Description
Buffer Overflow vulnerability in arendst Tasmota v.15.3.0.3 and before allows a remote attacker to execute arbitrary code via the xdrv_10_scripter.ino, fetch_jpg(), jpg_task.boundary[40], strcpy() function.
Published: 2026-05-27
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a stack‑based buffer overflow located in the fetch_jpg() function of the xdrv_10_scripter.ino module. By sending a specially crafted JPEG request, a remote attacker can overwrite the jpg_task.boundary[40] buffer and invoke the strcpy() call without bounds checking. This allows the attacker to execute arbitrary code on the Tasmota device, compromising confidentiality, integrity, and availability of the system. The vulnerability exists in Tasmota version 15.3.0.3 and all earlier releases. The CVSS score for this vulnerability is 7.3, indicating high severity.

Affected Systems

The affected product is Arendst Tasmota firmware. Versions 15.3.0.3 and earlier are vulnerable. No specific hardware models are mentioned, so any device running these firmware versions is at risk.

Risk and Exploitability

The CVSS score is 7.3, indicating high severity. Because the exploit only requires sending a malformed JPEG over the network interface, the attack vector is likely remote over HTTP/HTTPS or any network protocol used by the xdrv_10_scripter module. The EPSS score is unavailable, and the vulnerability is not listed in CISA’s KEV catalog, indicating no publicly known exploits yet. However, the high potential for arbitrary code execution makes it a top‑priority vulnerability that should be remediated promptly.

Generated by OpenCVE AI on May 27, 2026 at 23:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Flash the device with the latest Tasmota firmware that includes the fix.
  • Restrict network access to the device by placing it behind a firewall or VPN.
  • Disable the script module if it is not required for device operation.

Generated by OpenCVE AI on May 27, 2026 at 23:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 30 May 2026 23:00:00 +0000

Type Values Removed Values Added
First Time appeared Arendst
Arendst tasmota
Vendors & Products Arendst
Arendst tasmota

Wed, 27 May 2026 23:45:00 +0000

Type Values Removed Values Added
Title Remote Code Execution via Buffer Overflow in Tasmota JPEG Processing

Wed, 27 May 2026 22:45:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in Tasmota Scripter Allows Remote Code Execution
Weaknesses CWE-121

Wed, 27 May 2026 19:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 27 May 2026 17:15:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in Tasmota Scripter Allows Remote Code Execution
Weaknesses CWE-121

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description Buffer Overflow vulnerability in arendst Tasmota v.15.3.0.3 and before allows a remote attacker to execute arbitrary code via the xdrv_10_scripter.ino, fetch_jpg(), jpg_task.boundary[40], strcpy() function.
References

Subscriptions

Arendst Tasmota
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-27T18:19:03.125Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-38426

cve-icon Vulnrichment

Updated: 2026-05-27T18:18:59.583Z

cve-icon NVD

Status : Deferred

Published: 2026-05-27T14:16:45.880

Modified: 2026-05-27T20:03:09.937

Link: CVE-2026-38426

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-30T21:22:34Z

Weaknesses
  • CWE-120

    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')