340 matches found
EUVD-2022-29874
Malicious code in bioql PyPI...
Tenda AC6 formSetIptv Function Command Injection Vulnerability
Tenda AC6 is a dual-band wireless router from Tenda that supports 2.4GHz and 5GHz bands with a maximum transmission rate of 1167Mbps. The Tenda AC6 suffers from a command injection vulnerability that stems from the formSetIptv function not validating or cleaning up special characters when handlin...
Tenda AC6 Firmware Signature Verification Function Code Execution Vulnerability
Tenda AC6 is a dual-band wireless router from Tenda that supports IPv4 and IPv6 protocols and utilizes the 802.11ac/n wireless standard to provide a wireless transmission rate of 1167Mbps. A code execution vulnerability exists in the Tenda AC6, which stems from a problem with the firmware signatu...
TOTOLINK N350R 注入漏洞
The TOTOLINK N350R is a WiFi router from China's Gion Electronics TOTOLINK. The TOTOLINK N350R suffers from an injection vulnerability that originates from a misbehavior in the file /boafrm/formSysCmd, which can be exploited by an attacker to cause an application to crash or behave abnormally by...
(Pwn2Own) QNAP QHora-322 Improper Restriction of Communication Channel to Intended Endpoints Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of QNAP QHora-322 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SSH daemon. The...
Nexxt Solutions NCM-X1800 命令注入漏洞
The Nexxt Solutions NCM-X1800 is a router from Nexxt Solutions. A command injection vulnerability exists in the Nexxt Solutions NCM-X1800 UV1.2.7 and earlier versions, which stems from a command injection that could lead to the execution of arbitrary commands...
Tenda AC1206 Buffer Overflow Vulnerability
The Tenda AC1206 is a wireless Gigabit router from Tenda China. The Tenda AC1206 suffers from a buffer overflow vulnerability that originates from the formSetCfm function failing to properly validate the length of the input data, which can be exploited by an attacker to cause a denial of service...
QNAP QHora Authorization Issues Vulnerability
The QNAP QHora is a router from the Taiwan, China-based company Qualicom Technology QNAP. QNAP QHora has an authorization issue vulnerability that stems from improper authentication, and no detailed vulnerability details are available at this time...
Tenda AC18 /goform/SetIPTVCfg Command Injection Vulnerability
The Tenda AC18 is a router from the Chinese company Tenda. The Tenda AC18 suffers from a command injection vulnerability that stems from incorrect manipulation of the parameter list in the file /goform/SetIPTVCfg. No details of the vulnerability are available at this time...
Tenda AC18 /goform/SetSysAutoRebbotCfg Buffer Overflow Vulnerability
The Tenda AC18 is a router from the Chinese company Tenda. The Tenda AC18 suffers from a buffer overflow vulnerability that originates from a misuse of the parameter rebootTime in the file /goform/SetSysAutoRebbotCfg, which can be exploited by an attacker to submit a special request and execute...
PT-2025-23134 · Next.Js · Next.Js
Name of the Vulnerable Software and Affected Versions: Next.js versions 13.0 through 15.2.2 Description: Next.js is a React framework for building full-stack web applications. In affected versions, Next.js may have allowed limited source code exposure when the dev server was running with the App...
TOTOLINK A3002R Buffer Overflow Vulnerability
TOTOLINK A3002R is a wireless router from China's Gion Electronics TOTOLINK. TOTOLINK A3002R suffers from a buffer overflow vulnerability that originates from the interfacenameds parameter in the formDhcpv6s interface failing to correctly validate the length size of the input data, no detailed...
CVE-2024-33112
D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Command injection via the hnapmainfunc...
CVE-2024-28288
Ruijie RG-NBR700GW 10.34b12 router lacks cookie verification when resetting the password, resulting in an administrator password reset vulnerability. An attacker can use this vulnerability to log in to the device and disrupt the business of the enterprise...
CVE-2024-53283
Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in Router Port Forward functionality in Synology Router Manager SRM before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing...
CVE-2022-30327
An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The web interface is vulnerable to CSRF. An attacker can change the pre-shared key of the Wi-Fi router if the interface's IP address is known...
CVE-2022-32058
An infinite loop in the function httpRpmPass of TP-Link TL-WR741N/TL-WR742N V1/V2/V3130415 allows attackers to cause a Denial of Service DoS via a crafted packet...
CVE-2022-28579
It is found that there is a command injection vulnerability in the setParentalRules interface in TOTOlink A7100RU v7.4cu.2313b20191024 router, which allows an attacker to execute arbitrary commands through a carefully constructed payload...
CVE-2022-28575
It is found that there is a command injection vulnerability in the setopenvpnclientcfg interface in TOTOlink A7100RU v7.4cu.2313b20191024 router, which allows attackers to execute arbitrary commands through a carefully constructed payload...
CVE-2021-30229
The api/zrDm/setzrDm interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the dmenable, AppKey, or Pwd parameter...