ASR Lapwing_Linux Out-of-Bounds Read Vulnerability in ASR1903 and ASR3901

Vulnerability

A high-severity out-of-bounds read vulnerability has been identified in the ASR1903 and ASR3901 products, specifically within the ASR Lapwing_Linux operating system and the nr_fw modules. The issue arises in the program file NrCgi.C, and it affects versions of Lapwing_Linux released prior to November 26, 2025.

Impact

Exploitation of this vulnerability leads to an out-of-bounds read, which can potentially allow an attacker to access memory outside the intended boundaries, possibly leading to information disclosure or other memory-related attacks.

Added: Nov 26, 2025, 7:17 AM

Updated: Nov 26, 2025, 7:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ASR Lapwing_Linux Out-of-Bounds Read Vulnerability in ASR1903 and ASR3901

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating