CVE-2026-54410

Sažetak

nanoMODBUS through v1.23.0 contains an off-by-one buffer overflow in the recv_msg_header() function of the Modbus/TCP server that allows remote unauthenticated attackers to write one attacker-controlled byte past the end of the 260-byte receive buffer by sending a crafted MBAP frame whose Length field is set to 255. The overflow corrupts the adjacent buffer-index field of the nanoMODBUS state structure, resulting in denial of service through invalid memory accesses and, on bare-metal and RTOS targets without memory protection, one-byte information disclosure and writes to unintended register addresses on the Write Multiple Registers (FC16) handler path.

Reference

https://cwe.mitre.org/data/definitions/193.html
https://cwe.mitre.org/data/definitions/787.html
https://github.com/debevv/nanoMODBUS
https://github.com/debevv/nanoMODBUS/blob/v1.23.0/nanomodbus.c#L369

CVSS

Base:	9.0
Impact:	8.5
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:C

Zadnje važnije ažuriranje

14-06-2026 - 18:17

Objavljeno

14-06-2026 - 18:17