40 matches found
Tenda AC7 安全漏洞
Tenda AC7 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in Tenda AC7 version 15.03.06.44, which originates from the parameter ddnsEn in the file /goform/SetDDNSCfg that fails to correctly validate the length and size of the input data, and can be...
EUVD-2025-32706
A vulnerability was found in Tenda AC15 15.03.05.18. The impacted element is an unknown function of the file /goform/SetDDNSCfg of the component POST Parameter Handler. The manipulation of the argument ddnsEn results in stack-based buffer overflow. The attack can be launched remotely. The exploit...
CVE-2025-11386
A vulnerability was found in Tenda AC15 15.03.05.18. The impacted element is an unknown function of the file /goform/SetDDNSCfg of the component POST Parameter Handler. The manipulation of the argument ddnsEn results in stack-based buffer overflow. The attack can be launched remotely. The exploit...
CVE-2025-11386 Tenda AC15 POST Parameter SetDDNSCfg stack-based overflow
A vulnerability was found in Tenda AC15 15.03.05.18. The impacted element is an unknown function of the file /goform/SetDDNSCfg of the component POST Parameter Handler. The manipulation of the argument ddnsEn results in stack-based buffer overflow. The attack can be launched remotely. The exploit...
EUVD-2025-32522
A vulnerability was detected in Tenda AC18 15.03.05.196318. This issue affects some unknown processing of the file /goform/SetDDNSCfg. The manipulation of the argument ddnsEn results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be...
CVE-2025-11328 Tenda AC18 SetDDNSCfg stack-based overflow
A vulnerability was detected in Tenda AC18 15.03.05.196318. This issue affects some unknown processing of the file /goform/SetDDNSCfg. The manipulation of the argument ddnsEn results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be...
Tenda AC18 安全漏洞
Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 has a stack buffer overflow vulnerability, which originates from the parameter ddnsEn in the file /goform/SetDDNSCfg fails to correctly...
PT-2025-40881
Name of the Vulnerable Software and Affected Versions Tenda AC18 version 15.03.05.196318 Description A stack-based buffer overflow issue exists in the processing of the /goform/SetDDNSCfg file in Tenda AC18. The manipulation of the ddnsEn argument can trigger this overflow, allowing for remote...
EUVD-2024-20584
Malicious code in bioql PyPI...
CVE-2024-23059
TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function...
The vulnerability of the setDdnsCfg function in the /cgi-bin/cstecgi.cgi file of the TOTOLINK A3700R wireless router software allows a attacker to cause a service failure.
The vulnerability of the setDdnsCfg function in the /cgi-bin/cstecgi.cgi file of the TOTOLINK A3700R wireless router software is related to access control deficiencies. Exploiting this vulnerability could allow an attacker to cause service interruptions by sending a specially crafted POST request...
TOTOLINK A3700R Access Control Error Vulnerability (CNVD-2025-12019)
The TOTOLINK A3700R is a wireless router that provides network connectivity for homes and small offices. The TOTOLINK A3700R suffers from an Access Control Error vulnerability that originates from improper access control of the setDdnsCfg function in the /cgi-bin/cstecgi.cgi file. No detailed...
CVE-2025-3666
A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822B20200513 and classified as critical. Affected by this issue is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed...
CVE-2024-4236 Tenda AX1803 SetDDNSCfg formSetSysToolDDNS stack-based overflow
A vulnerability, which was classified as critical, has been found in Tenda AX1803 1.0.0.1. This issue affects the function formSetSysToolDDNS of the file /goform/SetDDNSCfg. The manipulation of the argument serverName/ddnsUser/ddnsPwd/ddnsDomain leads to stack-based buffer overflow. The attack ma...
TOTOLINK A3300R setDdnsCfg Method Command Injection Vulnerability
TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R version V17.0.0cu.557B20221024, which stems from the username parameter of the setDdnsCfg method failing to correctly filter construct command special...
CVE-2024-23059
TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function...
Command injection
TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function...
PT-2024-19650 · Totolink · Totolink A3300R
Name of the Vulnerable Software and Affected Versions: TOTOLINK A3300R version V17.0.0cu.557 B20221024 Description: A command injection issue was discovered via the username parameter in the setDdnsCfg function. This allows for potential exploitation. Recommendations: For TOTOLINK A3300R version...
TOTOLINK A3300R 安全漏洞
TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R version V17.0.0cu.557B20221024, which stems from the username parameter of the setDdnsCfg method failing to correctly filter construct command special...
TOTOLINK A3300R 命令注入漏洞
The TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R v17.0.0cu.557, which originates from a failure of the setddnscfg function of the request /cgi-bin/cstecgi.cgi to correctly filter constructed command...