CVE-2025-15428

A weakness has been identified in UTT 进取 512W 1.7.7-171114. Affected is the function strcpy of the file /goform/formRemoteControl. This manipulation of the argument Profile causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public an...

📄 NanoMQ 0.24.6 Remote Buffer Overflow

A stack-based buffer overflow vulnerability exists in NanoMQ version 0.24.6, allowing remote attackers to cause a denial of service and potentially achieve remote code execution. The vulnerability requires admin privileges, but use of default credentials admin:public may be common, lowering the...

PT-2026-1095

Name of the Vulnerable Software and Affected Versions License Center versions prior to 2.0.36 Description A buffer overflow issue exists in License Center. Successful exploitation could allow a remote attacker with administrator privileges to modify memory or cause processes to crash...

CVE-2025-15218

The CVE-2025-15218 issue affects Tenda AC10U firmware versions 15.03.06.48–15.03.06.49. The vulnerability lies in the POST Request Parameter Handler, specifically the fromadvsetlanip function in /goform/AdvSetLanip, where manipulating the lanMask argument can trigger a buffer overflow. The impact...

CVE-2025-15217

CVE-2025-15217 affects the Tenda AC23 router running version 16.03.07.52. The vulnerability is in the HTTP POST Request Handler’s function formSetPPTPUserList. Malicious manipulation of the argument list can trigger a buffer overflow, with remote exploitability reported. Connected sources (includ...

EUVD-2025-205682

A vulnerability was determined in Tenda AC10U 15.03.06.48/15.03.06.49. This affects the function formSetPPTPUserList of the file /goform/setPptpUserList of the component HTTP POST Request Handler. This manipulation of the argument list causes buffer overflow. It is possible to initiate the attack...

CVE-2025-15162

A vulnerability was determined in Tenda WH450 1.0.0.18. Affected by this vulnerability is an unknown functionality of the file /goform/RouteStatic. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been...

EUVD-2025-205578

A vulnerability was identified in D-Link DWR-M920 up to 1.1.50. This issue affects the function sub464794 of the file /boafrm/formDefRoute. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be us...

CVE-2025-15189 D-Link DWR-M920 formDefRoute sub_464794 buffer overflow

A vulnerability was identified in D-Link DWR-M920 up to 1.1.50. This issue affects the function sub464794 of the file /boafrm/formDefRoute. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be us...

PT-2025-53836

Name of the Vulnerable Software and Affected Versions Tenda AC10U versions 15.03.06.48 through 15.03.06.49 Description A buffer overflow issue exists in the formSetPPTPUserList function within the HTTP POST Request Handler component, specifically in the /goform/setPptpUserList file of the Tenda...

CVE-2025-15089

A vulnerability has been found in UTT 进取 512W up to 1.7.7-171114. This affects the function strcpy of the file /goform/APSecurity. The manipulation of the argument wepkey1 leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and...

PT-2025-53418

Name of the Vulnerable Software and Affected Versions UTT 进取 512W versions through 1.7.7-171114 Description A buffer overflow issue exists in UTT 进取 512W. The issue is related to the strcpy function within the /goform/formConfigNoticeConfig file. Manipulation of the timestart argument can trigger...

PT-2025-53410

Name of the Vulnerable Software and Affected Versions UTT 进取 512W versions through 1.7.7-171114 Description A flaw exists in UTT 进取 512W that allows for remote buffer overflow. The issue is related to the strcpy function within the /goform/ConfigExceptMSN file. Manipulation of the remark argument...

CVE-2025-68615

A flaw was found in net-snmp. A remote attacker can trigger a buffer overflow in the snmptrapd daemon by sending a specially crafted SNMP packet, causing the daemon to crash and resulting in a denial of service. Mitigation Make sure to restrict network traffic to the snmptrapd daemon using firewa...

CVE-2025-14656

A weakness has been identified in Tenda AC20 16.03.08.12. This affects the function httpd of the file /goform/openSchedWifi. Executing a manipulation of the argument schedStartTime/schedEndTime can lead to buffer overflow. The attack may be performed from remote. The exploit has been made availab...

CVE-2025-14709

A security vulnerability has been detected in Shiguangwu sgwbox N3 2.0.25. Affected by this issue is some unknown functionality of the file /usr/sbin/httpeshellserver of the component WIRELESSCFGGET Interface. The manipulation of the argument params leads to buffer overflow. Remote exploitation o...

CVE-2025-14709

A security vulnerability has been detected in Shiguangwu sgwbox N3 2.0.25. Affected by this issue is some unknown functionality of the file /usr/sbin/httpeshellserver of the component WIRELESSCFGGET Interface. The manipulation of the argument params leads to buffer overflow. Remote exploitation o...

CVE-2025-14709

CVE-2025-14709 affects Shiguangwu sgwbox N3 (v2.0.25). The vulnerability is in the WIRELESSCFGGET Interface’s /usr/sbin/http_eshell_server functionality, where improper handling of the params argument leads to a buffer overflow. Remote exploitation is possible and the exploit has been disclosed p...

CVE-2024-58299 PCMan FTP Server 2.0 Remote Buffer Overflow via 'pwd' Command

PCMan FTP Server 2.0 contains a buffer overflow vulnerability in the 'pwd' command that allows remote attackers to execute arbitrary code. Attackers can send a specially crafted payload during the FTP login process to overwrite memory and potentially gain system access...

CVE-2025-14135

A vulnerability was identified in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function APgetwiredclientlistsetClientsName of the file modform.so. The manipulation of the argument clientsname0 leads to...