Description
OpenWrt is a Linux operating system targeting embedded devices. Before v25.12.5, an integer underflow in handle_send_a() of the Emergency Access Daemon allows any unauthenticated attacker on the local network to crash the daemon by sending a single crafted UDP packet. The message length underflows before a bounds check and is then passed to memcpy as a very large size. This issue is fixed v25.12.5.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
Tue, 07 Jul 2026 23:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Openwrt
Openwrt openwrt |
|
| Vendors & Products |
Openwrt
Openwrt openwrt |
Tue, 07 Jul 2026 21:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | OpenWrt is a Linux operating system targeting embedded devices. Before v25.12.5, an integer underflow in handle_send_a() of the Emergency Access Daemon allows any unauthenticated attacker on the local network to crash the daemon by sending a single crafted UDP packet. The message length underflows before a bounds check and is then passed to memcpy as a very large size. This issue is fixed v25.12.5. | |
| Title | OpenWrt: EAD Integer Underflow → Pre-Auth Denial of Service | |
| Weaknesses | CWE-191 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-07T21:08:26.638Z
Reserved: 2026-06-16T22:28:27.062Z
Link: CVE-2026-55490
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-07T23:00:04Z
Weaknesses
-
CWE-191
Integer Underflow (Wrap or Wraparound)