CVE-2025-10034 D-Link DIR-825 httpd ping6_response.cg get_ping6_app_stat buffer overflow

A vulnerability was found in D-Link DIR-825 1.08.01. This impacts the function getping6appstat of the file ping6response.cg of the component httpd. Performing manipulation of the argument ping6ipaddr results in buffer overflow. It is possible to initiate the attack remotely. The exploit has been...

PT-2025-35429

Name of the Vulnerable Software and Affected Versions: Tenda CH22 version 1.0.0.1 Description: A stack-based buffer overflow issue exists in the httpd component of Tenda CH22 version 1.0.0.1. The vulnerability is located in the fromIpsecitem function within the /goform/IPSECsave file. Manipulatio...

CVE-2025-8949

A vulnerability was identified in D-Link DIR-825 2.10. Affected by this vulnerability is the function getpingappstat of the file pingresponse.cgi of the component httpd. The manipulation of the argument pingipaddr leads to stack-based buffer overflow. The attack can be launched remotely. The...

CVE-2025-8160

The CVE affects Tenda AC20 via a buffer overflow in httpd’s /goform/SetSysTimeCfg, triggered by tampering with the timeZone parameter. Multiple sources confirm remote exploitation and public exploit disclosure. Impact includes potential arbitrary code execution with high confidentiality, integrit...

CVE-2025-8060 Tenda AC23 httpd setMacFilterCfg sub_46C940 stack-based overflow

A vulnerability has been found in Tenda AC23 16.03.07.52 and classified as critical. Affected by this vulnerability is the function sub46C940 of the file /goform/setMacFilterCfg of the component httpd. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack ca...

CVE-2025-7914 Tenda AC6 httpd setparentcontrolinfo buffer overflow

A vulnerability has been found in Tenda AC6 15.03.06.50 and classified as critical. Affected by this vulnerability is the function setparentcontrolinfo of the component httpd. The manipulation leads to buffer overflow. The attack can be launched remotely...

AUO DIR-605L Buffer Overflow Vulnerability

The AUO DIR-605L is the first cloud router from AUO designed for home and small office networks. The AUO DIR-605L suffers from a buffer overflow vulnerability that originates from the failure of Language, a parameter of the function sub410DDC in the file switchlanguage.cgi in the httpd component,...

CVE-2025-7423 Tenda O3V2 httpd setWrlFilterList formWifiMacFilterSet stack-based overflow

A vulnerability classified as critical was found in Tenda O3V2 1.0.0.123880. Affected by this vulnerability is the function formWifiMacFilterSet of the file /goform/setWrlFilterList of the component httpd. The manipulation of the argument macList leads to stack-based buffer overflow. The attack c...

CVE-2025-7420 Tenda O3V2 httpd setWrlBasicInfo formWifiBasicSet stack-based overflow

A vulnerability was found in Tenda O3V2 1.0.0.123880. It has been declared as critical. This vulnerability affects the function formWifiBasicSet of the file /goform/setWrlBasicInfo of the component httpd. The manipulation of the argument extChannel leads to stack-based buffer overflow. The attack...

CVE-2025-7420

CVE-2025-7420 affects Tenda O3V2 (version 1.0.0.12(3880)). The vulnerability is in the httpd component’s function setWrlBasicInfo (formWifiBasicSet). The root cause is a stack-based buffer overflow triggered by manipulating the extChannel argument in /goform/setWrlBasicInfo. It is remotely exploi...

CVE-2025-7419

A vulnerability was found in Tenda O3V2 1.0.0.123880. It has been classified as critical. This affects the function fromSpeedTestSet of the file /goform/setRateTest of the component httpd. The manipulation of the argument destIP leads to stack-based buffer overflow. It is possible to initiate the...

CVE-2025-7418 Tenda O3V2 httpd setPing fromPingResultGet stack-based overflow

A vulnerability was found in Tenda O3V2 1.0.0.123880 and classified as critical. Affected by this issue is the function fromPingResultGet of the file /goform/setPing of the component httpd. The manipulation of the argument destIP leads to stack-based buffer overflow. The attack may be launched...

CVE-2025-7415

A vulnerability, which was classified as critical, has been found in Tenda O3V2 1.0.0.123880. This issue affects the function fromTraceroutGet of the file /goform/getTraceroute of the component httpd. The manipulation of the argument dest leads to command injection. The attack may be initiated...

CVE-2025-7414

A vulnerability classified as critical was found in Tenda O3V2 1.0.0.123880. This vulnerability affects the function fromNetToolGet of the file /goform/setPingInfo of the component httpd. The manipulation of the argument domain leads to os command injection. The attack can be initiated remotely...

CVE-2025-7206

A vulnerability, which was classified as critical, has been found in D-Link DIR-825 2.10. This issue affects the function sub410DDC of the file switchlanguage.cgi of the component httpd. The manipulation of the argument Language leads to stack-based buffer overflow. The attack may be initiated...

PT-2025-29192 · Tenda · Tenda O3V2

Name of the Vulnerable Software and Affected Versions: Tenda O3V2 version 1.0.0.123880 Description: A critical vulnerability exists in the Tenda O3V2 device. The vulnerability is located within the formWifiMacFilterSet function of the httpd component, specifically in the file...

CVE-2022-28380

The rc-httpd component through 2022-03-31 for 9front Plan 9 fork allows ..%2f directory traversal if serve-static is used...

CVE-2024-7441 Vivotek SD9364 httpd read stack-based overflow

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Vivotek SD9364 VVTK-0103f. It has been declared as critical. This vulnerability affects the function read of the component httpd. The manipulation of the argument Content-Length leads to stack-based buffer overflow. The attack can be initiate...

CVE-2024-7441

Vivotek SD9364 VVTK-0103f exposes a vulnerability in the httpd read function: manipulating Content-Length causes a stack-based buffer overflow. Exploitation is remote and the exploit has been publicly disclosed. Affected releases are end-of-life with no fix/version details provided in the availab...

CVE-2024-7441 Vivotek SD9364 httpd read stack-based overflow

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Vivotek SD9364 VVTK-0103f. It has been declared as critical. This vulnerability affects the function read of the component httpd. The manipulation of the argument Content-Length leads to stack-based buffer overflow. The attack can be initiate...