CVE-2026-12219

CVE-2026-12219 concerns Yealink SIP-T46U (108.86.0.118) involving the Web FastCGI Service. The vulnerable element is the function mod_diagnose.CommandShellByType in /api/diagnosis/start, where manipulating the Time argument leads to command injection. The flaw enables a remote attacker to execute...

EUVD-2026-33693

A vulnerability was detected in D-Link DI-7001 MINI up to 19.09.19A1. Impacted is the function sprintf of the file /httpddebug.asp of the component API. The manipulation of the argument Time results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public...

D-Link DI-7001 MINI 安全漏洞

The D-Link DI-7001 MINI is a multi-functional smart gateway from D-Link Corporation. The D-Link DI-7001 MINI, versions prior to 19.09.19A1, have a security vulnerability. This vulnerability stems from the improper handling of the parameter “Time” in the function “sprintf” of the API component’s...

CVE-2026-9513

Totolink CA750-PoE 6.2c.510 is affected by CVE-2026-9513 in the NTPSyncWithHost path /cgi-bin/cstecgi.cgi (Setting Handler). The vulnerability stems from improper handling of the host_time argument, enabling os command injection with remote access. The issue affects the specific function NTPSyncW...

CVE-2026-7853

A weakness has been identified in D-Link DI-8100 16.07.26A1. Affected is the function sprintf of the file /autoreboot.asp of the component HTTP Handler. This manipulation of the argument enable/time causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made...

D-Link DI-8100 缓冲区错误漏洞

The D-Link DI-8100 is a wireless broadband router designed for small and medium-sized network environments by D-Link Corporation. The D-Link DI-8100 version 16.07.26A1 contains a buffer overflow vulnerability. This vulnerability stems from the function sprintf in the HTTP Handler component, where...

CVE-2025-50670

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /xwglbwr.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request in the name, qq, and time parameters...

CVE-2025-50666

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /webpost.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request in parameters such as name, en, userid, log, and time...

Tenda AC7 SetSysTimeCfg File Buffer Overflow Vulnerability

Tenda AC7 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in Tenda AC7 version 15.03.06.44. The vulnerability stems from the parameter Time in the file /goform/SetSysTimeCfg that fails to properly validate the length and size of the input data, which can...

EUVD-2025-209345

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /urlrule.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request with parameters name, en, ips, u, time, act, rpri, and log...

CVE-2025-50666

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /webpost.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request in parameters such as name, en, userid, log, and time...

PT-2026-31402

Name of the Vulnerable Software and Affected Versions D-Link DI-8003 version 16.07.26A1 Description A buffer overflow exists due to improper handling of parameters in the /xwgl bwr.asp endpoint. An attacker can exploit this by sending a crafted HTTP GET request using the name, qq, and time...

CVE-2025-50670

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /xwglbwr.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request in the name, qq, and time parameters...

PT-2026-31388

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of input parameters in the /web keyword.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request via the name, en, time, mem gb2312, and mem utf8 parameters...

CVE-2025-50670

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /xwglbwr.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request in the name, qq, and time parameters...

CVE-2025-50670

CVE-2025-50670 affects the D-Link DI-8003, version 16.07.26A1 , with a buffer overflow caused by improper handling of parameters in the endpoint /xwgl_bwr.asp . An attacker can exploit via a crafted HTTP GET request using the parameters name , qq , and time . Documented impact is a vulnerability ...

CVE-2025-50671

CVE-2025-50671 describes a buffer overflow in D-Link DI-8003 firmware (16.07.26A1) caused by improper bounds checking in the /xwgl_ref.asp endpoint. An attacker can trigger by sending crafted HTTP GET requests with excessively long values for parameters such as name, en, user_id, shibie_name, tim...

CVE-2026-35520

Pi-hole FTLDNS (pihole-FTL) versions 6.0 through

TOTOLINK NR1800X 命令注入漏洞

TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE device from TOTOLINK Corporation. It aims to provide fast and convenient NR fixed data services for homes and offices. The TOTOLINK NR1800X version 9.1.0u.6279B20210910 contains a command injection vulnerability. This vulnerability...

Tenda AC7 安全漏洞

Tenda AC7 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in Tenda AC7 version 15.03.06.44. The vulnerability stems from the parameter Time in the file /goform/SetSysTimeCfg that fails to properly validate the length and size of the input data, which can...