CVE-2026-3167 Tenda F453 httpd webtypelibrary formWebTypeLibrary buffer overflow

A security flaw has been discovered in Tenda F453 1.0.0.3. The impacted element is the function formWebTypeLibrary of the file /goform/webtypelibrary of the component httpd. Performing a manipulation of the argument webSiteId results in buffer overflow. The attack may be initiated remotely. The...

CVE-2026-3166

A vulnerability was identified in Tenda F453 1.0.0.3. The affected element is the function fromRouteStatic of the file /goform/RouteStatic of the component httpd. Such manipulation of the argument page leads to buffer overflow. The attack can be launched remotely. The exploit is publicly availabl...

CVE-2026-3166

CVE-2026-3166 affects Tenda F453 firmware 1.0.0.3. The vulnerability lies in the httpd component’s fromRouteStatic function in the /goform/RouteStatic file, where manipulation of the page argument leads to a buffer overflow . It is described as sacrificable for remote execution, with a public exp...

CVE-2026-3165

A vulnerability was determined in Tenda F453 1.0.0.3. Impacted is the function fromSetWifiGusetBasic of the file /goform/AdvSetWrlsafeset of the component httpd. This manipulation of the argument mitssid causes buffer overflow. The attack can be initiated remotely. The exploit has been publicly...

PT-2026-21883

Name of the Vulnerable Software and Affected Versions Tenda F453 version 1.0.0.3 Description A flaw exists in the Tenda F453 router’s httpd component. Specifically, the fromNatStaticSetting function, accessible via the /goform/NatStaticSetting API endpoint, is susceptible to a buffer overflow. Th...

PT-2026-21880

Name of the Vulnerable Software and Affected Versions Tenda F453 version 1.0.0.3 Description A buffer overflow issue exists in the fromRouteStatic function of the httpd component, specifically within the /goform/RouteStatic endpoint. Manipulation of the page argument in an HTTP request can trigge...

CVE-2026-2202

A vulnerability was detected in Tenda AC8 16.03.33.05. Affected is the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet of the component httpd. The manipulation of the argument shareSpeed results in buffer overflow. The attack may be launched remotely. The exploit is now public and...

CVE-2025-15472

A flaw has been found in TRENDnet TEW-811DRU 1.0.2.0. This affects the function setDeviceURL of the file uapply.cgi of the component httpd . This manipulation of the argument DeviceURL causes os command injection. The attack can be initiated remotely. The exploit has been published and may be...

TRENDnet TEW-811DRU 操作系统命令注入漏洞

The TRENDnet TEW-811DRU is a wireless router from TRENDnet. The TRENDnet TEW-811DRU suffers from an operating system command injection vulnerability that stems from a misuse of the parameter DeviceURL in the file uapply.cgi of the component httpd, which can be exploited by an attacker to cause...

PT-2026-1523

Name of the Vulnerable Software and Affected Versions TRENDnet TEW-811DRU version 1.0.2.0 Description A flaw exists in TRENDnet TEW-811DRU version 1.0.2.0 related to the setDeviceURL function within the uapply.cgi file of the httpd component. Manipulation of the DeviceURL argument can lead to...

EUVD-2025-203295

A vulnerability was identified in Tenda AC20 16.03.08.12. The affected element is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component httpd. Such manipulation of the argument list leads to stack-based buffer overflow. The attack can be executed remotely. The...

CVE-2025-14655 Tenda AC20 httpd SetSysAutoRebbotCfg formSetRebootTimer stack-based overflow

A security flaw has been discovered in Tenda AC20 16.03.08.12. The impacted element is the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg of the component httpd. Performing a manipulation of the argument rebootTime results in stack-based buffer overflow. The attack is possibl...

CVE-2025-14654

A vulnerability was identified in Tenda AC20 16.03.08.12. The affected element is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component httpd. Such manipulation of the argument list leads to stack-based buffer overflow. The attack can be executed remotely. The...

CVE-2025-14654 Tenda AC20 httpd setPptpUserList formSetPPTPUserList stack-based overflow

A vulnerability was identified in Tenda AC20 16.03.08.12. The affected element is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component httpd. Such manipulation of the argument list leads to stack-based buffer overflow. The attack can be executed remotely. The...

CVE-2025-14636

CVE-2025-14636 affects Tenda AX9 firmware version 22.03.01.46, where the httpd component's image_check uses a weak hash. This enables remote exploitation with high attack complexity, and the exploit is publicly available (proof-of-concept). No concrete remediation/version fix is provided in the s...

Tenda AX9 安全漏洞

Tenda AX9 is a Wi-Fi 6 router from Tenda China. A security vulnerability exists in Tenda AX9 version 22.03.01.46, which originates from the use of a weak hash in the imagecheck function in the httpd component, which could lead to remote attacks...

EUVD-2025-24673

Malicious code in bioql PyPI...

EUVD-2022-41090

Malicious code in bioql PyPI...

EUVD-2025-22705

Malicious code in bioql PyPI...

VulnCheck KEV: CVE-2025-7414

A vulnerability classified as critical was found in Tenda O3V2 1.0.0.123880. This vulnerability affects the function fromNetToolGet of the file /goform/setPingInfo of the component httpd. The manipulation of the argument domain leads to os command injection. The attack can be initiated remotely...