CVE-2026-35084

Stack buffer overflow in method dali-devconfig

CVSS 8.7 HIGHEPSS 0.5%CWE-121

In short

A flaw in the dali-devconfig tool allows someone with user access to overflow a memory buffer on the system stack, potentially taking complete control of the computer as the administrator (root). This is dangerous because it bypasses normal security restrictions.

Technical detail

Stack buffer overflow in dali-devconfig method CWE-121 allows authenticated local attackers to overwrite stack memory, potentially achieving arbitrary code execution with root privileges. The vulnerability requires user-level access; successful exploitation can lead to complete system compromise through stack frame corruption and return address manipulation.

Summary generated and translated by AI from the official description.

A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

MBS · Double-A Profibus MBS · Double-A x-link MBS · Double-X CAN MBS · Double-X DALI MBS · Double-X KNX MBS · Double-X LON MBS · Double-X M-Bus MBS · Double-X PROFINET MBS · Double-X x-link MBS · Single-A MBS · Single-X MBS · Triple-X KNX+DALI MBS · Triple-X KNX+LON MBS · Triple-X KNX+M-Bus MBS · Triple-X PROFINET+DALI MBS · Triple-X PROFINET+KNX MBS · Triple-X PROFINET+LON MBS · Triple-X PROFINET+M-Bus

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.certvde.com/en/advisories/VDE-2026-039/