Lucene search
K

40 matches found

CNNVD
CNNVD
added 2025/10/09 12:0 a.m.3 views

Tenda AC7 安全漏洞

Tenda AC7 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in Tenda AC7 version 15.03.06.44, which originates from the parameter ddnsEn in the file /goform/SetDDNSCfg that fails to correctly validate the length and size of the input data, and can be...

9CVSS8.2AI score0.00948EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:31 p.m.6 views

EUVD-2025-32706

A vulnerability was found in Tenda AC15 15.03.05.18. The impacted element is an unknown function of the file /goform/SetDDNSCfg of the component POST Parameter Handler. The manipulation of the argument ddnsEn results in stack-based buffer overflow. The attack can be launched remotely. The exploit...

9CVSS6.7AI score0.00762EPSS
Exploits1References6
OSV
OSV
added 2025/10/07 10:15 a.m.5 views

CVE-2025-11386

A vulnerability was found in Tenda AC15 15.03.05.18. The impacted element is an unknown function of the file /goform/SetDDNSCfg of the component POST Parameter Handler. The manipulation of the argument ddnsEn results in stack-based buffer overflow. The attack can be launched remotely. The exploit...

8.7CVSS6.5AI score0.00762EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/10/07 10:2 a.m.5 views

CVE-2025-11386 Tenda AC15 POST Parameter SetDDNSCfg stack-based overflow

A vulnerability was found in Tenda AC15 15.03.05.18. The impacted element is an unknown function of the file /goform/SetDDNSCfg of the component POST Parameter Handler. The manipulation of the argument ddnsEn results in stack-based buffer overflow. The attack can be launched remotely. The exploit...

9CVSS7AI score0.00762EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/06 8:32 a.m.6 views

EUVD-2025-32522

A vulnerability was detected in Tenda AC18 15.03.05.196318. This issue affects some unknown processing of the file /goform/SetDDNSCfg. The manipulation of the argument ddnsEn results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be...

9CVSS7AI score0.00988EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2025/10/06 8:32 a.m.2 views

CVE-2025-11328 Tenda AC18 SetDDNSCfg stack-based overflow

A vulnerability was detected in Tenda AC18 15.03.05.196318. This issue affects some unknown processing of the file /goform/SetDDNSCfg. The manipulation of the argument ddnsEn results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be...

9CVSS7.2AI score0.00988EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/10/06 12:0 a.m.7 views

Tenda AC18 安全漏洞

Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 has a stack buffer overflow vulnerability, which originates from the parameter ddnsEn in the file /goform/SetDDNSCfg fails to correctly...

9CVSS8.3AI score0.00988EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/10/06 12:0 a.m.8 views

PT-2025-40881

Name of the Vulnerable Software and Affected Versions Tenda AC18 version 15.03.05.196318 Description A stack-based buffer overflow issue exists in the processing of the /goform/SetDDNSCfg file in Tenda AC18. The manipulation of the ddnsEn argument can trigger this overflow, allowing for remote...

9CVSS9AI score0.00988EPSS
Exploits1References11
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-20584

Malicious code in bioql PyPI...

9.8CVSS9.4AI score0.01728EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:43 a.m.9 views

CVE-2024-23059

TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function...

9.8CVSS8AI score0.01728EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2025/05/23 12:0 a.m.7 views

The vulnerability of the setDdnsCfg function in the /cgi-bin/cstecgi.cgi file of the TOTOLINK A3700R wireless router software allows a attacker to cause a service failure.

The vulnerability of the setDdnsCfg function in the /cgi-bin/cstecgi.cgi file of the TOTOLINK A3700R wireless router software is related to access control deficiencies. Exploiting this vulnerability could allow an attacker to cause service interruptions by sending a specially crafted POST request...

5.3CVSS5.9AI score0.00542EPSS
Exploits1References6Affected Software1
CNVD
CNVD
added 2025/04/22 12:0 a.m.2 views

TOTOLINK A3700R Access Control Error Vulnerability (CNVD-2025-12019)

The TOTOLINK A3700R is a wireless router that provides network connectivity for homes and small offices. The TOTOLINK A3700R suffers from an Access Control Error vulnerability that originates from improper access control of the setDdnsCfg function in the /cgi-bin/cstecgi.cgi file. No detailed...

6.9CVSS5.3AI score0.00542EPSS
Exploits1References1
OSV
OSV
added 2025/04/16 4:15 a.m.3 views

CVE-2025-3666

A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822B20200513 and classified as critical. Affected by this issue is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed...

6.9CVSS5.4AI score0.00542EPSS
Exploits1References5
Cvelist
Cvelist
added 2024/04/26 5:31 p.m.19 views

CVE-2024-4236 Tenda AX1803 SetDDNSCfg formSetSysToolDDNS stack-based overflow

A vulnerability, which was classified as critical, has been found in Tenda AX1803 1.0.0.1. This issue affects the function formSetSysToolDDNS of the file /goform/SetDDNSCfg. The manipulation of the argument serverName/ddnsUser/ddnsPwd/ddnsDomain leads to stack-based buffer overflow. The attack ma...

9CVSS9AI score0.14879EPSS
Exploits0References4
CNVD
CNVD
added 2024/01/16 12:0 a.m.9 views

TOTOLINK A3300R setDdnsCfg Method Command Injection Vulnerability

TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R version V17.0.0cu.557B20221024, which stems from the username parameter of the setDdnsCfg method failing to correctly filter construct command special...

9.8CVSS7.4AI score0.01728EPSS
Exploits1References1
NVD
NVD
added 2024/01/11 4:15 p.m.15 views

CVE-2024-23059

TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function...

9.8CVSS9.8AI score0.01728EPSS
Exploits1References1
Prion
Prion
added 2024/01/11 4:15 p.m.18 views

Command injection

TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function...

7.5CVSS8.2AI score0.01728EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/01/11 12:0 a.m.8 views

PT-2024-19650 · Totolink · Totolink A3300R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3300R version V17.0.0cu.557 B20221024 Description: A command injection issue was discovered via the username parameter in the setDdnsCfg function. This allows for potential exploitation. Recommendations: For TOTOLINK A3300R version...

9.8CVSS9.6AI score0.01728EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/01/11 12:0 a.m.8 views

TOTOLINK A3300R 安全漏洞

TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R version V17.0.0cu.557B20221024, which stems from the username parameter of the setDdnsCfg method failing to correctly filter construct command special...

9.8CVSS7.8AI score0.01728EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/05/18 12:0 a.m.5 views

TOTOLINK A3300R 命令注入漏洞

The TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R v17.0.0cu.557, which originates from a failure of the setddnscfg function of the request /cgi-bin/cstecgi.cgi to correctly filter constructed command...

9.8CVSS7.8AI score0.01376EPSS
Exploits0References4
Rows per page
Query Builder