296 matches found
CVE-2025-60694
A stack-based buffer overflow exists in the validatestaticroute function of the httpd binary on Linksys E1200 v2 routers Firmware E1200v2.0.11.001us.tar.gz. The function improperly concatenates user-supplied CGI parameters routeipaddr03, routenetmask03, routegateway03 into fixed-size buffers v6,...
CVE-2025-60682
The connected CNVD/Red Hat/EUVD/NVD entries confirm CVE-2025-60682 affecting TOTOLINK A720R router firmware V4.1.5cu.614_B20230630, in the cloudupdate_check binary (sub_402414) where cloud update parameters are processed. User-controlled magicid and url are concatenated into shell commands and ex...
CVE-2025-60683
The CVE-2025-60683 entry concerns the TOTOLINK ToToLink A720R Router firmware (V4.1.5cu.614_B20230630). The sysconf binary’s sub_40BFA4 handling of network interface reinitialization from '/var/system/linux_vlan_reinit' concatenates unescaped input into shell commands after only partial validatio...
EUVD-2020-29217
Malware in sbrugna...
EUVD-2018-4499
Malware in sbrugna...
EUVD-2017-4388
Malware in sbrugna...
EUVD-2018-7231
Malware in sbrugna...
EUVD-2024-31117
Malicious code in bioql PyPI...
EUVD-2023-36593
Malicious code in bioql PyPI...
EUVD-2022-50458
Malicious code in bioql PyPI...
EUVD-2022-48626
Malicious code in bioql PyPI...
EUVD-2023-27250
Malicious code in bioql PyPI...
PT-2025-36919
Name of the Vulnerable Software and Affected Versions: LB-Link BL-CPE300M AX300 4G LTE Router version BL-R8800 B10 ALK SL V01.01.02P42U14 06 Description: The LB-Link BL-CPE300M AX300 4G LTE Router does not implement proper session handling. After a user authenticates from a specific IP address, t...
CVE-2025-57278
The LB-Link BL-CPE300M AX300 4G LTE Router firmware version BL-R8800B10ALKSLV01.01.02P42U1406 does not implement proper session handling. After a user authenticates from a specific IP address, the router grants access to any other client using that same IP, without requiring credentials or...
CVE-2025-52054
An issue was discovered in Tenda AC8 v4.0 AC1200 Dual-band Gigabit Wireless Router AC8v4.0 Firmware 16.03.33.05. The root password of the device is calculated with a static string and the last two octets of the MAC address of the device. This allows an unauthenticated attacker to authenticate wit...
The vulnerability of the /pppoe_base.asp file of the jhttpd component of D-link DI-8100 router software allows a hacker to execute arbitrary code.
The vulnerability of the /pppoebase.asp file of the jhttpd component of D-link DI-8100 router microprogramming software is related to buffer overflow in the stack. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...
CVE-2025-52379
Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below contains an authenticated command injection vulnerability in the firmware update feature. The /web/umfileNameset.cgi and /web/umwebupgrade.cgi endpoints fail to properly sanitize the upgradeFileName parameter, allowing authenticated...
CVE-2025-34049
An OS command injection vulnerability exists in the OptiLink ONT1GEW GPON router firmware version V2.1.11X101 Build 1127.190306 and earlier. The router’s web management interface fails to properly sanitize user input in the targetaddr parameter of the formTracert and formPing administrative...
The vulnerability of the sub_415EF8 function in Netgear EX6100 router microprogramming software allows a hacker to execute arbitrary code.
The vulnerability of sub415EF8 in Netgear EX6100 router microprogramming software relates to the execution of operations outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending a specially crafted GET request...
The vulnerability of the sub_41619C() function in NETGEAR EX3700 router microprogramming software allows a hacker to induce a service failure.
The vulnerability of the sub41619C function in NETGEAR EX3700 router microprogramming software is related to buffer overflow in the stack. Exploiting this vulnerability can allow a malicious actor to trigger a service failure by sending a specially crafted GET request remotely...