CVE-2026-9440

CVE-2026-9440 affects Edimax BR-6478AC firmware 1.23. The vulnerability lies in the POST Request Handler’s /goform/formAccept function; manipulating the submit-url argument enables command injection. The attack can be launched remotely, and a publicly available exploit is cited. No remediation de...

PT-2026-42947

Name of the Vulnerable Software and Affected Versions Tenda F456 version 1.0.0.5 Description A buffer overflow can be triggered remotely through the manipulation of the page argument within the frmL7ImForm function located in the '/goform/L7Im' endpoint. Recommendations At the moment, there is no...

EUVD-2018-21839

Tenda FH303/A300 firmware V5.07.68EN contains a session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient cookie validation. Attackers can send GET requests to the /goform/AdvSetDns endpoint with a crafted admin cookie to change DNS...

Tenda W3002R 安全漏洞

The Tenda W3002R is a wireless router produced by the Chinese company Tenda. The Tenda W3002R has a security vulnerability, which stems from a Cookie session weakness. This vulnerability allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. They ca...

PT-2026-36000

Name of the Vulnerable Software and Affected Versions Tenda W3002R/A302/W309R wireless routers version V5.07.64 en Description Insufficient session validation allows unauthenticated attackers to modify DNS settings. By sending GET requests to the '/goform/AdvSetDns' endpoint using a crafted admin...

CVE-2026-5983 D-Link DIR-605L POST Request formSetDDNS buffer overflow

A vulnerability was determined in D-Link DIR-605L 2.13B01. This issue affects the function formSetDDNS of the file /goform/formSetDDNS of the component POST Request Handler. Executing a manipulation of the argument curTime can lead to buffer overflow. The attack can be executed remotely. The...

CVE-2026-3973

A vulnerability was determined in Tenda W3 1.0.0.32204. This affects the function formSetAutoPing of the file /goform/setAutoPing of the component POST Parameter Handler. This manipulation of the argument ping1/ping2 causes stack-based buffer overflow. The attack is possible to be carried out...

CVE-2025-70241

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWANTypeWizard5...

CVE-2026-2143

A security vulnerability has been detected in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/setddns of the component DDNS Service. The manipulation of the argument ddnsType/ddnsDomainName/ddnsUserName/ddnsPwd leads to os command injection. The attack is...

CVE-2026-2180

A vulnerability was identified in Tenda RX3 16.03.13.11. Affected is an unknown function of the file /goform/fastsettingwifiset. Such manipulation of the argument ssid5g leads to stack-based buffer overflow. The attack can be launched remotely. The exploit is publicly available and might be used...

CVE-2026-2017

A vulnerability was detected in IP-COM W30AP up to 1.0.0.111340. Affected by this issue is the function R7WebsSecurityHandler of the file /goform/wx3auth of the component POST Request Handler. The manipulation of the argument data results in stack-based buffer overflow. The attack may be performe...

EUVD-2020-31021

Edimax EW-7438RPn-v3 Mini 1.27 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands through the /goform/mp endpoint. Attackers can exploit the vulnerability by sending crafted POST requests with command injection payloads to download a...

CVE-2025-67073

A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload field serviceName to /goform/AdvSetMacMtuWan...

CVE-2025-67074

A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload field serverName to /goform/AdvSetMacMtuWan...

CVE-2025-67074

CVE-2025-67074 affects Tenda AC10 V4.0 firmware 16.03.10.20. A buffer overflow in the bin httpd function fromAdvSetMacMtuWan can be triggered by a crafted POST to /goform/AdvSetMacMtuWan (manipulating the serverName field), potentially causing denial of service and possibly code execution. Exploi...

CVE-2025-67073

The CVE-2025-67073 entry describes a buffer overflow in the httpd binary of Tenda AC10V4.0 (v16.03.10.20) in the function fromAdvSetMacMtuWan. A crafted POST payload targeting the field serviceName to /goform/AdvSetMacMtuWan can cause a denial of service and potentially code execution. Public sou...

CVE-2025-65226

Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the deviceId parameter in /goform/saveParentControlInfo...

CVE-2025-65222

Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the rebootTime parameter of /goform/SetSysAutoRebbotCfg...

PT-2025-44344

D-Link DNS-343 ShareCenter devices running firmware versions up to and including 1.05 contain a command injection vulnerability in the Mail Test functionality. The web maintenance script posts to the internal goForm endpoint '/goform/Mail Test' and uses several form parameters directly in a call ...

EUVD-2025-25102

Malicious code in bioql PyPI...