Description
striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function AuxJack.
Published: 2026-05-13
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The firmware version that includes commit 54c9722 contains a buffer overflow in the AuxJack function. The flaw allows an attacker to supply an oversized input that overflows a stack buffer, potentially overwriting control data such as return addresses. If successful, this can lead to arbitrary code execution with the privileges of the firmware process. The weakness is a classic buffer overflow under CWE‑121.

Affected Systems

The only specific information provided identifies the affected product as striso‑control‑firmware at the exact commit 54c9722. No vendor or broader version ranges are listed, so any deployment of this firmware build is potentially impacted. No alternative products or vendor information is available.

Risk and Exploitability

The reported CVSS score of 7.5 indicates moderate to high severity, while the EPSS score of less than 1% suggests a low current likelihood of exploitation. The flaw is not listed in the CISA KEV catalog, so no publicly confirmed exploits exist yet. However, buffer overflows of this type are generally highly exploitable if the function can be exercised by an attacker, such as through an exposed AuxJack interface or by an adversary with local access. Because the exploit requirement is a crafted input, the risk depends on whether the firmware operates in a trusted environment and whether the AuxJack feature is accessible from untrusted networks.

Generated by OpenCVE AI on May 14, 2026 at 16:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware release from the striso‑control‑firmware project that addresses the AuxJack buffer overflow.
  • If no patched firmware is currently available, limit the device’s network exposure to trusted networks, using firewall rules or network segmentation to block external access to the AuxJack interface.
  • Consider disabling the AuxJack feature via the firmware’s configuration options if such an option exists, or implement application‑level checks to reject inputs that could cause a buffer overflow.

Generated by OpenCVE AI on May 14, 2026 at 16:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 17 May 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Striso
Striso control-firmware
Vendors & Products Striso
Striso control-firmware

Thu, 14 May 2026 17:00:00 +0000

Type Values Removed Values Added
Title AuxJack Function Buffer Overflow in striso‑control‑firmware

Thu, 14 May 2026 15:45:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in AuxJack Function of striso-control-firmware
Weaknesses CWE-120
CWE-787

Thu, 14 May 2026 13:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-121
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 13 May 2026 18:30:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in AuxJack Function of striso-control-firmware
Weaknesses CWE-120
CWE-787

Wed, 13 May 2026 16:15:00 +0000

Type Values Removed Values Added
Description striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function AuxJack.
References

Subscriptions

Striso Control-firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-14T12:27:26.233Z

Reserved: 2025-03-11T00:00:00.000Z

Link: CVE-2025-28344

cve-icon Vulnrichment

Updated: 2026-05-14T12:27:16.972Z

cve-icon NVD

Status : Deferred

Published: 2026-05-13T16:16:35.087

Modified: 2026-05-14T13:16:16.617

Link: CVE-2025-28344

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-17T19:42:12Z

Weaknesses