CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

66 matches found

CVE-2026-36608

The advisory concerns the Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909. A UPnP AddPortMapping issue allows an unauthenticated LAN attacker to forward external ports to the router’s admin interface by abusing the InternalClient field (accepting 192.168.1.1 or 127.0.0.1). This en...

8.8CVSS5.8AI score0.00016EPSS

Exploits0References1

EUVD•added 3 days ago•5 views

EUVD-2026-34147

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 allows UPnP AddPortMapping to forward external ports to the router's own admin interface by accepting its own IP 192.168.1.1 or localhost 127.0.0.1 as InternalClient. An unauthenticated LAN attacker can expose the admin panel to the intern...

8.8CVSS5.8AI score0.00016EPSS

Exploits0References1

GithubExploit•added 2026/05/22 10:33 a.m.•48 views

Exploit for Code Injection in Iptime N104S-R1_Firmware

CVE-2025-55423 — ipTIME UPnP Command Injection: Analysis & Rep...

9.8CVSS5.9AI score0.00665EPSS

Exploits2

CNNVD•added 2026/04/17 12:0 a.m.•7 views

MiniUPnP 安全漏洞

MiniUPnP is a set of UPnP tools developed by the Miniupnp project, which can be used in embedded systems. These tools enable devices in home and corporate networks to connect with each other. MiniUPnP has a security vulnerability, stemming from integer underflow in the parsing of SOAPAction...

9.1CVSS5.8AI score0.00054EPSS

Exploits0References1

Positive Technologies•added 2026/03/26 12:0 a.m.•2 views

PT-2026-28636

Name of the Vulnerable Software and Affected Versions TP-Link TL-WR841N version 14 versions prior to EN 0.9.1 4.19 Build 260303 Rel.42399n V14 260303 TP-Link TL-WR841N version 14 versions prior to US 0.9.1.4.19 Build 260312 Rel. 49108n V14 0304 Description The issue resides within the UPnP...

7.1CVSS5.9AI score0.00052EPSS

Exploits0References5

CNNVD•added 2026/02/24 12:0 a.m.•3 views

Zyxel EX3510-B0 操作系统命令注入漏洞

The Zyxel EX3510-B0 is a security routing gateway developed by the Chinese company Zyxel. Versions of the Zyxel EX3510-B0 prior to 5.17ABUP.15.1C0 contain an operating system command injection vulnerability. This vulnerability stems from the UPnP feature’s susceptibility to command injections,...

9.8CVSS7.6AI score0.00181EPSS

Exploits0References1

RedhatCVE•added 2026/02/09 7:23 p.m.•4 views

CVE-2026-2175

A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub420618 of the file /goform/setupnp. This manipulation of the argument upnpenable causes os command injection. Remote exploitation of the attack is possible. The exploit has been made available to...

8.6CVSS5.4AI score0.00653EPSS

Exploits1References1

OSV•added 2026/02/08 7:16 p.m.•1 views

CVE-2026-2175

7.2CVSS5.6AI score

Exploits0References5

NVD•added 2025/11/20 3:17 p.m.•4 views

CVE-2025-11676

Improper input validation vulnerability in TP-Link System Inc. TL-WR940N V6 UPnP modules, which allows unauthenticated adjacent attackers to perform DoS attack. This issue affects TL-WR940N V6 = Build 220801...

7.1CVSS0.00034EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2011-4426

Malware in sbrugna...

7.5CVSS6.4AI score0.00474EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2011-4431

Malware in sbrugna...

7.5CVSS6.4AI score0.00643EPSS

Exploits0References3