EUVD-2026-34150

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 returns 128 bytes of uninitialized buffer when receiving POST requests without SOAPAction header on UPnP port 1900, exposing internal memory to unauthenticated adjacent network attackers...

CVE-2026-5720

miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or information disclosure by sending a malformed SOAPAction header with a single quote. Attackers can trigger an out-of-bounds memory read by exploiting...

CVE-2026-5720 miniupnpd Integer Underflow SOAPAction Header Parsing

miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or information disclosure by sending a malformed SOAPAction header with a single quote. Attackers can trigger an out-of-bounds memory read by exploiting...

MiniUPnP 安全漏洞

MiniUPnP is a set of UPnP tools developed by the Miniupnp project, which can be used in embedded systems. These tools enable devices in home and corporate networks to connect with each other. MiniUPnP has a security vulnerability, stemming from integer underflow in the parsing of SOAPAction...

PT-2026-33521

miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or information disclosure by sending a malformed SOAPAction header with a single quote. Attackers can trigger an out-of-bounds memory read by exploiting...

CVE-2025-63932

D-Link Router DIR-868L A1 FW106KRb01.bin has an unauthenticated remote code execution vulnerability in the cgibin binary. The HNAP service provided by cgibin does not filter the HTTP SOAPAction header field. The unauthenticated remote attacker can execute the shell command...

CVE-2025-63932

CVE-2025-63932 affects the D-Link Router DIR-868L (A1, FW106KRb01.bin). The cgibin HNAP service does not filter the HTTP SOAPAction header, enabling an unauthenticated remote code execution via shell command execution. Red Hat, ENISA EUVD, CIRCL, NVD, and CVE listings corroborate an unauthenticat...

PT-2025-38678

Name of the Vulnerable Software and Affected Versions D-Link DCS-935L versions prior to 1.13.01 Description A stack-based buffer overflow issue exists in the sub 402280 function of the /HNAP1/ file. The issue is due to the manipulation of the HNAP AUTH/SOAPAction argument, which can allow a remot...

D-Link DIR-1935 安全漏洞

The D-Link DIR-1935 is a wireless router from China-based D-Link. A security vulnerability exists in the D-Link DIR-1935 that arises from parsing the SOAPAction header without properly validating the length of user-supplied data before copying it into a fixed-length buffer...

PT-2022-5540 · D Link · D-Link Dir-1935

Name of the Vulnerable Software and Affected Versions: D-Link DIR-1935 version 1.03 Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the handling of...

CVE-2021-34827

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP header. The issue...

D-link DIR-806 Stack Buffer Overflow Vulnerability

The Dlink DIR-806 is a wireless AC1200 dual-band router. A stack buffer overflow vulnerability exists in hnapmain in /htdocs/cgibin of the D-link DIR-806. The vulnerability can be exploited to run shellcode via a long HTTP header starting with "SOAPAction:...