CVE-2026-30872

EUVD-2026-13249

19.03.2026, 22:16

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the mdns daemon has a Stack-based Buffer Overflow vulnerability in the match_ipv6_addresses function, triggered when processing PTR queries for IPv6 reverse DNS domains (.ip6.arpa) received via multicast DNS on UDP port 5353. During processing, the domain name from name_buffer is copied via strcpy into a fixed 256-byte stack buffer, and then the reverse IPv6 request is extracted into a buffer of only 46 bytes (INET6_ADDRSTRLEN). Because the length of the data is never validated before this extraction, an attacker can supply input larger than 46 bytes, causing an out-of-bounds write. This allows a specially crafted DNS query to overflow the stack buffer in match_ipv6_addresses, potentially enabling remote code execution. This issue has been fixed in versions 24.10.6 and 25.12.1.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
openwrt	openwrt	𝑥 < 24.10.6
openwrt	openwrt	25.12.0 ≤ 𝑥 < 25.12.1

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-121 - Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Vulnerability Media Exposure

[GERMAN] OpenWrt: Service-Releases schließen kritische Sicherheitslücken
Die Service-Releases 25.12.1 und 24.10.6 des Router-Betriebssystems OpenWrt dichten als kritisch eingestufte Sicherheitslücken ab.
Published: 2026-03-20T11:00:00+00:00

References

https://github.com/openwrt/openwrt/releases/tag/v24.10.6

https://github.com/openwrt/openwrt/releases/tag/v25.12.1

https://github.com/openwrt/openwrt/security/advisories/GHSA-mpgh-v658-jqv5