CVE-2026-3697
Received Received - Intake

Remote Stack-Based Buffer Overflow in Planet ICG-2510 Language Handler

Vulnerability report for CVE-2026-3697, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-08

Last updated on: 2026-04-29

Assigner: VulDB

Description

A vulnerability was determined in Planet ICG-2510 1.0_20250811. The impacted element is the function sub_40C8E4 of the file /usr/sbin/httpd of the component Language Package Configuration Handler. Executing a manipulation of the argument Language can lead to stack-based buffer overflow. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-08
Last Modified
2026-04-29
Generated
2026-07-06
AI Q&A
2026-03-08
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
planet icg-2510 1.0_20250811

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-3697 is a stack-based buffer overflow vulnerability found in the Planet ICG-2510 device, version 1.0_20250811. It exists in the function sub_40C8E4 within the /usr/sbin/httpd binary, which handles language package configuration.

The vulnerability occurs because the function retrieves a language configuration string from NVRAM and uses sprintf to format it into a 60-byte buffer without validating the length of the input. If the language string exceeds about 48 characters, it overflows the allocated buffer, causing a classic buffer overflow.

An attacker can exploit this remotely by setting a maliciously long language value, either directly via nvram commands or indirectly through configuration files. This overflow triggers when the web management interface loads language resources.

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking the length of the language configuration value stored in NVRAM on the Planet ICG-2510 device. Specifically, if the "language" value exceeds approximately 48 characters, it may trigger the buffer overflow.'}, {'type': 'paragraph', 'content': 'A practical detection method is to query the current language setting using the nvram command on the device and inspect its length.'}, {'type': 'list_item', 'content': 'Run the command: nvram get language'}, {'type': 'list_item', 'content': 'Check if the returned string length is greater than 48 characters.'}, {'type': 'paragraph', 'content': 'If the language string is unusually long or suspicious, it indicates potential exploitation or misconfiguration related to this vulnerability.'}] [1, 3]

Mitigation Strategies

Immediate mitigation steps include avoiding setting or accepting language configuration values longer than 48 characters to prevent triggering the buffer overflow.

Since no vendor patches or official mitigations are available, it is recommended to replace the affected Planet ICG-2510 device with an alternative product that is not vulnerable.

Additionally, restricting remote access to the web management interface can reduce the risk of remote exploitation.

Monitoring for crashes or denial of service symptoms on the web interface may help detect exploitation attempts.

Impact Analysis

Exploitation of this vulnerability can lead to several serious impacts:

  • Denial of Service (DoS) by crashing the web management interface, making the device management unavailable.
  • Potential Arbitrary Code Execution (Remote Code Execution) by corrupting memory or heap metadata, which could allow an attacker to take control of the device remotely.
  • Sensitive Information Leakage due to memory corruption caused by the buffer overflow.

Because the language configuration is processed during device startup or routine operations, the vulnerability can be persistent and easily triggered, posing a significant security risk.

Compliance Impact

I don't know

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-3697. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart