The vulnerability in the formDMZ.cgi script of the D-Link DIR-816A router’s software allows a attacker to execute arbitrary code.

The vulnerability of the formDMZ.cgi script in the D-Link DIR-816A2 router’s microprogramming software is related to the incorrect use of standard permissions. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a specially created HTTP POST request...

CVE-2024-46437

A sensitive information disclosure vulnerability in the Tenda W18E V16.01.0.81625 web management portal allows an unauthenticated remote attacker to retrieve sensitive configuration information, including WiFi SSID, WiFi password, and base64-encoded administrator credentials, by sending a special...

CVE-2024-46437

The CVE-2024-46437 entry concerns the Tenda W18E web management portal (V16.01.0.8(1625)). A vulnerability in the getQuickCfgWifiAndLogin function allows an unauthenticated attacker to retrieve sensitive configuration data (WiFi SSID, WiFi password, and base64-encoded administrator credentials) v...

CVE-2024-46432

Summary (CVE-2024-46432) : Tenda W18E router (version 16.01.0.8(1625)) is affected by an Incorrect Access Control vulnerability in the SetQuickcfgWifiAndDlogin/setQuickCfgWifiAndLogin function, allowing an attacker to issue a crafted HTTP POST and make unauthorized changes to WiFi configuration a...

CVE-2025-1103

A vulnerability, which was classified as problematic, was found in D-Link DIR-823X 240126/240802. This affects the function setwifiblacklists of the file /goform/setwifiblacklists of the component HTTP POST Request Handler. The manipulation of the argument macList leads to null pointer dereferenc...

CVE-2025-1103 D-Link DIR-823X HTTP POST Request set_wifi_blacklists null pointer dereference

A vulnerability, which was classified as problematic, was found in D-Link DIR-823X 240126/240802. This affects the function setwifiblacklists of the file /goform/setwifiblacklists of the component HTTP POST Request Handler. The manipulation of the argument macList leads to null pointer dereferenc...

CVE-2025-1103 D-Link DIR-823X HTTP POST Request set_wifi_blacklists null pointer dereference

A vulnerability, which was classified as problematic, was found in D-Link DIR-823X 240126/240802. This affects the function setwifiblacklists of the file /goform/setwifiblacklists of the component HTTP POST Request Handler. The manipulation of the argument macList leads to null pointer dereferenc...

CVE-2025-1103

CVE-2025-1103 affects D-Link DIR-823X (versions 240126–240802). The vulnerability resides in the HTTP POST Request Handler: set_wifi_blacklists (/goform/set_wifi_blacklists). Manipulating the macList argument triggers a null pointer dereference, with remote exploitability and public disclosure. P...

PT-2025-5980 · D Link · Dir-823

Name of the Vulnerable Software and Affected Versions: D-Link DIR-823X versions 240126 through 240802 Description: A problematic issue was found in the HTTP POST Request Handler component, specifically affecting the set wifi blacklists function of the /goform/set wifi blacklists file. The...

CVE-2019-5071

An exploitable command injection vulnerability exists in the /goform/WanParameterSetting functionality of Tenda AC9 Router AC1200 Smart Dual-Band Gigabit WiFi Route AC9V1.0 Firmware V15.03.05.16multiTRU. A specially crafted HTTP POST request can cause a command injection in the DNS1 post...

CVE-2019-5072

An exploitable command injection vulnerability exists in the /goform/WanParameterSetting functionality of Tenda AC9 Router AC1200 Smart Dual-Band Gigabit WiFi Route AC9V1.0 Firmware V15.03.05.16multiTRU. A specially crafted HTTP POST request can cause a command injection in the DNS2 post...

CVE-2024-7707

A vulnerability was found in Tenda FH1206 02.03.01.35 and classified as critical. Affected by this issue is the function formSafeEmailFilter of the file /goform/SafeEmailFilter of the component HTTP POST Request Handler. The manipulation of the argument page leads to stack-based buffer overflow...

CVE-2024-3150

In mintplex-labs/anything-llm, a vulnerability exists in the thread update process that allows users with Default or Manager roles to escalate their privileges to Administrator. The issue arises from improper input validation when handling HTTP POST requests to the endpoint...

CVE-2024-1601

An SQL injection vulnerability exists in the deletediscussion function of the parisneo/lollms-webui application, allowing an attacker to delete all discussions and message data. The vulnerability is exploitable via a crafted HTTP POST request to the /deletediscussion endpoint, which internally...

CVE-2024-31151

A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain unauthorized access during the first 30 seconds post-boot. Other vulnerabilities can force a reboot, circumventing the initial time restriction for exploitation.The password string can be...

CVE-2024-13200

A vulnerability, which was classified as critical, was found in wander-chu SpringBoot-Blog 1.0. This affects the function preHandle of the file src/main/java/com/my/blog/website/interceptor/BaseInterceptor.java of the component HTTP POST Request Handler. The manipulation leads to improper access...

CVE-2024-40890

CVE-2024-40890 affects Zyxel VMG4325-B10A legacy DSL CPE. The vulnerability is a post-authentication command-injection flaw in the device’s CGI program, exploitable by sending a crafted HTTP POST request to execute OS commands with elevated privileges (reported for firmware 1.00(AAFR.4)C0_2017061...

Check Point Response to CVE-2024-24911 - Out of Bounds read in the CPCA process on a Check Point Management Server

Cause An Out-of-Bounds read may occur when processing certain HTTP "POST" requests to the Security Management Server / Domain Management Server to the TCP port 18264. Repeated requests can cause a denial-of-service DoS of the cpca process and may lead it to exit unexpectedly with a core dump file...

CVE-2025-0848

A vulnerability was found in Tenda A18 up to 15.13.07.09. It has been rated as critical. This issue affects the function SetCmdlineRun of the file /goform/SetCmdlineRun of the component HTTP POST Request Handler. The manipulation of the argument wpapskcrypto5g leads to stack-based buffer overflow...

CVE-2025-0848 Tenda A18 HTTP POST Request SetCmdlineRun stack-based overflow

A vulnerability was found in Tenda A18 up to 15.13.07.09. It has been rated as critical. This issue affects the function SetCmdlineRun of the file /goform/SetCmdlineRun of the component HTTP POST Request Handler. The manipulation of the argument wpapskcrypto5g leads to stack-based buffer overflow...