VYPR

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (10,979)

page 70 of 549
  • CVE-2026-7418HigApr 29, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. This vulnerability affects the function strcpy of the file route/goform/NTP. Executing a manipulation of the argument Profile can lead to buffer overflow. The attack may be launched remotely. The…

  • CVE-2026-7289HigApr 28, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was found in D-Link DIR-825M 1.1.12. This issue affects the function sub_414BA8 of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url results in buffer overflow. The attack can be executed remotely. The exploit has been made public…

  • CVE-2026-7288HigApr 28, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability has been found in D-Link DIR-825M 1.1.12. This vulnerability affects the function sub_4151FC of the file /boafrm/formVpnConfigSetup. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit…

  • CVE-2026-7151HigApr 27, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was determined in Tenda HG3 2.0. Impacted is the function formUploadConfig of the file /boaform/formIPv6Routing. This manipulation of the argument destNet causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been…

  • CVE-2026-7101HigApr 27, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability has been found in Tenda F456 1.0.0.5. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. The manipulation leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to…

  • CVE-2026-7100HigApr 27, 2026
    risk 0.57cvss 8.8epss 0.01

    A flaw has been found in Tenda F456 1.0.0.5. The impacted element is the function fromNatlimitof of the file /goform/Natlimit of the component httpd. Executing a manipulation can lead to buffer overflow. The attack may be launched remotely. The exploit has been published and may…

  • CVE-2026-7099HigApr 27, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was detected in Tenda F456 1.0.0.5. The affected element is the function formQuickIndex of the file /goform/QuickIndex of the component httpd. Performing a manipulation of the argument mit_linktype results in buffer overflow. The attack may be initiated remotely.…

  • CVE-2026-7098HigApr 27, 2026
    risk 0.57cvss 8.8epss 0.01

    A security vulnerability has been detected in Tenda F456 1.0.0.5. Impacted is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. Such manipulation of the argument page leads to buffer overflow. The attack can be launched remotely. The…

  • CVE-2026-7097HigApr 27, 2026
    risk 0.57cvss 8.8epss 0.01

    A weakness has been identified in Tenda F456 1.0.0.5. This issue affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of the component httpd. This manipulation of the argument page causes buffer overflow. The attack can be initiated remotely.…

  • CVE-2026-7082HigApr 27, 2026
    risk 0.57cvss 8.8epss 0.01

    A flaw has been found in Tenda F456 1.0.0.5. Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet of the component httpd. Executing a manipulation of the argument Go can lead to buffer overflow. The attack can be executed remotely. The…

  • CVE-2026-7081HigApr 27, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was detected in Tenda F456 1.0.0.5. Affected is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. Performing a manipulation of the argument dips results in buffer overflow. Remote exploitation of the attack is possible. The…

  • CVE-2026-7080HigApr 27, 2026
    risk 0.57cvss 8.8epss 0.01

    A security vulnerability has been detected in Tenda F456 1.0.0.5. This impacts the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. Such manipulation of the argument delno leads to buffer overflow. The attack may be launched remotely. The…

  • CVE-2026-7079HigApr 27, 2026
    risk 0.57cvss 8.8epss 0.01

    A weakness has been identified in Tenda F456 1.0.0.5. This affects the function fromAdvSetWan of the file /goform/AdvSetWan of the component httpd. This manipulation of the argument wanmode causes buffer overflow. The attack may be initiated remotely. The exploit has been made…

  • CVE-2026-7078HigApr 27, 2026
    risk 0.57cvss 8.8epss 0.01

    A security flaw has been discovered in Tenda F456 1.0.0.5. The impacted element is the function fromSetIpBind of the file /goform/SetIpBind of the component httpd. The manipulation of the argument page results in buffer overflow. The attack can be launched remotely. The exploit…

  • CVE-2026-7068HigApr 27, 2026
    risk 0.57cvss 8.8epss 0.02

    A vulnerability was identified in D-Link DIR-825 3.00b32. This affects the function NMBD_process of the file sserver.c of the component nmbd. Such manipulation leads to buffer overflow. The attack can only be initiated within the local network. The exploit is publicly available…

  • CVE-2026-7057HigApr 26, 2026
    risk 0.57cvss 8.8epss 0.01

    A flaw has been found in Tenda F456 1.0.0.5. The affected element is an unknown function of the file /goform/setcfm of the component httpd. This manipulation of the argument funcname/funcpara1 causes buffer overflow. It is possible to initiate the attack remotely. The exploit…

  • CVE-2026-7056HigApr 26, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was detected in Tenda F456 1.0.0.5. Impacted is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter of the component httpd. The manipulation of the argument page results in buffer overflow. The attack may be performed from remote. The exploit is now…

  • CVE-2026-7055HigApr 26, 2026
    risk 0.57cvss 8.8epss 0.01

    A security vulnerability has been detected in Tenda F456 1.0.0.5. This issue affects the function fromVirtualSer of the file /goform/VirtualSer of the component httpd. The manipulation of the argument menufacturer/Go leads to buffer overflow. The attack is possible to be carried…

  • CVE-2026-7054HigApr 26, 2026
    risk 0.57cvss 8.8epss 0.01

    A weakness has been identified in Tenda F456 1.0.0.5. This vulnerability affects the function fromPptpUserAdd of the file /goform/PPTPDClient of the component httpd. Executing a manipulation of the argument opttype/usernamewith can lead to buffer overflow. The attack can be…

  • CVE-2026-7053HigApr 26, 2026
    risk 0.57cvss 8.8epss 0.01

    A security flaw has been discovered in Tenda F456 1.0.0.5. This affects the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Performing a manipulation of the argument page results in buffer overflow. Remote exploitation of the attack is possible. The…