5740 matches found
CVE-2025-14737
CVE-2025-14737 concerns a command-injection vulnerability in TP-Link WA850RE (httpd modules) that allows an authenticated adjacent attacker to inject arbitrary commands. Affected devices include WA850RE V2_160527 and WA850RE V3_160922 (and earlier), with exploitation described as possible (PoC) p...
CVE-2025-14737 Command Injection Vulnerability in TP-Link WA850RE
Command Injection vulnerability in TP-Link WA850RE httpd modules allows authenticated adjacent attacker to inject arbitrary commands.This issue affects: ≤ WA850RE V2160527, ≤ WA850RE V3160922...
EUVD-2025-203927
A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload field serviceName to /goform/AdvSetMacMtuWan...
CVE-2025-67074
A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload field serverName to /goform/AdvSetMacMtuWan...
CVE-2025-67074
A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload field serverName to /goform/AdvSetMacMtuWan...
CVE-2025-67073
A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload field serviceName to /goform/AdvSetMacMtuWan...
CVE-2025-14654
A vulnerability was identified in Tenda AC20 16.03.08.12. The affected element is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component httpd. Such manipulation of the argument list leads to stack-based buffer overflow. The attack can be executed remotely. The...
RHEL 9 : httpd (RHSA-2025:14901)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14901 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: insufficient...
EUVD-2025-203295
A vulnerability was identified in Tenda AC20 16.03.08.12. The affected element is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component httpd. Such manipulation of the argument list leads to stack-based buffer overflow. The attack can be executed remotely. The...
CVE-2025-14656
The CVE-2025-14656 entry affects Tenda AC20 (firmware version 16.03.08.12). The httpd function handling /goform/openSchedWifi is vulnerable to buffer overflow via manipulated schedStartTime/schedEndTime arguments, with a remote attack surface. Public exploits exist and CVSS-based assessments indi...
CVE-2025-14656 Tenda AC20 openSchedWifi httpd buffer overflow
A weakness has been identified in Tenda AC20 16.03.08.12. This affects the function httpd of the file /goform/openSchedWifi. Executing a manipulation of the argument schedStartTime/schedEndTime can lead to buffer overflow. The attack may be performed from remote. The exploit has been made availab...
CVE-2025-14655 Tenda AC20 httpd SetSysAutoRebbotCfg formSetRebootTimer stack-based overflow
A security flaw has been discovered in Tenda AC20 16.03.08.12. The impacted element is the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg of the component httpd. Performing a manipulation of the argument rebootTime results in stack-based buffer overflow. The attack is possibl...
CVE-2025-14655 Tenda AC20 httpd SetSysAutoRebbotCfg formSetRebootTimer stack-based overflow
A security flaw has been discovered in Tenda AC20 16.03.08.12. The impacted element is the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg of the component httpd. Performing a manipulation of the argument rebootTime results in stack-based buffer overflow. The attack is possibl...
CVE-2025-14655
The CVE-2025-14655 vulnerability affects Tenda AC20 (v16.03.08.12). The issue is in httpd’s formSetRebootTimer function (/goform/SetSysAutoRebbotCfg), where manipulating rebootTime triggers a stack-based buffer overflow. This can be exploited remotely and a public exploit exists. Multiple connect...
CVE-2025-14654
A vulnerability was identified in Tenda AC20 16.03.08.12. The affected element is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component httpd. Such manipulation of the argument list leads to stack-based buffer overflow. The attack can be executed remotely. The...
CVE-2025-14654
A vulnerability was identified in Tenda AC20 16.03.08.12. The affected element is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component httpd. Such manipulation of the argument list leads to stack-based buffer overflow. The attack can be executed remotely. The...
CVE-2025-14654 Tenda AC20 httpd setPptpUserList formSetPPTPUserList stack-based overflow
A vulnerability was identified in Tenda AC20 16.03.08.12. The affected element is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component httpd. Such manipulation of the argument list leads to stack-based buffer overflow. The attack can be executed remotely. The...
CVE-2025-14654
CVE-2025-14654 affects Tenda AC20 firmware version 16.03.08.12. The vulnerability resides in the httpd component, specifically the formSetPPTPUserList function in /goform/setPptpUserList, where manipulating the argument list causes a stack-based buffer overflow. It can be exploited remotely and p...
CVE-2025-14636
CVE-2025-14636 affects Tenda AX9 firmware version 22.03.01.46, where the httpd component's image_check uses a weak hash. This enables remote exploitation with high attack complexity, and the exploit is publicly available (proof-of-concept). No concrete remediation/version fix is provided in the s...
PT-2025-51132
Name of the Vulnerable Software and Affected Versions Tenda AX9 version 22.03.01.46 Description A security flaw exists in the image check function within the httpd component of Tenda AX9 version 22.03.01.46. This issue involves the use of a weak hash, allowing for remote attacks. The attack is...