VYPR

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (10,979)

page 71 of 549
  • CVE-2026-7035HigApr 26, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was determined in Tenda FH1202 1.2.0.14. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. Executing a manipulation of the argument Go can lead to stack-based buffer overflow. The attack may be launched remotely.…

  • CVE-2026-7034HigApr 26, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was found in Tenda FH1202 1.2.0.14(408). Affected by this issue is the function WrlExtraSet of the file /goform/WrlExtraSet of the component httpd. Performing a manipulation of the argument Go results in stack-based buffer overflow. The attack may be initiated…

  • CVE-2026-7033HigApr 26, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability has been found in Tenda F456 1.0.0.5. Affected by this vulnerability is the function fromSafeClientFilter of the file /goform/SafeClientFilter. Such manipulation of the argument menufacturer/Go leads to buffer overflow. The attack can be launched remotely. The…

  • CVE-2026-7032HigApr 26, 2026
    risk 0.57cvss 8.8epss 0.01

    A flaw has been found in Tenda F456 1.0.0.5. Affected is the function SafeEmailFilter of the file /goform/SafeEmailFilter. This manipulation of the argument page causes buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used.

  • CVE-2026-7031HigApr 26, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was detected in Tenda F456 1.0.0.5. This impacts the function fromSafeMacFilter of the file /goform/SafeMacFilter. The manipulation of the argument page results in buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be…

  • CVE-2026-7030HigApr 26, 2026
    risk 0.57cvss 8.8epss 0.01

    A security vulnerability has been detected in Tenda F456 1.0.0.5. This affects the function fromRouteStatic of the file /goform/RouteStatic. The manipulation of the argument page leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been…

  • CVE-2026-7029HigApr 26, 2026
    risk 0.57cvss 8.8epss 0.01

    A weakness has been identified in Tenda F456 1.0.0.5. The impacted element is the function fromaddressNat of the file /goform/addressNat. Executing a manipulation of the argument menufacturer/Go can lead to buffer overflow. The attack may be performed from remote. The exploit…

  • CVE-2026-7019HigApr 26, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was identified in Tenda F456 1.0.0.5. The impacted element is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument menufacturer/Go leads to buffer overflow. The attack is possible to be carried out remotely. The…

  • CVE-2026-6988HigApr 25, 2026
    risk 0.57cvss 8.8epss 0.01

    A flaw has been found in Tenda HG10 HG7_HG9_HG10re_300001138_en_xpon. This issue affects the function formRoute of the file /boaform/formRouting of the component Boa Service. This manipulation of the argument nextHop causes buffer overflow. It is possible to initiate the attack…

  • CVE-2026-6632HigApr 20, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability was identified in Tenda F451 1.0.0.7_cn_svn7958. The affected element is the function fromSafeClientFilter of the file /goform/SafeClientFilter of the component httpd. The manipulation of the argument menufacturer/Go leads to buffer overflow. Remote exploitation…

  • CVE-2026-6631HigApr 20, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was determined in Tenda F451 1.0.0.7_cn_svn7958. Impacted is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of the component httpd. Executing a manipulation of the argument page can lead to buffer overflow. The attack may be…

  • CVE-2026-6630HigApr 20, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability was found in Tenda F451 1.0.0.7_cn_svn7958. This issue affects the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. Performing a manipulation of the argument dips results in buffer overflow. The attack may be initiated…

  • CVE-2026-6581HigApr 19, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability was detected in H3C Magic B1 up to 100R004. Affected by this vulnerability is the function SetMobileAPInfoById of the file /goform/aspForm. Performing a manipulation of the argument param results in buffer overflow. Remote exploitation of the attack is possible.…

  • CVE-2026-6563HigApr 19, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability has been found in H3C Magic B1 up to 100R004. The affected element is the function SetAPWifiorLedInfoById of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has…

  • CVE-2026-6560HigApr 19, 2026
    risk 0.57cvss 8.8epss 0.00

    A security vulnerability has been detected in H3C Magic B0 up to 100R002. This vulnerability affects the function Edit_BasicSSID of the file /goform/aspForm. Such manipulation of the argument param leads to buffer overflow. The attack can be executed remotely. The exploit has…

  • CVE-2026-6200HigApr 13, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability was determined in Tenda F456 1.0.0.5. The affected element is the function formwebtypelibrary of the file /goform/webtypelibrary. This manipulation of the argument menufacturer/Go causes stack-based buffer overflow. The attack can be initiated remotely. The…

  • CVE-2026-6199HigApr 13, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability was found in Tenda F456 1.0.0.5. Impacted is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public…

  • CVE-2026-6198HigApr 13, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability has been found in Tenda F456 1.0.0.5. This issue affects the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The…

  • CVE-2026-6197HigApr 13, 2026
    risk 0.57cvss 8.8epss 0.00

    A flaw has been found in Tenda F456 1.0.0.5. This vulnerability affects the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Executing a manipulation of the argument mit_ssid can lead to stack-based buffer overflow. The attack may be performed from remote. The…

  • CVE-2026-6196HigApr 13, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was detected in Tenda F456 1.0.0.5. This affects the function fromexeCommand of the file /goform/exeCommand. Performing a manipulation of the argument cmdinput results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit…