CVE-2026-12809 Edimax BR-6478AC V2 POST Request wiz_5in1_redirect command injection

A vulnerability was identified in Edimax BR-6478AC V2 1.23. Affected is the function wiz5in1redirect of the file /goform/wiz5in1redirect of the component POST Request Handler. Such manipulation of the argument newpass leads to command injection. The attack can be launched remotely. The exploit is...

CVE-2026-12809

Edimax BR-6478AC V2 firmware 1.23 is affected by a command injection in the POST Request Handler, specifically in wiz_5in1_redirect (/goform/wiz_5in1_redirect) where manipulation of the newpass argument enables remote code execution. Attack vector is network-based and requires no user interaction...

CVE-2025-50756

Wavlink WN535K3 20191010 was found to contain a command injection vulnerability in the setsysadm function via the newpass parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2025-50756

Wavlink WN535K3 20191010 was found to contain a command injection vulnerability in the setsysadm function via the newpass parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2023-24096

TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the newpass parameter at /formPasswordSetup. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects...

CVE-2023-24096

TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the newpass parameter at /formPasswordSetup. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects...

CVE-2023-24096

TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the newpass parameter at /formPasswordSetup. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects...

TRENDnet TEW-820AP 缓冲区错误漏洞

The TRENDnet TEW-820AP is a router from TRENDnet. A security vulnerability exists in TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, which stems from the discovery of a stack overflow vulnerability via the newpass parameter of /formPasswordSetup. An attacker could exploit the vulnerability to...

CVE-2023-24096

CVE-2023-24096 affects TrendNet Wireless AC Easy-Upgrader TEW-820AP (v1.0R, firmware 1.01.B01). The issue is a stack overflow in the /formPasswordSetup endpoint triggered by the newpass parameter, enabling arbitrary code execution. The vulnerability targets devices no longer supported by the main...

PT-2023-19399 · Trendnet · Trendnet Wireless Ac Easy-Upgrader Tew-820Ap

Name of the Vulnerable Software and Affected Versions: TrendNet Wireless AC Easy-Upgrader TEW-820AP version 1.0R, firmware version 1.01.B01 Description: The issue is related to a stack overflow via the newpass parameter at the "/formPasswordSetup" API endpoint. This allows attackers to execute...

CVE-2019-7385

An authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products with the firmware version ISCOMHT803G-U2.0.0140521R4.1.47.002 or below, The values of the newpass and confpass parameters in /bin/WebMGR are used in a syst...

CVE-2018-20305

D-Link DIR-816 A2 1.10 B05 devices allow arbitrary remote code execution without authentication via the newpass parameter. In the /goform/form2userconfig.cgi handler function, a long password may lead to a stack-based buffer overflow and overwrite a return address...

PT-2018-2065 · D Link · D-Link Dir-816

Name of the Vulnerable Software and Affected Versions: D-Link DIR-816 A2 version 1.10 B05 Description: The issue allows for arbitrary remote code execution without authentication via the newpass parameter. In the "/goform/form2userconfig.cgi" handler function, a long password may lead to a...