A critical stack-based buffer overflow in the lwIP SNMPv3 implementation allows remote attackers to compromise embedded systems via malicious inbound frames.

Improper handling of the msgAuthenticationParameters argument within the SNMPv3 USM module leads to a stack-based buffer overflow when processing specially crafted packets.

With a CVSS score of 9.8, this flaw poses a severe risk to network-connected devices using the lwIP stack. Successful exploitation could lead to total device takeover, denial of service, or the ability to intercept and manipulate network traffic.

Immediate Action: Apply the vendor-provided patch (commit 0c957ec03054eb6c8205e9c9d1d05d90ada3898c) to the lwIP source code.

Proactive Monitoring: Monitor network traffic for malformed SNMP packets or unusual snmp_msg.c execution patterns.

Compensating Controls: Disable SNMPv3 services on network-exposed interfaces if not required for management operations.

Public Exploit Available: No