particularly serious issue because these devices typically operate as trusted infrastructure components in industrial and building automation networks, where an attacker gaining root access could manipulate critical system functions or pivot to downstream systems.

  • CVE-2026-35085HIGH 8.8

    A stack buffer overflow vulnerability in gdv-serverconfig affects a broad range of MBS Solutions gateway and interface devices. An authenticated attacker with standard user privileges can send a specially crafted network request to trigger the overflow and execute arbitrary code with root-level system access. The vulnerability requires valid user credentials to exploit but no user interaction, making it a significant risk in environments where user account compromise is possible.

  • CVE-2026-43623HIGH 8.8

    microtar, a lightweight TAR archive library, contains a critical flaw in how it processes TAR file headers. When an attacker crafts a malicious TAR archive with improperly formatted header fields, the library's parsing function attempts to copy data using unsafe string operations, writing far more data than the allocated buffer can hold. This corrupts memory on the stack, potentially allowing attackers to crash applications or execute arbitrary code. Any application that uses microtar to process untrusted TAR files is at risk.

  • CVE-2018-25383HIGH 8.4

    Free MP3 CD Ripper version 2.8 contains a critical flaw in how it processes WMA audio files. When a user opens a specially crafted malicious WMA file through the application's Convert function, the software fails to properly validate the file structure, causing a memory overflow. This overflow allows an attacker to inject and execute malicious code on the affected computer. The vulnerability is particularly serious because it can circumvent Windows DEP (Data Execution Prevention) protection—a core OS security feature—by leveraging exception handling tricks to execute arbitrary commands with the same privileges as the user running the application.

  • CVE-2026-10898HIGH 8.3

    A stack buffer overflow vulnerability exists in the GPU component of Google Chrome versions prior to 149.0.7827.53. An attacker who has already compromised Chrome's renderer process can exploit this flaw through a malicious HTML page to break out of the browser sandbox and gain system-level code execution. While the attacker must first compromise the renderer—typically through a separate browser vulnerability or social engineering—the sandbox escape itself represents a critical escalation path that transforms a contained compromise into full system compromise.

  • CVE-2026-43958HIGH 7.8

    CVE-2026-43958 is a stack-based buffer overflow vulnerability in rrdcached, the caching daemon component of rrdtool (a time-series data storage and graphing tool commonly used in network monitoring and systems management). An attacker with local access to the rrdcached socket can trigger the flaw by sending a specially crafted CREATE request with an oversized payload. Successful exploitation could crash the daemon, causing service disruption, or potentially enable arbitrary code execution with the privileges of the rrdcached process.

  • CVE-2026-41565HIGH 7.5

    CryptX, a cryptographic library for Perl, contains a stack buffer overflow vulnerability in its AEAD (Authenticated Encryption with Associated Data) decryption functions. When these functions process an authentication tag longer than expected, they overflow a fixed-size buffer on the stack, potentially corrupting memory and crashing the application. An attacker who can supply a maliciously long authentication tag to vulnerable code paths can trigger this crash. The vulnerability affects four specific decryption functions: gcm_decrypt_verify, ccm_decrypt_verify, chacha20poly1305_decrypt_verify, and eax_decrypt_verify. Patches were released incrementally, with gcm_decrypt_verify fixed in version 0.088 and the remaining three functions addressed in version 0.088_001.

  • CVE-2026-30649HIGH 7.3

    A buffer overflow vulnerability exists in VIVOTEK's FD8136 network camera that allows an unauthenticated remote attacker to execute arbitrary code. The flaw is located in the set_getparam.cgi component, which handles parameter processing without proper boundary checks. An attacker on the network can send a specially crafted request to trigger the overflow and gain complete control of the device.

  • CVE-2026-24085HIGH 7.2

    A memory corruption vulnerability exists in multiple Qualcomm wireless chipsets and their firmware when processing display command line information. The flaw stems from improper initialization of a variable during command parsing, which could allow a high-privilege attacker with physical access to trigger memory corruption and potentially execute arbitrary code or crash the device. The vulnerability affects a broad range of Qualcomm wireless components used in enterprise and consumer devices.

  • CVE-2025-59613MEDIUM 6.7

    CVE-2025-59613 is a memory corruption vulnerability affecting Qualcomm wireless, compute, and AR/XR platforms. The flaw occurs when the system attempts to copy data into a buffer that is smaller than the source data being transferred, causing memory to be overwritten beyond the intended boundaries. An attacker with elevated privileges on the device could exploit this to corrupt memory and potentially compromise system integrity, confidentiality, or availability. The vulnerability requires local access and administrative-level permissions to trigger.

  • CVE-2026-1871MEDIUM 6.5

    TP-Link Tapo C200 v5 camera firmware contains a flaw in how it validates incoming RTSP (Real Time Streaming Protocol) authentication requests. An attacker on the local network can send a specially crafted authentication message that overflows a memory buffer, crashing the camera's streaming service and forcing an automatic reboot. During this outage, users cannot view live video or manage the camera remotely. Once the camera restarts, service is restored, but the vulnerability remains exploitable, making repeated attacks feasible.

  • CVE-2026-10064MEDIUM 6.3

    TRENDnet has disclosed a remote stack-based buffer overflow vulnerability in the TEW-432BRP wireless router (firmware version 3.10B20 and earlier). An authenticated attacker can exploit this flaw by sending a specially crafted request to the port forwarding configuration endpoint, potentially allowing code execution or denial of service. The vendor has confirmed this product reached end-of-life in 2009 and will not issue patches. Public exploit code is available, elevating the practical risk despite the device's age.

  • CVE-2026-35716MEDIUM 6.3

    A stack-based buffer overflow vulnerability exists in VIVOTEK FD8136 IP cameras that allows an authenticated attacker to run arbitrary code with root privileges. The flaw is in the motion privacy configuration endpoint, which fails to validate the size of user input before copying it into a fixed-size buffer on the stack. Because the camera firmware lacks stack protection mechanisms, an attacker can overwrite return addresses and hijack program execution. An authenticated attacker on the network can exploit this remotely by sending a specially crafted POST request.

  • CVE-2026-35717MEDIUM 6.3

    A stack-based buffer overflow exists in the export_language.cgi binary on VIVOTEK FD8136 IP cameras running firmware FD8136-VVTK-0300a. An authenticated attacker can send a specially crafted POST request to the language export endpoint with a malicious Content-Length value that causes the application to read more data than a 60-byte stack buffer can hold, overwriting critical return address information. This allows the attacker to execute arbitrary code with root privileges on the affected device. The vulnerability requires valid credentials to exploit but succeeds because the binary lacks stack protection mechanisms.

  • CVE-2026-40510LOW 3.8

    OpenSC, a widely-used open-source smart card library, contains a stack buffer overflow flaw in how it processes the Key History Object from PIV (Personal Identity Verification) cards. An attacker with physical access to a system could craft a malicious smart card or USB device that returns an oversized URL field—exceeding 118 bytes—triggering memory corruption. This vulnerability requires the attacker to be physically present at the machine and involves user interaction, limiting its reach but posing a real concern in environments where untrusted hardware may be connected.

  • CVE-2026-40528LOW 3.8

    OpenSC, a widely-used open-source library for working with smart cards and cryptographic tokens, contains a buffer overflow vulnerability in its profile configuration parser. When OpenSC's pkcs15-init tool processes a maliciously crafted configuration file, it can be tricked into copying more data than a buffer can hold, corrupting memory. An attacker would need local access to supply the malicious file and convince a user to run the initialization tool, but successful exploitation could allow memory corruption and potential code execution.

  • CVE-2026-10528LOW 3.3

    Orthanc DICOM Server versions up to 1.12.11 contain a stack-based buffer overflow vulnerability in the DCMTK parser component. The flaw exists in the DcmItem::read function and can be triggered through malicious DICOM file manipulation. An attacker with local system access can exploit this to cause a denial of service condition. The vulnerability has been publicly disclosed with working exploit code available.