Gabriele Quagliarella

**Name of the Vulnerable Software and Affected Versions** Versions prior to patchday 2026-05 (affected versions not specified) **Description** A Cross-Site Request Forgery (CSRF) issue exists in the Link Aggregation configuration interface. An unauthenticated remote attacker can deceive authenticated users into submitting unauthorized POST requests to the device. This manipulation can silently modify the device’s configuration without the user’s awareness or permission. The impact on availability is considered low, as the device automatically recovers after a successful attack without requiring external intervention. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** versions prior to 2026-22316 **Description** A remote attacker with user privileges for the webUI can leverage the TFTP Filename setting via a POST request to initiate a stack-based Buffer Overflow, leading to a Denial of Service (DoS) attack. The vulnerability resides in the handling of the `TFTP Filename` setting. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** versions prior to 2026-22318 **Description** A stack-based buffer overflow exists in the file transfer parameter workflow. A high-privileged attacker can send oversized POST parameters, leading to memory corruption in an internal process and a Denial of Service (DoS) attack. The vulnerability is triggered by oversized POST parameters sent during the file transfer process. The affected component is the file transfer parameter workflow. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** versions prior to 2026-22317 **Description** A command injection flaw exists in the Root CA certificate transfer workflow. A high-privileged attacker can send specially crafted HTTP POST requests, leading to arbitrary command execution on the underlying Linux operating system with root privileges. The vulnerability is triggered through the device’s Root CA certificate transfer workflow. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** versions prior to 2026-22321 **Description** A stack-based buffer overflow exists in the device’s Telnet/SSH CLI login routine. An unauthenticated attacker sending an oversized or unexpected `username` input can trigger this issue. The overflow condition causes the thread handling the login attempt to crash, resulting in session closure. The impact is limited to a low-severity availability disruption, as other CLI sessions remain unaffected. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** versions prior to 2026-22319 **Description** A stack-based buffer overflow exists in the device's file installation workflow. A high-privileged attacker can send oversized POST parameters to overflow a fixed-size stack buffer within an internal process, leading to a denial-of-service (DoS) attack. The vulnerability is triggered by oversized POST parameters sent during the file installation process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** versions prior to 2026-22322 **Description** A stored cross-site scripting (XSS) issue exists in the Link Aggregation configuration interface. An unauthenticated remote attacker can create a trunk entry containing malicious HTML/JavaScript code. When the affected page is viewed, the injected script executes in the context of the victim’s browser, potentially enabling unauthorized interface manipulation. The session cookie is protected by the httpOnly flag, preventing session takeover. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Versions prior to 2026-22320 **Description** A stack-based buffer overflow exists in the CLI's TFTP file-transfer command handling. A low-privileged attacker with Telnet/SSH access can trigger memory corruption by providing unexpected or oversized filename input. This exploitation corrupts the internal buffer, causing the CLI and web dashboard to become unavailable, resulting in a denial of service. The vulnerable component is the TFTP file-transfer command. The input filename is the source of the overflow. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libplctag versions 2.0 through 2.6.3 **Description** The issue is related to an Out-of-bounds Read in the `unpack response` function, located in `session.c`, which allows Overread Buffers via the network. This can be exploited to potentially access sensitive information. **Recommendations** For libplctag versions 2.0 through 2.6.3, consider restricting network access to the `unpack response` function in `session.c` until a patch is available. As a temporary workaround, limiting the use of the `unpack response` function can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libplctag versions 2.0 through 2.6.3 **Description** The issue is related to an Out-of-bounds Read in the `unpack response` function, located in `conn.c`, which allows Overread Buffers via the network. This can be exploited to potentially access sensitive information. **Recommendations** For libplctag versions 2.0 through 2.6.3, consider restricting network access to the `unpack response` function in `conn.c` until a patch is available. As a temporary workaround, limiting the use of the `unpack response` function can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined. **Description** An issue exists where an attacker with low privileges can manipulate the requested memory size, causing the application to use an invalid memory area. This could lead to a crash of the application, but it does not affect other applications. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cesanta Mongoose Web Server version 7.14 **Description** The issue involves improper neutralization of delimiters, which can trigger an infinite loop bug if the input string contains unexpected characters. This is due to the improper handling of delimiters in the Cesanta Mongoose Web Server. **Recommendations** For Cesanta Mongoose Web Server version 7.14, consider restricting input to prevent unexpected characters from being processed, as a temporary workaround, until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cesanta Mongoose Web Server version 7.14 **Description** The issue allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space due to an Out-of-range Pointer Offset vulnerability. **Recommendations** For Cesanta Mongoose Web Server version 7.14, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cesanta Mongoose Web Server version 7.14 **Description** The issue allows an attacker to send an unexpected TLS packet, forcing the application to read unintended heap memory space due to an out-of-range pointer offset. **Recommendations** For Cesanta Mongoose Web Server version 7.14, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cesanta Mongoose Web Server version 7.14 **Description** The issue is related to an Out-of-range Pointer Offset vulnerability. This vulnerability allows an attacker to send an unexpected TLS packet, which can cause a segmentation fault on the application. **Recommendations** For Cesanta Mongoose Web Server version 7.14, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cesanta Mongoose Web Server version 7.14 **Description** The issue allows an attacker to send an unexpected TLS packet, forcing the application to read unintended heap memory space due to an Out-of-range Pointer Offset vulnerability. **Recommendations** For Cesanta Mongoose Web Server version 7.14, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cesanta Mongoose Web Server version 7.14 **Description** The issue is related to an Integer Overflow or Wraparound vulnerability. It allows an attacker to send an unexpected TLS packet, which can produce a segmentation fault on the application. **Recommendations** For Cesanta Mongoose Web Server version 7.14, consider disabling the TLS functionality until a patch is available to prevent exploitation of the Integer Overflow or Wraparound vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cesanta Mongoose Web Server version 7.14 **Description** The issue involves an out-of-range pointer offset, allowing an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space. This can lead to unintended heap memory access. **Recommendations** For Cesanta Mongoose Web Server version 7.14, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cesanta Mongoose Web Server version 7.14 **Description** The issue is related to the use of an out-of-range pointer offset, allowing a NULL byte value to be written beyond the memory space dedicated for the hostname field. **Recommendations** For Cesanta Mongoose Web Server version 7.14, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cesanta Mongoose Web Server version 7.14 **Description** The issue is related to improper neutralization of delimiters in the Cesanta Mongoose Web Server. This can cause an out-of-bound memory write if the PEM certificate contains unexpected characters. **Recommendations** For Cesanta Mongoose Web Server version 7.14, consider updating to a newer version that addresses the improper neutralization of delimiters issue, specifically ensuring that PEM certificates are properly validated to prevent out-of-bound memory writes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.