CVE-2026-3697
Remote Stack-Based Buffer Overflow in Planet ICG-2510 Language Handler
Publication date: 2026-03-08
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| planet | icg-2510 | 1.0_20250811 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-3697 is a stack-based buffer overflow vulnerability found in the Planet ICG-2510 device, version 1.0_20250811. It exists in the function sub_40C8E4 within the /usr/sbin/httpd binary, which handles language package configuration.
The vulnerability occurs because the function retrieves a language configuration string from NVRAM and uses sprintf to format it into a 60-byte buffer without validating the length of the input. If the language string exceeds about 48 characters, it overflows the allocated buffer, causing a classic buffer overflow.
An attacker can exploit this remotely by setting a maliciously long language value, either directly via nvram commands or indirectly through configuration files. This overflow triggers when the web management interface loads language resources.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to several serious impacts:
- Denial of Service (DoS) by crashing the web management interface, making the device management unavailable.
- Potential Arbitrary Code Execution (Remote Code Execution) by corrupting memory or heap metadata, which could allow an attacker to take control of the device remotely.
- Sensitive Information Leakage due to memory corruption caused by the buffer overflow.
Because the language configuration is processed during device startup or routine operations, the vulnerability can be persistent and easily triggered, posing a significant security risk.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking the length of the language configuration value stored in NVRAM on the Planet ICG-2510 device. Specifically, if the "language" value exceeds approximately 48 characters, it may trigger the buffer overflow.'}, {'type': 'paragraph', 'content': 'A practical detection method is to query the current language setting using the nvram command on the device and inspect its length.'}, {'type': 'list_item', 'content': 'Run the command: nvram get language'}, {'type': 'list_item', 'content': 'Check if the returned string length is greater than 48 characters.'}, {'type': 'paragraph', 'content': 'If the language string is unusually long or suspicious, it indicates potential exploitation or misconfiguration related to this vulnerability.'}] [1, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding setting or accepting language configuration values longer than 48 characters to prevent triggering the buffer overflow.
Since no vendor patches or official mitigations are available, it is recommended to replace the affected Planet ICG-2510 device with an alternative product that is not vulnerable.
Additionally, restricting remote access to the web management interface can reduce the risk of remote exploitation.
Monitoring for crashes or denial of service symptoms on the web interface may help detect exploitation attempts.