CVE-2026-3697 | Planet ICG-2510 1.0_20250811 Language Package Configuration /usr/sbin/httpd sub_40C8E4 stack-based overflow

A vulnerability was found in Planet ICG-2510 1.0_20250811. It has been declared as critical. The impacted element is the function sub_40C8E4 of the file /usr/sbin/httpd of the component Language Package Configuration Handler. Executing a manipulation of the argument Language can lead to stack-based buffer overflow.

This vulnerability is tracked as CVE-2026-3697. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-3697 | Planet ICG-2510 1.0_20250811 Language Package Configuration /usr/sbin/httpd sub_40C8E4 stack-based overflow

Post correlati

CVE-2025-1070 | Schneider Electric ASCO 5310 Single-Channel Remote Annunciator unrestricted upload (SEVD-2025-042-01)

CVE-2024-2151 | SourceCodester Online Mobile Management Store 1.0 Product Price quantity logic error

CVE-2024-3692 | Gutenverse Plugin up to 1.9.0 on WordPress htmlTag cross site scripting

CVE-2024-12467 | grafreak Pago por Redsys Plugin up to 1.0.12 on WordPress Ds_MerchantParameters cross site scripting