Integer Underflow Vulnerability in OpenWrt Emergency Access Daemon
CVE-2026-55490
6.5MEDIUM
What is CVE-2026-55490?
The Emergency Access Daemon in OpenWrt before version 25.12.5 is susceptible to an integer underflow vulnerability that allows unauthenticated attackers on the local network to cause a crash. The vulnerability arises in the handle_send_a() function, where a crafted UDP packet can lead to an underflow before a bounds check is performed, resulting in an excessively large size being passed to memcpy. This flaw has been addressed in version 25.12.5, enhancing security against such attacks.
Affected Version(s)
openwrt < 25.12.5
