PatchSiren

Pavel Odintsov CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM Pavel Odintsov CVE published 2026-05-26

CVE-2026-48696

A buffer overflow vulnerability exists in FastNetMon Community Edition through version 1.2.9. This issue is distinct from CVE-2026-48686 and CVE-2026-48689. The vulnerability was published to the CVE List on 26 May 2026 and remains under analysis by NVD as of the last modification timestamp (26 May 2026 19:29 UTC). No CVSS score or severity rating has been assigned. The affected product is FastNetMon Comm [truncated]

HIGH Pavel Odintsov CVE published 2026-05-26

CVE-2026-48695

FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the MikroTik router integration plugin. The `_log()` function in `src/mikrotik_plugin/fastnetmon_mikrotik.php` (lines 107-108) constructs shell commands by concatenating the `$msg` parameter directly into `exec()` calls without sanitization. The `$msg` variable contains unsanitized attack data from command-line ar [truncated]

HIGH Pavel Odintsov CVE published 2026-05-26

CVE-2026-48694

A configuration injection vulnerability in FastNetMon Community Edition through version 1.2.9 allows attackers with control over IP address input to execute arbitrary Juniper CLI commands via the Juniper router integration plugin. The vulnerability stems from direct interpolation of the $IP_ATTACK variable (received from argv[1]) into NETCONF set-configuration commands at lines 69 and 90 of src/juniper_pl [truncated]

HIGH Pavel Odintsov CVE published 2026-05-26

CVE-2026-48697

FastNetMon Community Edition through 1.2.9 fails to validate TLS certificates on outbound HTTPS connections. The `execute_web_request_secure()` function in `src/fast_library.cpp` initializes a Boost.Asio SSL context with `tls_client` mode and loads CA certificates via `set_default_verify_paths()`, but omits the critical `set_verify_mode(boost::asio::ssl::verify_peer)` call. Without this verification mode, [truncated]

MEDIUM Pavel Odintsov CVE published 2026-05-26

CVE-2026-48693

FastNetMon Community Edition through 1.2.9 contains a local symlink attack vulnerability stemming from insecure temporary file handling. The application defaults to writing statistics data to a predictable path at /tmp/fastnetmon.dat, which it opens with truncation semantics without symlink validation or O_NOFOLLOW protections. A secondary implementation error causes chmod operations to target a fixed pat [truncated]

HIGH Pavel Odintsov CVE published 2026-05-26

CVE-2026-48690

FastNetMon Community Edition through 1.2.9 contains an integer overflow vulnerability in the packet capture buffer allocation. In src/packet_storage.hpp, the allocate_buffer() function computes memory_size_in_bytes as 'buffer_size_in_packets * (max_captured_packet_size + sizeof(fastnetmon_pcap_pkthdr_t)) + sizeof(fastnetmon_pcap_file_header_t)' using unsigned int (32-bit) arithmetic. With max_captured_pac [truncated]

HIGH Pavel Odintsov CVE published 2026-05-26

CVE-2026-48692

FastNetMon Community Edition through 1.2.9 exposes an unauthenticated gRPC API on TCP port 50052. The server uses grpc::InsecureServerCredentials() and implements no credential verification across RPC methods including ExecuteBan, ExecuteUnBan, GetBanlist, and GetTotalTrafficCounters. ExecuteBan and ExecuteUnBan trigger BGP route announcements and external script execution via popen(). An attacker with lo [truncated]

CRITICAL Pavel Odintsov CVE published 2026-05-26

CVE-2026-48687

FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Juniper router integration plugin. The _log() function in src/juniper_plugin/fastnetmon_juniper.php (lines 117-118) constructs shell commands by concatenating the $msg parameter directly into exec() calls: exec(“echo `date` “- [FASTNETMON] - ” . $msg . ” ” >> ” . $FILE_LOG_TMP). The $msg variable contains unsa [truncated]

CRITICAL Pavel Odintsov CVE published 2026-05-26

CVE-2026-48686

FastNetMon Community Edition through 1.2.9 contains a stack-based buffer overflow in the BGP NLRI (Network Layer Reachability Information) decoder. The vulnerability exists in decode_bgp_subnet_encoding_ipv4_raw() in src/bgp_protocol.cpp, where prefix_bit_length is read directly from BGP packets without validation that it is <= 32 for IPv4 prefixes. This unvalidated value propagates through how_much_bytes [truncated]

MEDIUM Pavel Odintsov CVE published 2026-05-26

CVE-2026-48685

FastNetMon Community Edition through 1.2.9 contains an out-of-bounds memory access vulnerability in its BGP path attribute parsing logic. The flaw resides in `parse_raw_bgp_attribute()` within `src/bgp_protocol.hpp`, where the function correctly identifies the extended length flag but fails to read the full 16-bit attribute length when this flag is set. Per RFC 4271 Section 4.3, extended length attributes [truncated]

MEDIUM Pavel Odintsov CVE published 2026-05-26

CVE-2026-48684

FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read vulnerability in its NetFlow v9 options template parser. The flaw exists in `process_netflow_v9_options_template()` within `src/netflow_plugin/netflow_v9_collector.cpp`. The scope parsing loop (lines 224-229) iterates using an attacker-controlled `option_scope_length` value without validating that `(zone_address + scopes_offset + si [truncated]