PatchSiren

PatchSiren cyber security CVE debrief

CVE-2025-29329 Sagemcom CVE debrief

A critical buffer overflow vulnerability was found in the ippprint service of Sagemcom F@st 3686 MAGYAR_4.121.0. This allows remote attackers to execute arbitrary code via crafted HTTP requests. The vulnerability has a CVSS score of 9.8, indicating critical severity. Network administrators and security teams managing Sagemcom F@st 3686 devices, especially those using MAGYAR_4.121.0 firmware, should prioritize patching. Evidence is based on the CVE record and NVD details. Immediate patching is recommended due to the potential for remote code execution.

Vendor
Sagemcom
Product
F@st 3686
CVSS
CRITICAL 9.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-01-12
Original CVE updated
2026-07-05
Advisory published
2026-01-12
Advisory updated
2026-07-05

Who should care

Network administrators and security teams managing Sagemcom F@st 3686 devices, especially those using MAGYAR_4.121.0 firmware, should prioritize patching this vulnerability.

Technical summary

The CVE-2025-29329 vulnerability is a buffer overflow in the ippprint service of Sagemcom F@st 3686 MAGYAR_4.121.0. This service, part of the Internet Printing Protocol (IPP), is susceptible to remote exploitation. An attacker can execute arbitrary code by sending a specially crafted HTTP request. The vulnerability has a CVSS score of 9.8, indicating critical severity.

Defensive priority

Immediate patching is recommended due to the critical severity and potential for remote code execution. This vulnerability requires urgent attention to prevent potential exploitation.

Recommended defensive actions

  • Apply the vendor-provided patch or update to a fixed version of the firmware.
  • Implement network segmentation to limit access to the affected service.
  • Monitor network traffic for suspicious HTTP requests.
  • Conduct regular vulnerability scans and inventory checks.

Evidence notes

The CVE record and NVD details provide primary evidence for this vulnerability. However, specific exploit details or additional affected versions are not provided in the source corpus.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-01-12T22:16:07.660Z and has not been modified since then.