202 matches found
Netgear R6850 - Information Disclosure
Netgear R6850 router firmware version V1.1.0.88 contains an information leakage vulnerability in the debuginfo.htm page. This hidden interface is not protected by authentication, allowing unauthenticated attackers to access sensitive informationsuch as product model name, WAN connection type, and...
Shibby Tomato 安全漏洞
Shibby Tomato is a third-party router firmware developed by Shibby’s individual developers. Versions of Shibby Tomato prior to 1.28 contained security vulnerabilities. These vulnerabilities were caused by a function in the Zserv Handler component called ripzebrareadipv4, which led to a stack buff...
Shibby Tomato 安全漏洞
Shibby Tomato is a third-party router firmware developed by Shibby’s individual developers. Version 1.28 of Shibby Tomato contains a security vulnerability. This vulnerability stems from a stack buffer overflow in the getupsfield function within the tomatodata.cgi file, which could allow a remote...
CVE-2017-20223
Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access resources by manipulating user-supplied input parameters. Attackers can directly reference objects in the system to retrie...
CVE-2026-27514
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a sensitive information exposure vulnerability in the configuration download functionality. The configuration download response includes the router password and administrative password in plaintext. The endpoint also omits...
CVE-2026-27512
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a content-type confusion vulnerability in the administrative interface. Responses omit the X-Content-Type-Options: nosniff header and include attacker-influenced content that can be reflected into the response body. Under...
PT-2026-21531
Name of the Vulnerable Software and Affected Versions Shenzhen Tenda F3 Wireless Router firmware version V12.01.01.55 multi Description The web-based administrative interface does not implement anti-CSRF protections. This allows an attacker to make an authenticated administrator submit requests...
CVE-2025-70998
UTT HiPER 810 / nv810v4 router firmware v1.5.0-140603 was discovered to contain insecure default credentials for the telnet service, possibly allowing a remote attacker to gain root access via a crafted script...
CVE-2025-70998
UTT HiPER 810 / nv810v4 router firmware v1.5.0-140603 was discovered to contain insecure default credentials for the telnet service, possibly allowing a remote attacker to gain root access via a crafted script...
CVE-2025-70998
CVE-2025-70998 affects UTT HiPER 810 / nv810v4 router firmware, version v1.5.0-140603. The telnet service ships with insecure default credentials, potentially allowing a remote attacker to gain root access via a crafted script. No exploitation details or mitigations are provided in the available ...
PT-2026-20358
Name of the Vulnerable Software and Affected Versions TOTOLINK A3002RU version 2.1.1-B20211108.1455 Description The TOTOLINK A3002RU router firmware contains a stack-based buffer overflow. The issue is located in the formFilter function and is triggered through the vpnUser and vpnPassword...
LEDE security vulnerabilities
LEDE is a router firmware developed by Coolsnowwolf’s individual developer. Versions of LEDE such as r25.10.1 and earlier contained security vulnerabilities. These vulnerabilities stemmed from an infinite loop in the Wi-Fi driver component bnlib.C, which could lead to a denial-of-service attack...
CVE-2021-47854
CVE-2021-47854 affects DD-WRT 45723 and describes a buffer overflow in the UPNP network discovery service. The vulnerability is triggered by receiving crafted M-SEARCH packets with oversized UUID payloads, which can lead to remote code execution on the targeted device. The CVSS metrics indicate a...
VulnCheck KEV: CVE-2024-57040
TL-WR845NUNV4200909 and TL-WR845NUNV4190219 was discovered to contain a hardcoded password for the root account which can be obtained by analyzing downloaded firmware or via a brute force attack through physical access to the router...
CVE-2025-68707
An authentication bypass vulnerability in the Tongyu AX1800 Wi-Fi 6 Router with firmware 1.0.0 allows unauthenticated network-adjacent attackers to perform arbitrary configuration changes without providing credentials, as long as a valid admin session is active. This can result in full compromise...
CVE-2025-68718
KAYSUS KS-WR1200 routers with firmware 107 expose SSH and TELNET services on the LAN interface with hardcoded root credentials root:12345678. The administrator cannot disable these services or change the hardcoded password. Changing the management GUI password does not affect SSH/TELNET...
CVE-2025-67089
A command injection vulnerability exists in the GL-iNet GL-AXT1800 router firmware v4.6.8. The vulnerability is present in the plugins.installpackage RPC method, which fails to properly sanitize user input in package names. Authenticated attackers can exploit this to execute arbitrary commands wi...
CVE-2025-65427
An issue was discovered in Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router on firmware version V1.0.0 does not implement rate limiting to /api/login allowing attackers to brute force password enumerations...
Linksys RE7000 Router Firmware <= 2.0.15_211230_1012 Buffer Overflow Vulnerability
Linksys RE7000 routers are prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Linksys E7350 Router Firmware <= 1.1.00.032 Buffer Overflow Vulnerability
Linksys E7350 routers are prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...