59 matches found
CVE-2025-9580
A security vulnerability has been detected in LB-LINK BL-X26 1.2.8. This affects an unknown function of the file /goform/setblacklist of the component HTTP Handler. Such manipulation of the argument mac leads to os command injection. The attack can be launched remotely. The exploit has been...
CVE-2025-43984
An issue was discovered on KuWFi GC111 devices Hardware Version: CPE-LM321V3.2, Software Version: GC111-GL-LM321V3.020191211. They are vulnerable to unauthenticated /goform/goformsetcmdprocess requests. A crafted POST request, using the SSID parameter, allows remote attackers to execute arbitrary...
CVE-2025-9023 Tenda AC7/AC18 SetLEDCfg formSetSchedLed buffer overflow
A vulnerability has been found in Tenda AC7 and AC18 15.03.05.19/15.03.06.44. Affected is the function formSetSchedLed of the file /goform/SetLEDCfg. The manipulation of the argument Time leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the...
PT-2025-33282 · Kuwfi · Kuwfi Gc111
Name of the Vulnerable Software and Affected Versions: KuWFi GC111 versions GC111-GL-LM321 V3.0 20191211 Description: The KuWFi GC111 device is susceptible to unauthorized command execution. A crafted POST request to the /goform/goform set cmd process API endpoint, utilizing the SSID parameter,...
CVE-2025-43983
CVE-2025-43983 affects KuWFi CPF908-CP5 WEB5.0_LCD_20210125 devices. The vulnerability set involves unauthenticated access to goform/goform_set_cmd_process and goform/goform_get_cmd_process, enabling an attacker to retrieve sensitive information (including the admin username/password), modify cri...
CVE-2025-43984
CVE-2025-43984 affects KuWFi GC111 devices (Hardware Version: CPE-LM321_V3.2; Software Version: GC111-GL-LM321_V3.0_20191211). An unauthenticated POST to the endpoint /goform/goform_set_cmd_process , using the SSID parameter, allows remote attackers to execute arbitrary OS commands with root priv...
The vulnerability of the fromPingResultGet() function (/goform/setPing) in the Tenda O3 wireless access point software allows a hacker to execute arbitrary code or cause service failure.
The vulnerability of the fromPingResultGet /goform/setPing function in the Tenda O3 wireless access point software lies in the issue of the operation going beyond the buffer in memory when processing the destIP parameter. Exploiting this vulnerability allows an attacker to execute arbitrary code ...
The vulnerability of the /goform/SetStaticRouteCfg component in the Tenda TX3 router software, which involves copying buffers without checking the size of the input data, allows an attacker to compromise the accessibility of protected information.
The vulnerability of the /goform/SetStaticRouteCfg component in the Tenda TX3 router software lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability could allow an attacker to compromise the accessibility of protected information...
Tenda W18E 安全漏洞
The Tenda W18E is a wireless router from the Chinese company Tenda. A stack overflow vulnerability exists in the Tenda W18E /goform/setModules handling of the wifiPwd parameter, which can be exploited by an attacker to submit a special request that can crash the application and cause a denial of...
PT-2025-7675 · Lb Link · Lb-Link Ac1900 Router
Name of the Vulnerable Software and Affected Versions: LB-LINK AC1900 Router version 1.0.2 Description: The issue concerns an os command injection vulnerability, specifically affecting the /goform/set blacklist endpoint, where the mac and enable variables are involved. Recommendations: For LB-LIN...
Tenda O4 安全漏洞
Tenda O4 is a router product from Tenda. The Tenda O4 /goform/setMacFilterList handles a buffer overflow vulnerability in the SafeSetMacFilter parameter, which can be exploited by a remote attacker to submit a special request that can crash the application and execute arbitrary code in the...
CVE-2024-39962
D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router v21D240126 was discovered to contain a remote code execution RCE vulnerability in the ntpzoneval parameter at /goform/setntp. This vulnerability is exploited via a crafted HTTP request...
CVE-2023-49429
Tenda AX9 V22.03.01.46 was discovered to contain a SQL command injection vulnerability in the 'setDeviceInfo' feature through the 'mac' parameter at /goform/setModules...
Tenda AC8 缓冲区错误漏洞
Tenda AC8 is a dual-band Gigabit wireless router from Tenda, designed for fiber optic homes up to 1000 megabytes, supporting dual-band concurrent transmission rates up to 1167Mbps, equipped with full Gigabit ports 1 WAN port + 3 LAN ports for 100-1000 megabit broadband access. Tenda AC8 suffers...
Guanzhou Tozed Kangwei Intelligent Technology ZLTS10G 跨站请求伪造漏洞
The Guanzhou Tozed Kangwei Intelligent Technology ZLTS10G is a mobile network wireless router from Guangzhou Tozed Kangwei Intelligent Technology. A security vulnerability exists in the Guanzhou Tozed Kangwei Intelligent Technology ZLTS10G S10G3.11.6, which allows an attacker to take over a user'...
多款LB-LINK产品命令注入漏洞
LB-LINK BL-AC1900 and others are a wireless router from China Bilink LB-LINK. A security vulnerability exists in LB-LINK BL-AC19002.0 v1.0.1, LB-LINK BL-WR9000 v2.4.9, LB-LINK BL-X26 v1.2.5, and LB-LINK BL-LTE300 v1.0.8, which originates from the use of the mac, time1, and time1 in the /goform/se...
CVE-2022-46535
Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the deviceId parameter at /goform/SetClientState...
CVE-2022-43027
Tenda TX3 USTX3V1.0brV16.03.13.11multiTDE01 was discovered to contain a stack overflow via the firewallEn parameter at /goform/SetFirewallCfg...
Tenda AC18 缓冲区错误漏洞
The Tenda AC18 is a router from the Chinese company Tenda. A security vulnerability exists in the Tenda AC18 Router version v15.03.05.19 and v15.03.05.05, which originates from a discovery containing a stack overflow via the list parameter of /goform/SetVirtualServerCfg...