PT-2025-48668 · Circutor · Circutor Sge-Plc1000/Sge-Plc50
Published
2025-12-02
·
Updated
2025-12-28
·
CVE-2025-11778
CVSS v4.0
10
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |
Name of the Vulnerable Software and Affected Versions
Circutor SGE-PLC1000/SGE-PLC50 version 0.9.2
Description
A stack-based buffer overflow exists in the TACACSPLUS implementation of the software. This allows a remote attacker to corrupt memory and potentially gain control of the system. The issue is located within the
read packet() function.Recommendations
Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the TACACSPLUS functionality until a patch is available.
Fix
RCE
Heap Based Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Circutor Sge-Plc1000/Sge-Plc50