External risk intelligence

Attacker can take control of ASR Kestrel devices due to buffer overflow

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2026-42799

A critical flaw in ASR Kestrel firmware allows attackers to overflow buffers and potentially take control of devices remotely without authentication. This is urgent due to its potential for widespread system compromise.

2Halo Surface Signal

Out-of-bounds Read

Asrmicro Asr1803 Firmware

before 1.216.002

External exposure likelihood

Halo Surface Signal score for CVE-2026-42799

The vulnerability affects an internal power control module within ASR Kestrel firmware. Such components are typically deeply embedded in infrastructure and are not designed to be exposed to the public internet. While the device may be reachable via internal network segments, direct public exposure is uncommon and generally restricted to internal management or control networks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Horizon Alert

Summary of the vulnerability and why it matters

An out-of-bounds read vulnerability in ASR Kestrel firmware can allow for overflow buffers, potentially leading to system compromise. This issue is significant because it could enable unauthorized access and control over affected devices.

  • Critical Impact: Allows for significant data corruption or complete system takeover.
  • Network Accessible: Can be exploited remotely without prior access.
  • Widespread Exposure: Affects many devices running the vulnerable firmware.

Attack Path

How an attacker could exploit the issue

An attacker could exploit this out-of-bounds read vulnerability in ASR Kestrel firmware's power control module to cause a denial-of-service or potentially leak sensitive information. Since the vulnerability is in a network-accessible component, an unauthenticated attacker could trigger it remotely by sending specially crafted network traffic. This could disrupt services or allow for reconnaissance.

  • Remote, unauthenticated attack possible.
  • Targets network-accessible firmware component.
  • Exploitable via crafted network traffic.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability, an out-of-bounds read in ASR Kestrel's power control module, presents a limited threat for broad exploitation. Attackers generally favor vulnerabilities that are easily accessible and widely deployed, rather than those residing in specialized, internal firmware components. Direct exploitation without prior network access or specific system knowledge would be highly improbable.

  • Affects specialized firmware.
  • No known public exploits.
  • Published recently.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Prioritize patching or upgrading ASR Kestrel firmware to version 1.216.002 or later to address the critical out-of-bounds read vulnerability. If immediate patching is not feasible, implement network segmentation to isolate affected devices and restrict access to the vulnerable components.

  • Update ASR Kestrel firmware to 1.216.002.
  • Isolate affected devices from networks.
  • Monitor for exploitation attempts.

Frequently asked questions

What is the ASR Kestrel firmware and its function, considering it runs on ASR1803 devices?

ASR Kestrel firmware is the software operating on specific ASR micro devices, notably the ASR1803. Its primary role is to manage and control the device's power functions.

What is CVE-2026-42799, and what type of weakness does it represent?

CVE-2026-42799 is an out-of-bounds read vulnerability. This weakness occurs when a program attempts to access data beyond its designated memory buffer, potentially causing crashes or enabling attackers to read sensitive data.

How can an attacker exploit CVE-2026-42799, and what is the scope of impact?

An attacker can exploit this vulnerability remotely without requiring any authentication by sending specifically crafted network traffic to the affected device. The vulnerability resides in a network-accessible component, and its scope is self-contained (S:U), meaning it does not affect other security scopes.

What is the relevance of CVE-2026-42799, given it affects an internal power control module?

The Halo Surface Signal indicates this vulnerability is unlikely to be exploited broadly because it resides within an internal power control module of ASR Kestrel firmware. Such components are typically embedded within infrastructure and not directly exposed to the public internet, making direct public exposure uncommon.

What steps should be taken to address the CVE-2026-42799 vulnerability?

To mitigate CVE-2026-42799, it is recommended to update ASR Kestrel firmware to version 1.216.002 or later. If immediate patching is not possible, isolating affected devices through network segmentation can restrict access to the vulnerable components.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified