All news with #buffer overflow tag

Delta ASDA-Soft Stack Overflow Vulnerabilities (2025)

⚠️ Delta Electronics' ASDA-Soft contains two stack-based buffer overflow vulnerabilities (CVE-2025-62579, CVE-2025-62580) affecting versions 7.0.2.0 and earlier. Both issues were assigned a CVSS v4 base score of 8.4 and can allow writing outside the intended stack buffer when a valid user opens a crafted project file. Exploitation requires local access and user interaction; no public exploitation has been reported to CISA. Delta has released ASDA-Soft v7.1.1.0 and users should update and apply network isolation and standard email/attachment precautions.

New TP-Link CWMP Zero-Day Targets Multiple Routers

🔒TP-Link has confirmed an unpatched zero-day in its CWMP implementation that can enable remote code execution on multiple routers. Independent researcher Mehrun (ByteRay) reported the issue to TP-Link on May 11, 2024; the flaw is a stack-based buffer overflow in the SOAP SetParameterValues handler caused by unbounded strncpy calls. TP-Link says a patch exists for some European firmware builds and that fixes for U.S. and other global versions are in development; users should update firmware, change default admin credentials, and disable CWMP if it is not required.