VYPR
← All advisories
High severity8.6NVD Advisory· Published Jun 14, 2026

CVE-2026-54410

CVE-2026-54410

Description

An off-by-one buffer overflow in nanoMODBUS v1.23.0 and earlier allows unauthenticated attackers to cause denial of service and potential information disclosure.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An off-by-one buffer overflow in nanoMODBUS v1.23.0 and earlier allows unauthenticated attackers to cause denial of service and potential information disclosure.

Vulnerability

nanoMODBUS through version v1.23.0 contains an off-by-one buffer overflow in the recv_msg_header() function of the Modbus/TCP server [3]. The receive buffer is 260 bytes, but when parsing a malicious MBAP frame with a Length field set to 255, the server writes one attacker-controlled byte past the end of the buffer [4]. This corrupts the adjacent buffer-index field of the nanoMODBUS state structure [4]. The vulnerability is classified as CWE-787 Out-of-bounds Write [1] and CWE-193 Off-by-one Error [2]. Affected versions: all releases before the fix [3].

Exploitation

An unauthenticated remote attacker can trigger the vulnerability by sending a crafted TCP packet containing a Modbus MBAP header with the Length field set to 255 [4]. No prior authentication or special network position is required beyond reachability of the Modbus/TCP port [3]. The overflow occurs during header parsing in recv_msg_header() before any function-code-specific processing [4]. The attacker controls the single overwritten byte through the MBAP frame content [4].

Impact

Successful exploitation corrupts the buffer-index field, leading to invalid memory accesses that can cause the server process to crash, resulting in denial of service [4]. On bare-metal and RTOS targets without memory protection, the attacker may additionally achieve one-byte information disclosure and, via the Write Multiple Registers (FC16) handler path, write an unintended value to a register address derived from the corrupted index [4]. The impact is limited to a single overwritten byte, but it can compromise system stability and, on unprotected systems, lead to limited data leaks and register corruption [4].

Mitigation

No fixed version has been released as of the publication date. Users should monitor the nanoMODBUS repository [3] for patches. As a workaround, restrict network access to the Modbus/TCP port to trusted hosts only, or implement a firewall to filter incoming Modbus traffic until an update is available [4]. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog [not in references].

References
  1. CWE - CWE-787: Out-of-bounds Write (4.20)
  2. CWE - CWE-193: Off-by-one Error (4.20)
  3. GitHub - debevv/nanoMODBUS: A compact MODBUS RTU/TCP C library for embedded/microcontrollers
  4. nanoMODBUS/nanomodbus.c at v1.23.0 · debevv/nanoMODBUS

AI Insight generated on Jun 14, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Debevv/Nanomodbusreferences2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <=1.23.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

3

News mentions

0

No linked articles in our index yet.