CVE-2026-9347 Edimax EW-7438RPn webs formWizSurvey os command injection

A vulnerability has been found in Edimax EW-7438RPn up to 1.31. Affected is the function formWizSurvey of the file /goform/formWizSurvey of the component webs. The manipulation of the argument ip/mask/gateway leads to os command injection. It is possible to initiate the attack remotely. The explo...

CVE-2026-9345

The CVE concerns Edimax EW-7438RPn (firmware up to 1.31) in the webs component, specifically the formWizSurvey function located in /goform/formWizSurvey. The vulnerability arises from a buffer overflow triggered by manipulating arguments such as ssid, manualssid, ip, mask, or gateway. This is des...

CVE-2025-15218

A weakness has been identified in Tenda AC10U 15.03.06.48/15.03.06.49. Affected by this vulnerability is the function fromadvsetlanip of the file /goform/AdvSetLanip of the component POST Request Parameter Handler. Executing a manipulation of the argument lanMask can lead to buffer overflow. The...

EUVD-2025-205684

A weakness has been identified in Tenda AC10U 15.03.06.48/15.03.06.49. Affected by this vulnerability is the function fromadvsetlanip of the file /goform/AdvSetLanip of the component POST Request Parameter Handler. Executing manipulation of the argument lanMask can lead to buffer overflow. The...

CVE-2025-60676

An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetNetworkSettings' functionality of prog.cgi, where the 'IPAddress' and 'SubnetMask' parameters are directly concatenated into shell commands executed...

EUVD-2022-39277

Malicious code in bioql PyPI...

CVE-2022-36571

Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the mask parameter at /goform/WanParameterSetting...

CVE-2022-36571

Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the mask parameter at /goform/WanParameterSetting...

Stack overflow

Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the mask parameter at /goform/WanParameterSetting...

CVE-2022-36571

Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the mask parameter at /goform/WanParameterSetting...

CVE-2022-36571

CVE-2022-36571 affects Tenda AC9 firmware v15.03.05.19, where a stack overflow can be triggered by the mask parameter in the /goform/WanParameterSetting endpoint. The issue arises from how the mask parameter is processed, leading to potential overflow. Multiple sources corroborate the description...

PT-2022-23478 · Tenda · Tenda Ac9

Name of the Vulnerable Software and Affected Versions: Tenda AC9 version 15.03.05.19 Description: A stack overflow issue was discovered, which can be triggered via the mask parameter at the "/goform/WanParameterSetting" API endpoint. Recommendations: For Tenda AC9 version 15.03.05.19, avoid using...

JioFi 4G M2S 1.0.2 - mask Cross-Site Scripting

JioFi 4G M2S 1.0.2 - mask Cross-Site Scripting Exploit Title: cgi-bin/qcmapwebcgi on JioFi 4G M2S 1.0.2 devices has XSS and HTML injection via the mask POST parameter. Exploit Author: Vikas Chaudhary Date: 21-01-2019 Vendor Homepage: https://www.jio.com/ Hardware Link:...

JioFi 4G M2S 1.0.2 - mask Cross-Site Scripting Vulnerability

Exploit for hardware platform in category web applications Exploit Title: cgi-bin/qcmapwebcgi on JioFi 4G M2S 1.0.2 devices has XSS and HTML injection via the mask POST parameter. Exploit Author: Vikas Chaudhary Vendor Homepage: https://www.jio.com/ Hardware Link:...

CVE-2019-7439

cgi-bin/qcmapwebcgi on JioFi 4G M2S 1.0.2 devices allows a DoS Hang via the mask POST parameter...

CVE-2019-7438

cgi-bin/qcmapwebcgi on JioFi 4G M2S 1.0.2 devices has XSS and HTML injection via the mask POST parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to inject arbitrary web script or HTML via 1 the fn parameter during a dload action, 2 the mask parameter during a search action, and 3 the tab parameter during a sysinfo...

CVE-2002-1528

MsmMask.exe in MondoSearch 4.4 allows remote attackers to obtain the source code of scripts via the mask parameter...