QSearchQSearch

CVE-2026-10828

A format string vulnerability has been found in the "alias" parameter of the Serial Param configuration page in the NPort W2150A-W4/W2250...

Published: 2026-06-16 · Last updated: 2026-06-16

Severity and scoring

CWE
CWE-134

Description

A format string vulnerability has been found in the "alias" parameter of the Serial Param configuration page in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and prior. This vulnerability stems from insufficient input validation and improper handling of externally supplied format strings. An attacker could exploit this vulnerability by sending crafted input to the web service, causing unintended memory disclosure. Successful exploitation may allow an attacker to leak sensitive memory contents and determine critical memory addresses, potentially bypassing Address Space Layout Randomization (ASLR) protections.

Source: NVD

References

Related CVEs

Same CWE

  • CVE-2025-10262 Nokia SR Linux is vulnerable to local privilege escalation vulnerability due to unsanitized format validation (6.3 MEDIUM)
  • CVE-2026-12174 A security vulnerability has been detected in D-Link DCS-935L 1.10.01 (8.8 HIGH)
  • CVE-2026-6250 An authenticated format string vulnerability exists in the ONVIF service of Tapo C110 v2 due to improper handling of user-controlled input (8.1 HIGH)
  • CVE-2026-6242 An authenticated format string vulnerability exists in the ONVIF Subscribe service in Tapo C520WS v2 due to improper handling of external...
  • CVE-2026-6241 An authenticated format string vulnerability is present in the ONVIF AddScopes in Tapo C520WS v2, where user-controlled input is improper...