CNNVD-202510-2840 Information
CNNVD ID
CNNVD-202510-2840
Related CVE
- CNNVD Published: 2025-10-22
Description (Chinese)
OpenWrt是OpenWrt开源的一套针对嵌入式设备的Linux操作系统。 OpenWrt 24.10.4之前版本存在安全漏洞,该漏洞源于事件注册解析代码存在堆缓冲区溢出,可能导致执行任意代码和绕过监听ACL。
Description (English)
OpenWrt is an OpenWrt open source Linux operating system for embedded devices. OpenWrt 24.10.4 has a security loophole in the pre-version version, which stems from the fact that the incident registration resolver code is spilling over a stack of buffer zones, which may lead to the enforcement of arbitrary codes and the circumvention of ACL.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
OpenWRT
Published
2025-10-22
Last Modified
2026-02-24
References
https://github.com/openwrt/openwrt/commit/4b907e69ea58fc0ba35fd1755dc4ba22262af3a4 https://github.com/openwrt/ubus/commit/d31effb4277bd557f5ccf16d909422718c1e49d0 https://github.com/openwrt/openwrt/commit/a7901969932a175cded3c93bdeb65f32ed3705e6 https://openwrt.org/advisory/2025-10-22-1 https://github.com/openwrt/ubus/commit/60e04048a0e2f3e33651c19e62861b41be4c290f https://github.com/openwrt/openwrt/security/advisories/GHSA-cp32-65v4-cp73 https://github.com/openwrt/ubus/commit/aa4a7ee1d3417bc11207ad0a78d579ece7fe0c13 https://access.redhat.com/security/cve/cve-2025-62526
Patch
https://github.com/openwrt/openwrt/releases
Share on: