CVE-2026-5102

A security flaw has been discovered in Totolink A3300R 17.0.0cu.557b20221024. This vulnerability affects the function setSmartQosCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument qosupbw results in command injection. The attack can be execut...

EUVD-2025-36520

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the INCSPD, OUTSPD, DEFCLASSINC, and DEFCLASSOUT parameters when updating Quality of Service QoS settings. When a...

CVE-2025-34310

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the INCSPD, OUTSPD, DEFCLASSINC, and DEFCLASSOUT parameters when updating Quality of Service QoS settings. When a...

PT-2025-44169

Name of the Vulnerable Software and Affected Versions IPFire versions prior to 2.29 Core Update 198 Description The software contains a stored cross-site scripting XSS issue that allows an authenticated attacker to inject arbitrary JavaScript code. This is achieved by manipulating the INC SPD, OU...

EUVD-2025-21976

Malicious code in bioql PyPI...

CVE-2022-43632

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

CVE-2018-19989

In the /HNAP1/SetQoSSettings message, the uplink parameter is vulnerable, and the vulnerability affects D-Link DIR-822 Rev.B 202KRb06 and DIR-822 Rev.C 3.10B06 devices. In the SetQoSSettings.php source code, the uplink parameter is saved in the /bwc/entry:1/bandwidth and /bwc/entry:2/bandwidth...

CVE-2025-2994

A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2.0.14408. This affects an unknown part of the file /goform/qossetting of the component Web Management Interface. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The...

D-Link DIR-816 A2 /goform/form2IPQoSTcAdd Access Control Error Vulnerability

The D-Link DIR-816 A2 is a wireless router from China's AUO D-Link. An access control error vulnerability exists in D-Link DIR-816 A2 version 1.10CNB05R1B011D88210, which stems from improper access control in /goform/form2IPQoSTcAdd. An attacker can exploit this vulnerability to be able to set th...

CVE-2024-39803

Multiple buffer overflow vulnerabilities exist in the qos.cgi qossettings functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A buffer...

CVE-2024-39802

Multiple buffer overflow vulnerabilities exist in the qos.cgi qossettings functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A buffer...

CVE-2024-39801

Multiple buffer overflow vulnerabilities exist in the qos.cgi qossettings functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A buffer...

WAVLINK AC3000 安全漏洞

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. The WAVLINK AC3000 suffers from a buffer overflow vulnerability, which originates from the qosdat parameter of the qos.cgi qossettings function that fails to properly validate the length of the input data, which can be exploited by an...

PT-2025-2580 · Wavlink · Wavlink Ac3000

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 version M33A8.V5030.210505 Description: Multiple buffer overflow vulnerabilities exist in the qos.cgi qos settings functionality. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an...

WAVLINK AC3000 安全漏洞

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. The WAVLINK AC3000 suffers from a buffer overflow vulnerability, which is caused by the selmode parameter of the qos.cgi qossettings function failing to properly validate the length of the input data, which can be exploited by an...

D-Link DIR-816 A2 安全漏洞

The D-Link DIR-816 A2 is a wireless router from China's AUO D-Link. An access control error vulnerability exists in D-Link DIR-816 A2 version 1.10CNB05R1B011D88210, which stems from improper access control in /goform/form2IPQoSTcAdd. An attacker can exploit this vulnerability to be able to set th...

CVE-2024-13030

A vulnerability was found in D-Link DIR-823G 1.0.2B0520181207. It has been rated as critical. This issue affects the function SetAutoRebootSettings/SetClientInfo/SetDMZSettings/SetFirewallSettings/SetParentsControlInfo/SetQoSSettings/SetVirtualServerSettings of the file /HNAP1/ of the component W...

D-Link DIR-846W Command Execution Vulnerability (CNVD-2025-18480)

D-Link DIR-846W is a dual-band Gigabit wireless router with second-generation 11AC technology and MU-MIMO technology, supporting dual-band concurrent transmission rates up to 1200Mbps for 200M and above broadband users. The D-Link DIR-846W suffers from a command execution vulnerability that...

CVE-2024-44340

D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution RCE vulnerability via keys smartqosexpressdevices and smartqosnormaldevices in SetSmartQoSSettings...

PT-2024-5843 · D Link · D-Link Dir-846

Name of the Vulnerable Software and Affected Versions: D-Link DIR-846W A1 FW100A43 Description: A remote command execution vulnerability was discovered in the D-Link DIR-846W A1 FW100A43, related to the SetSmartQoSSettings function. This issue allows a remote attacker to execute arbitrary code by...