PT-2026-20831

Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scripting vulnerabilities in the openvpn users endpoint that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted POST requests with script payloads in the username, remotenets,...

TOTOLINK A3002RU 缓冲区错误漏洞

TOTOLINK A3002RU is a wireless router product from TOTOLINK Corporation. The TOTOLINK A3002RU V3 V3.0.0-B20220304.1804 version contains a buffer error vulnerability. This vulnerability stems from a stack buffer overflow in the staticipv6 parameter of the formIpv6Setup function, which may allow fo...

CVE-2019-25380

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple reflected cross-site scripting vulnerabilities in the dhcp.cgi script that allow attackers to inject malicious scripts through multiple parameters. Attackers can submit POST requests to dhcp.cgi with script payloads in parameters su...

Tile trackers plagued by weak security, researchers warn

Researchers at the Georgia Institute of Technology scrutinized the security of the popular Tile tracker and came out disappointed. Bluetooth trackers are a steadily growing market, and Life360 is one of the major players. In 2021, Amazon expanded its Sidewalk network to include Tile. That means...

CVE-2025-20136

A vulnerability in the function that performs IPv4 and IPv6 Network Address Translation NAT DNS inspection for Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause the device t...

CVE-2025-8825

A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This affects the function RPsetBasicAuto of the file /goform/RPsetBasicAuto. The manipulation of the argument staticIp/staticNetmask leads to os command injection. It is possible to initiat...

CVE-2025-8819

A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This affects the function setWan of the file /goform/setWan. The manipulation of the argument staticIp leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The...

CVE-2025-8819 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setWan stack-based overflow

A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This affects the function setWan of the file /goform/setWan. The manipulation of the argument staticIp leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The...

CVE-2025-8819 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setWan stack-based overflow

A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This affects the function setWan of the file /goform/setWan. The manipulation of the argument staticIp leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The...

PT-2025-32503 · Linksys · Linksys Re9000 +5

Name of the Vulnerable Software and Affected Versions: Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions up to 20250801 Description: A vulnerability exists due to os command injection. The RP setBasicAuto function within the /goform/RP setBasicAuto file is affected. Manipulation ...

D-Link DAP-1325 安全漏洞

D-Link DAP-1325 is a wireless network extender made by D-Link, which is mainly used to extend the wireless network coverage, support the conversion of wired network and wireless network or connect to different wireless networks. The D-Link DAP-1325 suffers from a command injection remote code...

PT-2023-9037

Name of the Vulnerable Software and Affected Versions webOS versions 5 and 6 webOS versions 5.5.0 - 04.50.51 webOS version 6.3.3-442 Description A command injection vulnerability exists in the "com.webos.service.connectionmanager/tv/setVlanStaticAddress" endpoint. This vulnerability can be...

Risky use of Static Address

Lines of code Vulnerability details Impact We see a native token address used as 0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE which is fine to use to denote native ether, but if this contract were to be deployed in another chain like Polygon, this would cause inconsistency issues. Proof of Concept...

CVE-2023-26848

TOTOlink A7100RUV7.4cu.2313B20191024 was discovered to contain a command injection vulnerability via the org parameter at setting/delStaticDhcpRules...

CVE-2022-26999

Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the static ip settings function via the wanipstat, wanmaskstat, wangwstat, and wandns1stat parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2022-26999

Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the static ip settings function via the wanipstat, wanmaskstat, wangwstat, and wandns1stat parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2020-27542

Rostelecom CS-C2SHW 5.0.082.1 is affected by: Bash command injection. The camera reads configuration from QR code including network settings. The static IP configuration from QR code is copied to the file /config/ip-static and after reboot data from this file is inserted into bash command without...

D-Link DSL-2888A License Issue Vulnerability

The D-link DSL-2888A is a Unified Services Router from D-link China. An authorization issue vulnerability exists in the D-Link DSL-2888A devices with firmware, which can be exploited by an attacker to assign a static IP address that has been previously used by a valid user...

D-link DSL-2888A 访问控制错误漏洞

The D-link DSL-2888A is a Unified Services Router from D-link China. An authorization issue vulnerability exists in the D-Link DSL-2888A devices with firmware, which can be exploited by an attacker to assign a static IP address that has been previously used by a valid user...

PT-2020-5616 · D Link · D-Link Dsl-2888A

Name of the Vulnerable Software and Affected Versions: D-Link DSL-2888A versions prior to AU 2.31 V1.1.47ae55 Description: The issue is related to a lack of authentication functionality, allowing an attacker to assign a static IP address that was once used by a valid user. This can potentially le...