NVD disclosure day

Published threat advisories for January 16, 2025

CVE advisoryCRITICAL

CVE-2025-22916

RE11S Firmware Stack Overflow in PPPoE Setup

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A stack overflow vulnerability in RE11S firmware's PPPoE setup function can be triggered by a malformed username, potentially allowing remote attackers to compromise the device. This issue is reachable via network-accessible configuration interfaces and could lead to service disruption or unauthorized control.

CVE advisoryCRITICAL

CVE-2025-22906

RE11S Firmware Command Injection Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A critical command injection vulnerability in RE11S firmware allows remote attackers to execute arbitrary commands by sending a crafted request to the WAN configuration interface. This could compromise device functionality and network services. The relevance and exposure across deployed devices need to be confirmed.

CVE advisoryCRITICAL

CVE-2025-22904

Edimax RE11S Firmware setWAN Stack Overflow

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A critical stack overflow vulnerability exists in network device firmware that could allow an attacker to gain significant control over affected devices. The vulnerability is triggered by specific input to the `setWAN` function and could lead to denial of service or unauthorized access. Confirming if this technology is