27 matches found
CVE-2024-42947
An issue in the handler function in /goform/telnet of Tenda FH1201 v1.2.0.14 408 allows attackers to execute arbitrary commands via a crafted HTTP request...
CVE-2021-32824
Apache Dubbo is a java based, open source RPC framework. Versions prior to 2.6.10 and 2.7.10 are vulnerable to pre-auth remote code execution via arbitrary bean manipulation in the Telnet handler. The Dubbo main service port can be used to access a Telnet Handler which offers some basic methods t...
CVE-2025-25632
Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet...
CVE-2025-25632
Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet...
CVE-2025-25632
Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet...
CVE-2025-25632
Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet...
Tenda FH1201 Command Execution Vulnerability
The Tenda FH1201 is a wireless router from Tenda China. The Tenda FH1201 suffers from a command execution vulnerability that stems from a problem with the handler function in /goform/telnet, which can be exploited by an attacker to execute arbitrary commands via specially crafted HTTP requests...
Tenda FH1206 安全漏洞
Tenda FH1206 is a dual-band wireless router from Tenda, designed for large homes with fiber optics. The Tenda FH1206 suffers from a command execution vulnerability that originates from an arbitrary command execution vulnerability contained in the handler parameter of the /goform/telnet file, whic...
PT-2024-30218 · Tenda · Tenda Fh1201
Name of the Vulnerable Software and Affected Versions: Tenda FH1201 version 1.2.0.14 Description: An issue in the handler function in "/goform/telnet" allows attackers to execute arbitrary commands via a crafted HTTP request. Recommendations: For Tenda FH1201 version 1.2.0.14, as a temporary...
Tenda AX3 Command Execution Vulnerability
The Tenda Ax3 is an Ax1800 Gigabit Port Dual Band Wifi 6 Wireless Router from Tenda China. A command execution vulnerability exists in Tenda AX3 version V16.03.12.11, which originates from the handler function of /goform/telnet failing to properly filter construct command special characters,...
Tenda W30E 安全漏洞
The Tenda W30E is a router from the Chinese company Tenda. A command execution vulnerability exists in Tenda W30E version V16.01.0.124843, which originates from the handler function of /goform/telnet failing to correctly filter construct command special characters, commands, etc. The vulnerabilit...
Tenda AX3 安全漏洞
The Tenda Ax3 is an Ax1800 Gigabit Port Dual Band Wifi 6 Wireless Router from Tenda China. A command execution vulnerability exists in Tenda AX3 version V16.03.12.11, which originates from the handler function of /goform/telnet failing to properly filter construct command special characters,...
Remote Code Execution (RCE)
dubbo-cluster is vulnerable to remote code execution. The vulnerability exists in the doInvoke function of BroadcastClusterInvoker.java as it does not properly handle FastJson when invoking the invoke handler and later processes in PojoUtils.realize, allowing an attacker to instantiate arbitrary...
GHSA-FPRR-RRM8-4534 Apache Dubbo vulnerable to remote code execution via Telnet Handler
Apache Dubbo is a Java based, open source RPC framework. Versions prior to 2.6.10 and 2.7.10 are vulnerable to pre-authorization remote code execution via arbitrary bean manipulation in the Telnet handler. The Dubbo main service port can be used to access a Telnet Handler which offers some basic...
Apache Dubbo vulnerable to remote code execution via Telnet Handler
Apache Dubbo is a Java based, open source RPC framework. Versions prior to 2.6.10 and 2.7.10 are vulnerable to pre-authorization remote code execution via arbitrary bean manipulation in the Telnet handler. The Dubbo main service port can be used to access a Telnet Handler which offers some basic...
CVE-2021-32824
Apache Dubbo is a java based, open source RPC framework. Versions prior to 2.6.10 and 2.7.10 are vulnerable to pre-auth remote code execution via arbitrary bean manipulation in the Telnet handler. The Dubbo main service port can be used to access a Telnet Handler which offers some basic methods t...
CVE-2021-32824
Apache Dubbo is a java based, open source RPC framework. Versions prior to 2.6.10 and 2.7.10 are vulnerable to pre-auth remote code execution via arbitrary bean manipulation in the Telnet handler. The Dubbo main service port can be used to access a Telnet Handler which offers some basic methods t...
Remote code execution
Apache Dubbo is a java based, open source RPC framework. Versions prior to 2.6.10 and 2.7.10 are vulnerable to pre-auth remote code execution via arbitrary bean manipulation in the Telnet handler. The Dubbo main service port can be used to access a Telnet Handler which offers some basic methods t...
CVE-2021-32824 Regular expression Denial of Service in MooTools
Apache Dubbo is a java based, open source RPC framework. Versions prior to 2.6.10 and 2.7.10 are vulnerable to pre-auth remote code execution via arbitrary bean manipulation in the Telnet handler. The Dubbo main service port can be used to access a Telnet Handler which offers some basic methods t...
CVE-2021-32824
Apache Dubbo (Java RPC framework) versions prior to 2.6.10 and 2.7.10 are vulnerable to pre-auth remote code execution via the Telnet handler. An unprotected Telnet endpoint allows arbitrary bean inspection and shutdown, while the invoke handler processes arguments with FastJson then realises the...