25079 matches found
CVE-2026-2962
CVE-2026-2962 affects D-Link DWR-M960 (firmware 1.01.07). The flaw resides in the function sub_460F30 of the file /boafrm/formDateReboot within the Scheduled Reboot Configuration Endpoint. Manipulating the submit-url argument triggers a stack-based buffer overflow, allowing a remote attacker to p...
CVE-2026-2959
A vulnerability was detected in D-Link DWR-M960 1.01.07. Affected by this vulnerability is the function sub44E0F8 of the file /boafrm/formNewSchedule. Performing a manipulation of the argument url results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit i...
CVE-2026-2960
A flaw has been found in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub468D64 of the file /boafrm/formDhcpv6s. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been published and...
CVE-2026-2960 D-Link DWR-M960 formDhcpv6s sub_468D64 stack-based overflow
A flaw has been found in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub468D64 of the file /boafrm/formDhcpv6s. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been published and...
PT-2026-21519
Name of the Vulnerable Software and Affected Versions UTT HiPER 810G versions up to 1.7.7-171114 Description A buffer overflow issue exists in UTT HiPER 810G. The problem is located in the strcpy function within the /goform/formPolicyRouteConf file. Manipulation of the GroupName argument can...
D-Link DWR-M960 安全漏洞
The D-Link DWR-M960 is a router produced by D-Link Corporation. The D-Link DWR-M960 version 1.01.07 has a security vulnerability. This vulnerability stems from incorrect handling of the parameter url in the function sub44E0F8 within the file /file/boafrm/formNewSchedule, which may lead to a stack...
D-Link DWR-M960 安全漏洞
The D-Link DWR-M960 is a router produced by D-Link Corporation. The D-Link DWR-M960 version 1.01.07 has a security vulnerability. This vulnerability stems from incorrect handling of the parameter “submit-url” in the function “sub468D64” within the file “file/boafrm/formDhcpv6s”, which may lead to...
📄 OWASP CRS WAF Bypass
OWASP core rule set CRS versions prior to 4.22.0 and 3.3.8 suffer from a bypass vulnerability. CVE-2026-21876 OWASP CRS WAF bypass CVE-2026-21876 docker container + minimal PoC. I would like to thank @airween and @fzipi separately for their quick response! The vulnerability fix was ready in a ver...
PT-2026-21516
Name of the Vulnerable Software and Affected Versions Tenda FH1203 version 2.0.1.6 Description The Tenda FH1203 version 2.0.1.6 contains a stack-based buffer overflow. This issue is present in the modify add client prio function and can be triggered through the formSetClientPrio CGI handler...
CVE-2026-2959
This CVE concerns the D-Link DWR-M960 (firmware 1.01.07). The vulnerability affects the function sub_44E0F8 in the file /boafrm/formNewSchedule; manipulating the argument url triggers a stack-based buffer overflow. It is a remote, network-attackable issue with high impact on confidentiality, inte...
CVE-2026-2958 D-Link DWR-M960 formWsc sub_457C5C stack-based overflow
A security vulnerability has been detected in D-Link DWR-M960 1.01.07. Affected is the function sub457C5C of the file /boafrm/formWsc. Such manipulation of the argument saveapply leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and...
CVE-2026-2910
A flaw has been found in Tenda HG9 300001138. This vulnerability affects unknown code of the file /boaform/formPing6. Executing a manipulation of the argument pingAddr can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used...
CVE-2026-2910
CVE-2026-2910 affects the Tenda HG9 line, specifically versions prior to 300001139. The vulnerability resides in the file /boaform/formPing6, where manipulating the pingAddr argument triggers a stack-based overflow. It can be exploited remotely, and an exploit has been published. Remediation: upg...
CVE-2026-2908
A security vulnerability has been detected in Tenda HG9 300001138. Affected by this issue is some unknown functionality of the file /boaform/formLoopBack of the component Loopback Detection Configuration Endpoint. Such manipulation of the argument Ethtype leads to stack-based buffer overflow. The...
CVE-2026-2908 Tenda HG9 Loopback Detection Configuration Endpoint formLoopBack stack-based overflow
A security vulnerability has been detected in Tenda HG9 300001138. Affected by this issue is some unknown functionality of the file /boaform/formLoopBack of the component Loopback Detection Configuration Endpoint. Such manipulation of the argument Ethtype leads to stack-based buffer overflow. The...
CVE-2026-2905 Tenda HG9 Wireless Configuration Endpoint formWlanSetup stack-based overflow
A vulnerability was identified in Tenda HG9 300001138. This impacts an unknown function of the file /boaform/formWlanSetup of the component Wireless Configuration Endpoint. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack may be initiated remotely. The exploi...
PT-2026-21410
Name of the Vulnerable Software and Affected Versions Tenda HG9 version 300001138 Description A security flaw exists in the Tenda HG9 router's Diagnostic Ping component. The issue stems from a stack-based buffer overflow caused by improper handling of input in the pingAddr argument of the...
D-Link DWR-M960 安全漏洞
The D-Link DWR-M960 is a router produced by D-Link Corporation. The D-Link DWR-M960 version 1.01.07 has a security vulnerability. This vulnerability stems from incorrect handling of parameters in the file /boafrm/formLteSetup, specifically the submit-url parameter. This could lead to a stack buff...
PT-2026-21409
Name of the Vulnerable Software and Affected Versions Tenda HG9 300001138 affected versions not specified Description A security issue exists in Tenda HG9 300001138 related to stack-based buffer overflow. The issue is located within the file /boaform/formLoopBack of the Loopback Detection...
CVE-2026-2885
The CVE affects D-Link DWR-M960 (version 1.01.07). The vulnerability is a stack-based buffer overflow in the function sub_469104 within /boafrm/formIpv6Setup, triggered by manipulating the submit-url argument. Exploitation can be performed remotely, and public exploits exist. CVSS data indicate h...