CVE-2026-2139 Tenda TX9 fast_setting_wifi_set sub_432580 buffer overflow

A vulnerability was determined in Tenda TX9 up to 22.03.02.10multi. Affected by this vulnerability is the function sub432580 of the file /goform/fastsettingwifiset. This manipulation of the argument ssid causes buffer overflow. The attack may be initiated remotely. The exploit has been publicly...

D-Link DIR-823X 操作系统命令注入漏洞

The D-Link DIR-823X is a wireless router produced by D-Link Corporation. The D-Link DIR-823X 250416 version has a vulnerability related to operating system command injection. This vulnerability stems from incorrect handling of the parameter “upnpenable” in the file/goform/setupnp, which may lead ...

Tenda RX3 安全漏洞

The Tenda RX3 is a dual-band WiFi 6 home router produced by the Chinese company Tenda. It is used for network coverage in households and supports high-speed wireless connections. The version 16.03.13.11 of the Tenda RX3 contains a security vulnerability. This vulnerability stems from improper...

CVE-2026-2081 D-Link DIR-823X set_password os command injection

A vulnerability was determined in D-Link DIR-823X 250416. The affected element is an unknown function of the file /goform/setpassword. This manipulation of the argument httppasswd causes os command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclos...

CVE-2026-2017 IP-COM W30AP POST Request wx3auth R7WebsSecurityHandler stack-based overflow

A vulnerability was detected in IP-COM W30AP up to 1.0.0.111340. Affected by this issue is the function R7WebsSecurityHandler of the file /goform/wx3auth of the component POST Request Handler. The manipulation of the argument data results in stack-based buffer overflow. The attack may be performe...

EUVD-2026-5015

A security flaw has been discovered in Tenda AC21 1.1.1.1/1.dmzip/16.03.08.16. The impacted element is the function mDMZSetCfg of the file /goform/mDMZSetCfg. The manipulation of the argument dmzIp results in command injection. The attack can be executed remotely. The exploit has been released to...

Tenda AC21 security vulnerabilities

Tenda AC21 is a wireless router produced by the Chinese company Tenda. Version 16.03.08.16 of Tenda AC21 contains a security vulnerability. This vulnerability stems from a stack buffer overflow in the function fromAdvSetMacMtuWan located in the file/goform/AdvSetMacMtuWan...

CVE-2026-1140

A vulnerability was found in UTT 进取 520W 1.7.7-180627. This issue affects the function strcpy of the file /goform/ConfigExceptAli. The manipulation results in buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacte...

CVE-2026-1138

A flaw has been found in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the file /goform/ConfigExceptQQ. Executing a manipulation can lead to buffer overflow. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early abo...

CVE-2026-0838

CVE-2026-0838 affects the UTT 进取 520W router (firmware 1.7.7-180627). The flaw is a buffer overflow in the strcpy operation of /goform/ConfigWirelessBase when the ssid argument is manipulated, enabling remote exploitation over the network. The exploit has been publicly released and a confirmed re...

PT-2026-3425

Name of the Vulnerable Software and Affected Versions UTT 进取 520W version 1.7.7-180627 Description A buffer overflow issue exists in the strcpy function within the file /goform/ConfigExceptQQ of UTT 进取 520W version 1.7.7-180627. A manipulation of the function can lead to a buffer overflow,...

CVE-2025-15429

A security vulnerability has been detected in UTT 进取 512W 1.7.7-171114. Affected by this vulnerability is the function strcpy of the file /goform/formConfigCliForEngineerOnly. Such manipulation of the argument addCommand leads to buffer overflow. It is possible to launch the attack remotely. The...

CVE-2025-15216

A vulnerability was identified in Tenda AC23 16.03.07.52. This impacts the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument bindnum leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available an...

CVE-2025-15232 Tenda M3 setAdPushInfo formSetAdPushInfo stack-based overflow

A vulnerability was identified in Tenda M3 1.0.0.134903. This vulnerability affects the function formSetAdPushInfo of the file /goform/setAdPushInfo. The manipulation of the argument mac/terminal leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit ...

CVE-2025-15164

CVE-2025-15164 affects Tenda WH450 1.0.0.18. The vulnerability is a stack-based buffer overflow in the SafeMacFilter handler (file /goform/SafeMacFilter) caused by manipulation of the page parameter. It can be exploited remotely and a public exploit exists. Several connected sources corroborate t...

CVE-2025-15163 Tenda WH450 SafeEmailFilter stack-based overflow

A vulnerability was identified in Tenda WH450 1.0.0.18. Affected by this issue is some unknown functionality of the file /goform/SafeEmailFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly...

UTT Progressive 512W Buffer Overflow Vulnerability

The UTT Progress 512W is an enterprise-grade wireless router designed for small office or home office SOHO environments for network scenarios with up to 50 people. The UTT Progressive 512W suffers from a buffer overflow vulnerability that originates from the incorrect operation of the strcpy...

CVE-2025-15160 Tenda WH450 PPTPServer stack-based overflow

A vulnerability has been found in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/PPTPServer. Such manipulation of the argument ip1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used...

CVE-2025-15092

A vulnerability was identified in UTT 进取 512W up to 1.7.7-171114. Impacted is the function strcpy of the file /goform/ConfigExceptMSN. Such manipulation of the argument remark leads to buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be us...

CVE-2025-67074

A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload field serverName to /goform/AdvSetMacMtuWan...