CVE-2026-7685

A vulnerability was detected in Edimax BR-6208AC up to 1.02. Affected is an unknown function of the file /goform/setWAN. Performing a manipulation of the argument pptpDfGateway results in buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used. The vendor...

CVE-2026-7682

Edimax BR-6208AC (firmware 1.02) contains a vulnerability in the L2TP Mode setWAN function (/goform/setWAN). The L2TPUserName parameter can be manipulated to induce command injection. The issue is exploitable remotely and has publicly disclosed PoC/exploit code. Vendor did not respond to disclosu...

EDIMAX BR-6208AC 缓冲区错误漏洞

The EDIMAX BR-6208AC is a wireless broadband router produced by Edimax Corporation of Taiwan. Versions of the Edimax BR-6208AC prior to 1.02 contained a buffer overflow vulnerability. This vulnerability stemmed from an unknown function in the file/goform/setWAN, which handled the parameter...

PT-2026-36675

Name of the Vulnerable Software and Affected Versions Edimax BR-6208AC versions prior to 1.02 Description A buffer overflow can be triggered remotely via a manipulation of the pptpDfGateway argument within an unknown function of the '/goform/setWAN' file. Recommendations At the moment, there is n...

D-Link DIR-645 安全漏洞

The D-Link DIR-645 is a wireless router produced by D-Link Corporation. Versions 1.01, 1.02, and 1.03 of the D-Link DIR-645 contain security vulnerabilities. These vulnerabilities stem from a stack-based buffer overflow vulnerability in the function hedwigcgimain located in the /cgi-bin/hedwig.cg...

CVE-2026-5184 TRENDnet TEW-713RE setSysAdm command injection

A vulnerability was identified in TRENDnet TEW-713RE up to 1.02. The impacted element is an unknown function of the file /goform/setSysAdm. The manipulation of the argument admuser leads to command injection. The attack can be initiated remotely. The exploit is publicly available and might be use...

CVE-2026-5183

CVE-2026-5183 affects TRENDNet TEW-713RE (up to firmware 1.02). The vulnerable element is the function sub_421494 in the file /goform/addRouting; manipulating the argument dest can cause a remote command injection. Public exploit information exists; vendor has not responded to disclosure. Connect...

PT-2026-29200

A vulnerability was determined in TRENDnet TEW-713RE up to 1.02. The affected element is the function sub 421494 of the file /goform/addRouting. Executing a manipulation of the argument dest can lead to command injection. It is possible to launch the attack remotely. The exploit has been publicly...

CVE-2024-14028

Use after free vulnerability in Softing smartLink HW-DP or smartLink HW-PN webserver allows HTTP DoS. This issue affects: smartLink HW-DP: through 1.31 smartLink HW-PN: before 1.02...

CVE-2024-14028

CVE-2024-14028 describes a use-after-free vulnerability in Softing smartLink HW-DP and HW-PN webservers that can lead to HTTP DoS. Affected products are smartLink HW-DP up to version 1.31 and HW-PN up to version 1.02. The issue is triggered by a use-after-free in the webserver’s handling of HTTP ...

Softing smartLink HW-DP和Softing smartLink HW-PN 安全漏洞

Both the Softing smartLink HW-DP and Softing smartLink HW-PN are industrial device connectivity gateway devices developed by the German company Softing. The Softing smartLink HW-DP version 1.31 and earlier, as well as the Softing smartLink HW-PN version 1.02 and earlier, contain security...

CVE-2025-13438 Page Title, Description & Open Graph Updater <= 1.02 - Cross-Site Request Forgery to Arbitrary Page Title Modification

The Page Title, Description & Open Graph Updater plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.02. This is due to missing nonce validation on multiple AJAX actions including dienoupdatepagetitle. This makes it possible for unauthenticated...

WordPress Page Title, Description & Open Graph Updater plugin <= 1.02 - Cross-Site Request Forgery to Arbitrary Page Title Modification vulnerability

Cross-Site Request Forgery to Arbitrary Page Title Modification vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Page Title, Description & Open Graph Updater versions = 1.02...

CVE-2026-1042

The WP Hello Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'digitone' and 'digittwo' parameters in all versions up to, and including, 1.02 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress plugin WP Hello Bar has a cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-15471

A vulnerability was detected in TRENDnet TEW-713RE 1.02. The impacted element is an unknown function of the file /goformX/formFSrvX. The manipulation of the argument SZCMD results in os command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The...

Edimax BR-6208AC 命令注入漏洞

The Edimax BR-6208AC is a wireless router from Taiwan, China-based Xunzhou Edimax Corporation. A command injection vulnerability exists in Edimax BR-6208AC version 1.02 and 1.03, which originates from incorrect manipulation of the file /gogorm/formRoute parameter strIp/strMask/strGateway in the...

Edimax BR-6208AC 输入验证错误漏洞

The Edimax BR-6208AC is a wireless router from Taiwan, China-based Xunzhou Edimax. An input validation error vulnerability exists in Edimax BR-6208AC version 1.02 and 1.03, which stems from incorrect operation of the parameter wlan-url in the file /goform/formALGSetup, which could lead to an open...

Edimax BR-6208AC 路径遍历漏洞

The Edimax BR-6208AC is a wireless router from Edimax Taiwan, China. A path traversal vulnerability exists in the Edimax BR-6208AC version 1.02, which originates from a misbehavior of the function handleretr in the FTP Daemon Service component, and could lead to a path traversal attack...

CVE-2025-10150

Webserver crash caused by scanning on TCP port 80 in Softing Industrial Automation GmbH gateways and switch.This issue affects smartLink HW-PN: from 1.02 through 1.03 smartLink HW-DP: 1.31...