CVE-2025-2956 TRENDnet TI-G102i HTTP Request lighttpd plugins_call_handle_uri_raw null pointer dereference

A vulnerability was found in TRENDnet TI-G102i 1.0.7.S0 /1.0.8.S0 and classified as problematic. This issue affects the function pluginscallhandleuriraw of the file /usr/sbin/lighttpd of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack can only be...

CVE-2025-2956

The CVE-2025-2956 entry applies to TRENDnet TI-G102i firmware versions 1.0.7.S0_ and 1.0.8.S0_. The vulnerability is a null pointer dereference in the HTTP Request Handler component (plugins_call_handle_uri_raw) of /usr/sbin/lighttpd, exploitable by an attacker on an adjacent network with low com...

PT-2025-13631 · Trendnet · Trendnet Tew-410Apb

Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-410APB version 1.3.06b Description: A vulnerability was found in the HTTP Request Handler component, specifically affecting the function sub 4019A0 of the file /usr/sbin/httpd. This issue leads to a null pointer dereference. The...

PT-2025-13632 · Trendnet · Trendnet Tew-637Ap +1

Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-637AP versions 1.2.7 through 1.3.0.106 TRENDnet TEW-638APB versions 1.2.7 through 1.3.0.106 Description: A problematic vulnerability has been found in the HTTP Request Handler component of the affected devices. This issue affects...

PT-2025-13630 · Trendnet · Trendnet Tew-818Dru

Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-818DRU version 1.0.14.6 Description: A vulnerability was found in the TRENDnet TEW-818DRU, affecting an unknown functionality of the file /usr/sbin/httpd of the component HTTP Request Handler. The manipulation leads to denial of...

CVE-2025-2731

A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/wizard/getDualbandSync of the component HTTP POST Request Handler...

CVE-2025-2731 H3C Magic BE18000 HTTP POST Request getDualbandSync command injection

A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/wizard/getDualbandSync of the component HTTP POST Request Handler...

CVE-2025-1833

A vulnerability, which was classified as critical, has been found in zj1983 zz up to 2024-8. Affected by this issue is the function sendNotice of the file src/main/java/com/futvan/z/erp/customernotice/CustomernoticeAction.java of the component HTTP Request Handler. The manipulation of the argumen...

CVE-2025-1833

A vulnerability, which was classified as critical, has been found in zj1983 zz up to 2024-8. Affected by this issue is the function sendNotice of the file src/main/java/com/futvan/z/erp/customernotice/CustomernoticeAction.java of the component HTTP Request Handler. The manipulation of the argumen...

CVE-2025-1833 zj1983 zz HTTP Request Customer_noticeAction.java sendNotice server-side request forgery

A vulnerability, which was classified as critical, has been found in zj1983 zz up to 2024-8. Affected by this issue is the function sendNotice of the file src/main/java/com/futvan/z/erp/customernotice/CustomernoticeAction.java of the component HTTP Request Handler. The manipulation of the argumen...

CVE-2025-1833 zj1983 zz HTTP Request Customer_noticeAction.java sendNotice server-side request forgery

A vulnerability, which was classified as critical, has been found in zj1983 zz up to 2024-8. Affected by this issue is the function sendNotice of the file src/main/java/com/futvan/z/erp/customernotice/CustomernoticeAction.java of the component HTTP Request Handler. The manipulation of the argumen...

CVE-2025-1833

CVE-2025-1833 affects zj1983 zz (up to 2024-8) in the HTTP Request Handler’s function sendNotice. The root cause is manipulation of the parameter url, leading to server-side request forgery (SSRF). Exploitation is described as remote and publicly disclosed. Multiple sources corroborate the same d...

PT-2025-9219 · Zj1983 · Zj1983

Name of the Vulnerable Software and Affected Versions: zj1983 zz versions up to 2024-8 Description: A critical issue has been found in the function sendNotice of the file src/main/java/com/futvan/z/erp/customer notice/Customer noticeAction.java of the component HTTP Request Handler. The...

CVE-2025-0528 Tenda AC8/AC10/AC18 HTTP Request telnet command injection

A vulnerability, which was classified as critical, has been found in Tenda AC8, AC10 and AC18 16.03.10.20. Affected by this issue is some unknown functionality of the file /goform/telnet of the component HTTP Request Handler. The manipulation leads to command injection. The attack may be launched...

CVE-2025-0528 Tenda AC8/AC10/AC18 HTTP Request telnet command injection

A vulnerability, which was classified as critical, has been found in Tenda AC8, AC10 and AC18 16.03.10.20. Affected by this issue is some unknown functionality of the file /goform/telnet of the component HTTP Request Handler. The manipulation leads to command injection. The attack may be launched...

PT-2025-1260 · Tenda · Tenda Ac10 +2

Name of the Vulnerable Software and Affected Versions: Tenda AC8 versions 16.03.10.20 Tenda AC10 versions 16.03.10.20 Tenda AC18 versions 16.03.10.20 Description: A critical issue has been found in the HTTP Request Handler component of the affected devices, specifically in the /goform/telnet file...

CVE-2024-12989

A vulnerability was found in WISI Tangram GT31 up to 20241214 and classified as problematic. Affected by this issue is some unknown functionality of the component HTTP Request Handler. The manipulation leads to server-side request forgery. The attack may be launched remotely. The vendor was...

CVE-2024-12989 WISI Tangram GT31 HTTP Request server-side request forgery

A vulnerability was found in WISI Tangram GT31 up to 20241214 and classified as problematic. Affected by this issue is some unknown functionality of the component HTTP Request Handler. The manipulation leads to server-side request forgery. The attack may be launched remotely. The vendor was...

CVE-2024-12989

CVE-2024-12989 concerns WISI Tangram GT31. The vulnerability affects an unknown function within the device’s HTTP Request Handler, enabling server-side request forgery (SSRF). Reports across multiple sources (Red Hat, PT-Security, CNNVD, NVD/CVELIST) indicate the issue can be exploited remotely a...

CVE-2024-12989 WISI Tangram GT31 HTTP Request server-side request forgery

A vulnerability was found in WISI Tangram GT31 up to 20241214 and classified as problematic. Affected by this issue is some unknown functionality of the component HTTP Request Handler. The manipulation leads to server-side request forgery. The attack may be launched remotely. The vendor was...