CVE-2021-26112: Buffer Overflow
First published: Wed Apr 06 2022(Updated: )
Multiple stack-based buffer overflow vulnerabilities [CWE-121] both in network daemons and in the command line interpreter of FortiWAN before 4.5.9 may allow an unauthenticated attacker to potentially corrupt control data in memory and execute arbitrary code via specifically crafted requests.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiWAN | <=4.5.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-26112?
CVE-2021-26112 is classified as a high severity vulnerability due to its potential to allow arbitrary code execution.
How do I fix CVE-2021-26112?
To mitigate CVE-2021-26112, upgrade FortiWAN to version 4.5.9 or later.
What causes the vulnerabilities in CVE-2021-26112?
The vulnerabilities in CVE-2021-26112 are caused by multiple stack-based buffer overflows in network daemons and the command line interpreter.
Who is affected by CVE-2021-26112?
CVE-2021-26112 affects FortiWAN versions prior to 4.5.9.
Can CVE-2021-26112 be exploited remotely?
Yes, CVE-2021-26112 can be exploited by an unauthenticated attacker via specially crafted requests.
- agent/type
- agent/softwarecombine
- agent/references
- agent/remedy
- agent/author
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/fortinet
- canonical/fortinet fortiwan
- version/fortinet fortiwan/4.5.8