CVE-2025-41730

Name of the Vulnerable Software and Affected Versions versions prior to 2.3

Description An unauthenticated remote attacker can exploit unsafe sscanf calls within the check account() function to write arbitrary data into fixed-size stack buffers, potentially leading to full device compromise. The sscanf function is used to read formatted input from a string, and in this case, it does not properly validate the size of the input, allowing an attacker to write beyond the bounds of the buffer. This can overwrite adjacent memory locations, potentially gaining control of the device.

Recommendations Update to a version prior to 2.3. As a temporary workaround, consider disabling the check account() function until a patch is available.