Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Wed, 08 Jul 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 07 Jul 2026 23:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Openwrt
Openwrt openwrt |
|
| Vendors & Products |
Openwrt
Openwrt openwrt |
Tue, 07 Jul 2026 21:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | OpenWrt is a Linux operating system targeting embedded devices. Before v25.12.5, an integer underflow in handle_send_a() of the Emergency Access Daemon allows any unauthenticated attacker on the local network to crash the daemon by sending a single crafted UDP packet. The message length underflows before a bounds check and is then passed to memcpy as a very large size. This issue is fixed v25.12.5. | |
| Title | OpenWrt: EAD Integer Underflow → Pre-Auth Denial of Service | |
| Weaknesses | CWE-191 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-08T13:52:07.490Z
Reserved: 2026-06-16T22:28:27.062Z
Link: CVE-2026-55490
Updated: 2026-07-08T13:52:03.334Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-08T15:45:03Z