CWE-121— Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).— MITRE CWE catalog
3,266 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-121page 56 of 66
- CVE-2025-7531HIGHCVSS 8.8EG 8.82025-07-13
A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2.0.14(408). This affects the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The manipulation of the argument delno leads to stack-based buff…
- CVE-2025-7532HIGHCVSS 8.8EG 8.82025-07-13
A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. This vulnerability affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. The manipulation of the argument page leads…
- CVE-2025-7544HIGHCVSS 8.8EG 8.82025-07-13
A vulnerability was found in Tenda AC1206 15.03.06.23. It has been rated as critical. This issue affects the function formSetMacFilterCfg of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based…
- CVE-2025-7548HIGHCVSS 8.8EG 8.82025-07-13
A vulnerability has been found in Tenda FH1201 1.2.0.14(408) and classified as critical. This vulnerability affects the function formSafeEmailFilter of the file /goform/SafeEmailFilter. The manipulation of the argument page leads to stack-…
- CVE-2025-7549HIGHCVSS 8.8EG 8.82025-07-13
A vulnerability was found in Tenda FH1201 1.2.0.14(408) and classified as critical. This issue affects the function frmL7ProtForm of the file /goform/L7Prot. The manipulation of the argument page leads to stack-based buffer overflow. The a…
- CVE-2025-7550HIGHCVSS 8.8EG 8.82025-07-13
A vulnerability was found in Tenda FH1201 1.2.0.14(408). It has been classified as critical. Affected is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer. The manipulation of the argument dips leads to stack-based buffer ov…
- CVE-2025-7551HIGHCVSS 8.8EG 8.82025-07-14
A vulnerability was found in Tenda FH1201 1.2.0.14(408). It has been declared as critical. Affected by this vulnerability is the function fromPptpUserAdd of the file /goform/PPTPDClient. The manipulation of the argument modino/username lea…
- CVE-2025-7586HIGHCVSS 8.8EG 8.82025-07-14
A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been declared as critical. Affected by this vulnerability is the function formSetAPCfg of the file /goform/setWtpData. The manipulation of the argument radio_2g_1 leads to stac…
- CVE-2025-7596HIGHCVSS 8.8EG 8.82025-07-14
A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has been rated as critical. This issue affects the function formWifiExtraSet of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based b…
- CVE-2025-7597HIGHCVSS 8.8EG 8.82025-07-14
A vulnerability classified as critical has been found in Tenda AX1803 1.0.0.1. Affected is the function formSetMacFilterCfg of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overfl…
- CVE-2025-7598HIGHCVSS 8.8EG 8.82025-07-14
A vulnerability classified as critical was found in Tenda AX1803 1.0.0.1. Affected by this vulnerability is the function formSetWifiMacFilterCfg of the file /goform/setWifiFilterCfg. The manipulation of the argument deviceList leads to sta…
- CVE-2025-7602HIGHCVSS 7.2EG 7.22025-07-14
A vulnerability was found in D-Link DI-8100 16.07.26A1 and classified as critical. This issue affects some unknown processing of the file /arp_sys.asp of the component HTTP Request Handler. The manipulation leads to stack-based buffer over…
- CVE-2025-7603HIGHCVSS 7.2EG 7.22025-07-14
A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been classified as critical. Affected is an unknown function of the file /jingx.asp of the component HTTP Request Handler. The manipulation leads to stack-based buffer overflow…
- CVE-2025-7623MEDIUMCVSS 5.4EG 5.42025-11-18
Stack-based buffer overflow in the SMASH-CLP shell. An authenticated attacker with SSH access to the BMC can exploit a stack buffer overflow via a crafted SMASH command, overwrite the return address and registers, and achieve arbitrary cod…
- CVE-2025-7704MEDIUMCVSS 5.4EG 5.42025-11-13
Supermicro BMC Insyde SMASH shell program has a stacked-based overflow vulnerability
- CVE-2025-7762MEDIUMCVSS 6.5EG 8.82025-07-17
A vulnerability, which was classified as critical, has been found in D-Link DI-8100 16.07.26A1. This issue affects some unknown processing of the file /menu_nat_more.asp of the component HTTP Request Handler. The manipulation leads to stac…
- CVE-2025-7790MEDIUMCVSS 6.5EG 8.82025-07-18
A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been classified as critical. This affects an unknown part of the file /menu_nat.asp of the component HTTP Request Handler. The manipulation of the argument out_addr/in_addr/out…
- CVE-2025-7792HIGHCVSS 8.8EG 8.82025-07-18
A vulnerability was found in Tenda FH451 1.0.0.9. It has been rated as critical. This issue affects the function formSafeEmailFilter of the file /goform/SafeEmailFilter. The manipulation of the argument page leads to stack-based buffer ove…
- CVE-2025-7793HIGHCVSS 8.8EG 8.82025-07-18
A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. Affected is the function formWebTypeLibrary of the file /goform/webtypelibrary. The manipulation of the argument webSiteId leads to stack-based buffer overflow. …
- CVE-2025-7794HIGHCVSS 8.8EG 8.82025-07-18
A vulnerability classified as critical was found in Tenda FH451 1.0.0.9. Affected by this vulnerability is the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page leads to stack-based b…
- CVE-2025-7795HIGHCVSS 8.8EG 8.82025-07-18
A vulnerability, which was classified as critical, has been found in Tenda FH451 1.0.0.9. Affected by this issue is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument page leads to stack-base…
- CVE-2025-7796HIGHCVSS 8.8EG 8.82025-07-18
A vulnerability, which was classified as critical, was found in Tenda FH451 1.0.0.9. This affects the function fromPptpUserAdd of the file /goform/PPTPDClient. The manipulation of the argument Username leads to stack-based buffer overflow.…
- CVE-2025-7805HIGHCVSS 8.8EG 8.82025-07-18
A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. This affects the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The manipulation of the argument delno leads to stack-based buffer overflow. I…
- CVE-2025-7806HIGHCVSS 8.8EG 8.82025-07-18
A vulnerability classified as critical was found in Tenda FH451 1.0.0.9. This vulnerability affects the function fromSafeClientFilter of the file /goform/SafeClientFilter. The manipulation of the argument Go/page leads to stack-based buffe…
- CVE-2025-7807HIGHCVSS 8.8EG 8.82025-07-18
A vulnerability, which was classified as critical, has been found in Tenda FH451 1.0.0.9. This issue affects the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. The manipulation of the argument Go/page leads to stack-based bu…
- CVE-2025-7844LOWCVSS 1.0EG 1.02025-08-04
Exporting a TPM based RSA key larger than 2048 bits from the TPM could overrun a stack buffer if the default `MAX_RSA_KEY_BITS=2048` is used. If your TPM 2.0 module supports RSA key sizes larger than 2048 bit and your applications supports…
- CVE-2025-7853HIGHCVSS 8.8EG 8.82025-07-19
A vulnerability was found in Tenda FH451 1.0.0.9. It has been rated as critical. This issue affects the function fromSetIpBind of the file /goform/SetIpBind. The manipulation of the argument page leads to stack-based buffer overflow. The a…
- CVE-2025-7854HIGHCVSS 8.8EG 8.82025-07-19
A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. Affected is the function fromVirtualSer of the file /goform/VirtualSer. The manipulation of the argument page leads to stack-based buffer overflow. It is possibl…
- CVE-2025-7855HIGHCVSS 8.8EG 8.82025-07-19
A vulnerability classified as critical was found in Tenda FH451 1.0.0.9. Affected by this vulnerability is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page leads to stack-based buffer overfl…
- CVE-2025-7908HIGHCVSS 8.8EG 8.82025-07-20
A vulnerability was found in D-Link DI-8100 1.0. It has been declared as critical. Affected by this vulnerability is the function sprintf of the file /ddns.asp?opt=add of the component jhttpd. The manipulation of the argument mx leads to s…
- CVE-2025-7909HIGHCVSS 8.8EG 8.82025-07-20
A vulnerability was found in D-Link DIR-513 1.0. It has been rated as critical. Affected by this issue is the function sprintf of the file /goform/formLanSetupRouterSettings of the component Boa Webserver. The manipulation of the argument …
- CVE-2025-7910HIGHCVSS 8.8EG 8.82025-07-20
A vulnerability classified as critical has been found in D-Link DIR-513 1.10. This affects the function sprintf of the file /goform/formSetWanNonLogin of the component Boa Webserver. The manipulation of the argument curTime leads to stack-…
- CVE-2025-7911CRITICALCVSS 9.8EG 8.82025-07-20
A vulnerability classified as critical was found in D-Link DI-8100 1.0. This vulnerability affects the function sprintf of the file /upnp_ctrl.asp of the component jhttpd. The manipulation of the argument remove_ext_proto/remove_ext_port l…
- CVE-2025-7921CRITICALCVSS 9.8EG 9.82025-07-21
Certain modem models developed by Askey has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and potentially execute arbitrary code.
- CVE-2025-7979HIGHCVSS 7.8EG 7.82025-09-17
Ashlar-Vellum Graphite VC6 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interac…
- CVE-2025-8017HIGHCVSS 8.8EG 8.82025-07-22
A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. Affected is the function formSetMacFilterCfg of the file /goform/setMacFilterCfg of the component httpd. The manipulation of the argument deviceList le…
- CVE-2025-8060HIGHCVSS 8.8EG 8.82025-07-23
A vulnerability has been found in Tenda AC23 16.03.07.52 and classified as critical. Affected by this vulnerability is the function sub_46C940 of the file /goform/setMacFilterCfg of the component httpd. The manipulation of the argument dev…
- CVE-2025-8065MEDIUMCVSS 6.5EG 6.52025-12-20
A stack-based buffer overflow vulnerability was identified in the ONVIF SOAP XML Parser in Tapo C200 v3 and C520WS v2.6. When processing XML tags with namespace prefixes, the parser fails to validate the prefix length before copying it to …
- CVE-2025-8076HIGHCVSS 7.2EG 7.22025-11-18
There is a vulnerability in the Supermicro BMC web function at Supermicro MBD-X13SEDW-F. After logging into the BMC Web server, an attacker can use a specially crafted payload to trigger the Stack buffer overflow vulnerability.
- CVE-2025-8131HIGHCVSS 8.8EG 8.82025-07-25
A vulnerability was found in Tenda AC20 16.03.08.05. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-b…
- CVE-2025-8159CRITICALCVSS 9.8EG 8.82025-07-25
A vulnerability was found in D-Link DIR-513 1.0. It has been rated as critical. This issue affects the function formLanguageChange of the file /goform/formLanguageChange of the component HTTP POST Request Handler. The manipulation of the a…
- CVE-2025-8184CRITICALCVSS 9.8EG 8.82025-07-26
A vulnerability was found in D-Link DIR-513 up to 1.10 and classified as critical. This issue affects the function formSetWanL2TPcallback of the file /goform/formSetWanL2TPtriggers of the component HTTP POST Request Handler. The manipulati…
- CVE-2025-8404MEDIUMCVSS 5.5EG 5.52025-11-18
Stack buffer overflow vulnerability exists in the Supermicro BMC Shared library. An authenticated attacker with access to the BMC exploit stack buffer via a crafted header and achieve arbitrary code execution of the BMC’s firmware oper…
- CVE-2025-8472HIGHCVSS 7.4EG 7.42025-08-01
Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. User interact…
- CVE-2025-8474MEDIUMCVSS 6.8EG 6.82025-08-01
Alpine iLX-507 CarPlay Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not re…
- CVE-2025-8475HIGHCVSS 7.4EG 7.42025-08-01
Alpine iLX-507 AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. User interaction is r…
- CVE-2025-8477HIGHCVSS 7.4EG 7.42025-08-01
Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Alpine iLX-507 devices. User interaction is required t…
- CVE-2025-8653HIGHCVSS 8.8EG 8.82025-08-06
Kenwood DMX958XR JKRadioService Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Kenwood DMX958XR. Authentication i…
- CVE-2025-8727HIGHCVSS 7.2EG 7.22025-11-18
There is a vulnerability in the Supermicro BMC web function at Supermicro MBD-X13SEDW-F. After logging into the BMC Web server, an attacker can use a specially crafted payload to trigger the Stack buffer overflow vulnerability.
- CVE-2025-8810HIGHCVSS 8.8EG 8.82025-08-10
A vulnerability classified as critical was found in Tenda AC20 16.03.08.05. Affected by this vulnerability is the function strcpy of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer o…
Map vulnerabilities like CWE-121 to your infrastructure
EchelonGraph correlates every CVE — across CWE-121 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →