CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
BaseIncompleteLikelihood: High
Description
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-10 · CAPEC-100 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-67 · CAPEC-8 · CAPEC-9 · CAPEC-92
CVEs mapped to this weakness (599)
page 7 of 30| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-7097 | Hig | 0.57 | 8.8 | 0.00 | Apr 27, 2026 | A weakness has been identified in Tenda F456 1.0.0.5. This issue affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of the component httpd. This manipulation of the argument page causes buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. | |
| CVE-2026-7082 | Hig | 0.57 | 8.8 | 0.00 | Apr 27, 2026 | A flaw has been found in Tenda F456 1.0.0.5. Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet of the component httpd. Executing a manipulation of the argument Go can lead to buffer overflow. The attack can be executed remotely. The exploit has been published and may be used. | |
| CVE-2026-7081 | Hig | 0.57 | 8.8 | 0.00 | Apr 27, 2026 | A vulnerability was detected in Tenda F456 1.0.0.5. Affected is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. Performing a manipulation of the argument dips results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. | |
| CVE-2026-7080 | Hig | 0.57 | 8.8 | 0.00 | Apr 27, 2026 | A security vulnerability has been detected in Tenda F456 1.0.0.5. This impacts the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. Such manipulation of the argument delno leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. | |
| CVE-2026-7079 | Hig | 0.57 | 8.8 | 0.00 | Apr 27, 2026 | A weakness has been identified in Tenda F456 1.0.0.5. This affects the function fromAdvSetWan of the file /goform/AdvSetWan of the component httpd. This manipulation of the argument wanmode causes buffer overflow. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. | |
| CVE-2026-7078 | Hig | 0.57 | 8.8 | 0.00 | Apr 27, 2026 | A security flaw has been discovered in Tenda F456 1.0.0.5. The impacted element is the function fromSetIpBind of the file /goform/SetIpBind of the component httpd. The manipulation of the argument page results in buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. | |
| CVE-2026-7068 | Hig | 0.57 | 8.8 | 0.00 | Apr 27, 2026 | A vulnerability was identified in D-Link DIR-825 3.00b32. This affects the function NMBD_process of the file sserver.c of the component nmbd. Such manipulation leads to buffer overflow. The attack can only be initiated within the local network. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer. | |
| CVE-2026-7057 | Hig | 0.57 | 8.8 | 0.00 | Apr 26, 2026 | A flaw has been found in Tenda F456 1.0.0.5. The affected element is an unknown function of the file /goform/setcfm of the component httpd. This manipulation of the argument funcname/funcpara1 causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used. | |
| CVE-2026-7056 | Hig | 0.57 | 8.8 | 0.00 | Apr 26, 2026 | A vulnerability was detected in Tenda F456 1.0.0.5. Impacted is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter of the component httpd. The manipulation of the argument page results in buffer overflow. The attack may be performed from remote. The exploit is now public and may be used. | |
| CVE-2026-7055 | Hig | 0.57 | 8.8 | 0.00 | Apr 26, 2026 | A security vulnerability has been detected in Tenda F456 1.0.0.5. This issue affects the function fromVirtualSer of the file /goform/VirtualSer of the component httpd. The manipulation of the argument menufacturer/Go leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. | |
| CVE-2026-7054 | Hig | 0.57 | 8.8 | 0.00 | Apr 26, 2026 | A weakness has been identified in Tenda F456 1.0.0.5. This vulnerability affects the function fromPptpUserAdd of the file /goform/PPTPDClient of the component httpd. Executing a manipulation of the argument opttype/usernamewith can lead to buffer overflow. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. | |
| CVE-2026-7053 | Hig | 0.57 | 8.8 | 0.00 | Apr 26, 2026 | A security flaw has been discovered in Tenda F456 1.0.0.5. This affects the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Performing a manipulation of the argument page results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. | |
| CVE-2026-7033 | Hig | 0.57 | 8.8 | 0.00 | Apr 26, 2026 | A vulnerability has been found in Tenda F456 1.0.0.5. Affected by this vulnerability is the function fromSafeClientFilter of the file /goform/SafeClientFilter. Such manipulation of the argument menufacturer/Go leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |
| CVE-2026-7032 | Hig | 0.57 | 8.8 | 0.00 | Apr 26, 2026 | A flaw has been found in Tenda F456 1.0.0.5. Affected is the function SafeEmailFilter of the file /goform/SafeEmailFilter. This manipulation of the argument page causes buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used. | |
| CVE-2026-7031 | Hig | 0.57 | 8.8 | 0.00 | Apr 26, 2026 | A vulnerability was detected in Tenda F456 1.0.0.5. This impacts the function fromSafeMacFilter of the file /goform/SafeMacFilter. The manipulation of the argument page results in buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used. | |
| CVE-2026-7030 | Hig | 0.57 | 8.8 | 0.00 | Apr 26, 2026 | A security vulnerability has been detected in Tenda F456 1.0.0.5. This affects the function fromRouteStatic of the file /goform/RouteStatic. The manipulation of the argument page leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. | |
| CVE-2026-7029 | Hig | 0.57 | 8.8 | 0.00 | Apr 26, 2026 | A weakness has been identified in Tenda F456 1.0.0.5. The impacted element is the function fromaddressNat of the file /goform/addressNat. Executing a manipulation of the argument menufacturer/Go can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. | |
| CVE-2026-7019 | Hig | 0.57 | 8.8 | 0.00 | Apr 26, 2026 | A vulnerability was identified in Tenda F456 1.0.0.5. The impacted element is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument menufacturer/Go leads to buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. | |
| CVE-2026-6988 | Hig | 0.57 | 8.8 | 0.00 | Apr 25, 2026 | A flaw has been found in Tenda HG10 HG7_HG9_HG10re_300001138_en_xpon. This issue affects the function formRoute of the file /boaform/formRouting of the component Boa Service. This manipulation of the argument nextHop causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used. | |
| CVE-2026-41476 | Hig | 0.57 | 8.8 | 0.00 | Apr 24, 2026 | Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.138, a remote memory-safety vulnerability in Deskflow's clipboard deserialization allows a connected peer to trigger an out-of-bounds read by sending a malformed clipboard update. The issue is in the implementation of src/lib/deskflow/IClipboard.cpp. This is reachable because ClipboardChunk::assemble() in src/lib/deskflow/ClipboardChunk.cpp validates only the outer clipboard transfer size. It does not validate the internal structure of the serialized clipboard blob, so malformed inner lengths reach IClipboard::unmarshall() unchanged. This vulnerability is fixed in 1.26.0.138. |