704 matches found
EUVD-2026-9197
An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Attackers may send overly long addDhcpRules data. When these rules enter the addDhcpRule function and are processed by ret = sscanfpRule, " %d\t%^\t\t%^\n\r\t", &dhcpsIndex, dhcpsIP, dhcpsMac;, the lack of size validation for the rules could...
CVE-2026-24110
An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Attackers may send overly long addDhcpRules data. When these rules enter the addDhcpRule function and are processed by ret = sscanfpRule, " %d\t%^\t\t%^\n\r\t", &dhcpsIndex, dhcpsIP, dhcpsMac;, the lack of size validation for the rules could...
Tenda W20E 安全漏洞
The Tenda W20E is a router produced by the Chinese company Tenda. The Tenda W20E V4.0brV15.11.0.6 version contains a security vulnerability. This vulnerability stems from the lack of size validation when processing data related to addDhcpRules, which may lead to a buffer overflow...
CVE-2026-24110
An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Attackers may send overly long addDhcpRules data. When these rules enter the addDhcpRule function and are processed by ret = sscanfpRule, " %d\t%^\t\t%^\n\r\t", &dhcpsIndex, dhcpsIP, dhcpsMac;, the lack of size validation for the rules could...
CVE-2026-3399 Tenda F453 httpd GstDhcpSetSer fromGstDhcpSetSer buffer overflow
A vulnerability was identified in Tenda F453 1.0.0.3. Affected by this vulnerability is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. The manipulation of the argument dips leads to buffer overflow. The attack may be initiated remotely. The exploit is...
PT-2026-22247
Name of the Vulnerable Software and Affected Versions Tenda F453 version 1.0.0.3 Description A buffer overflow issue exists in the httpd component of the Tenda F453 router. The issue is located in the fromDhcpListClient function within the /goform/DhcpListClient API endpoint. Manipulation of the...
USN-8056-1 u-boot vulnerabilities
Simon Diepold discovered that U-Boot incorrectly handled certain DHCP responses. An attacker on the local network could possibly use this issue to obtain sensitive memory contents. CVE-2024-42040 It was discovered that U-Boot incorrectly handled symlink size calculations in squashfs file systems...
USN-8056-1: U-Boot vulnerabilities
Simon Diepold discovered that U-Boot incorrectly handled certain DHCP responses. An attacker on the local network could possibly use this issue to obtain sensitive memory contents. CVE-2024-42040 It was discovered that U-Boot incorrectly handled symlink size calculations in squashfs file systems...
CVE-2019-25411 Comodo Dome Firewall 2.7.0 Cross-Site Scripting via DHCP
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the GATEWAYGREEN parameter. Attackers can send POST requests to the DHCP configuration endpoint with script payloads to execute arbitrary JavaScript...
CVE-2019-25411
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the GATEWAYGREEN parameter. Attackers can send POST requests to the DHCP configuration endpoint with script payloads to execute arbitrary JavaScript...
Comodo Dome Firewall 跨站脚本漏洞
Comodo Dome Firewall is a unified threat management and next-generation firewall provided by the Chinese company Comodo. Version 2.7.0 of Comodo Dome Firewall contains a cross-site scripting vulnerability. This vulnerability stems from improper cleaning of the GatewayGREEN parameter input in the...
CVE-2026-2055 D-Link DIR-605L/DIR-619L DHCP Client Information information disclosure
A weakness has been identified in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. The affected element is an unknown function of the component DHCP Client Information Handler. Executing a manipulation can lead to information disclosure. The attack may be launched remotely. The exploit has been made...
PT-2026-6722
Name of the Vulnerable Software and Affected Versions D-Link DIR-605L version 2.06B01 D-Link DIR-619L version 2.06B01 D-Link DIR-605L version 2.13B01 D-Link DIR-619L version 2.13B01 Description A weakness exists in D-Link DIR-605L and DIR-619L routers. The issue is related to an unknown function...
D-Link DIR-605L和D-Link DIR-619L 访问控制错误漏洞
The D-Link DIR-605L and D-Link DIR-619L are wireless routers produced by the Chinese company D-Link. The D-Link DIR-605L versions 2.06B01/2.13B01 and DIR-619L versions 2.06B01/2.13B01 have a vulnerability related to access control. This vulnerability stems from incorrect operations on the DHCP...
CVE-2020-37062 DHCP Turbo 4.6.1298- 'DHCP Turbo 4' Unquoted Service Path
DHCP Turbo 4.61298 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. Attackers can place malicious executables in the service path to gain elevated privileges when the service starts...
EUVD-2020-30967
DHCP Turbo 4.61298 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. Attackers can place malicious executables in the service path to gain elevated privileges when the service starts...
Weird Solutions DHCP Turbo 代码问题漏洞
Weird Solutions DHCP Turbo is a DHCP server software developed by Weird Solutions Corporation. Version 4.61298 of Weird Solutions DHCP Turbo contains a code vulnerability caused by an unquoted service path. This vulnerability could allow local attackers to execute arbitrary code and gain elevated...
MiracleLinux 7 : dhcp-4.2.5-83.1.0.1.el7.AXS7 (AXSA:2021-1902:02)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1902:02 advisory. dhcp: stack-based buffer overflow when parsing statements with colon-separated hex digits in config or lease files in dhcpd and dhclient CVE-2021-25217 Tenab...
MiracleLinux 3 : dhcp-3.0.5-23.4.0.1.AXS3 (AXSA:2011-162:01)
The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-162:01 advisory. DHCP Dynamic Host Configuration Protocol is a protocol which allows individual devices on an IP network to get their own network configuration information IP...
MiracleLinux 4 : dnsmasq-2.48-13.AXS4 (AXSA:2013-132:01)
The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2013-132:01 advisory. Dnsmasq is lightweight, easy to configure DNS forwarder and DHCP server. It is designed to provide DNS and, optionally, DHCP, to a small network. It can serve...