170 matches found
EUVD-2026-39208
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: enforce HE/EHT cap/oper consistency Xiang Mei reports that mac80211 could crash if ehtcap is set but ehtoper isn't. Rather than fixing that for the individual users, enforce that both HE/EHT have consistent elemen...
CVE-2026-53257
The CVE-2026-53257 entry concerns the Linux kernel’s wifi stack (mac80211/cfg80211) where HE/EHT capability elements (HE/EHT cap and oper) must be consistent. The bug allowed a crash in mac80211 when eht_cap is set but eht_oper isn’t; the fix enforces that both HE and EHT elements are aligned to ...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Wifi: cfg80211: Set correct chandef when starting CAC When starting CAC in a mode other than AP mode, it returns a message: “WARNING: CPU: 0 PID: 63 at cfg80211chandefdfsusable+0x20/0xaf cfg80211” This issue is caused by the...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: The pointer wdev-cqmconfig must be cleared when freeing it during unregistration. This is necessary because the same wdev/netdev may be re-registered in another network namespace, and then destroyed later. Running...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: wext: Added an additional check for the number of channels returned by ioctlsock, SIOCSIWSCAN,..., to ensure that this number does not exceed IWMAXFREQUENCIES. Invalid requests will be rejected with the error...
CVE-2026-11503
A security vulnerability has been detected in Tenda CX12L 16.03.53.12. The affected element is the function formfastsettingwifiset of the file /goform/fastsettingwifiset of the component Wi-Fi Configuration Endpoint. Such manipulation of the argument ssid leads to stack-based buffer overflow. The...
CVE-2026-11503
A security vulnerability has been detected in Tenda CX12L 16.03.53.12. The affected element is the function formfastsettingwifiset of the file /goform/fastsettingwifiset of the component Wi-Fi Configuration Endpoint. Such manipulation of the argument ssid leads to stack-based buffer overflow. The...
CVE-2026-11503
Affected product/version: Tenda CX12L 16.03.53.12. Vulnerable component: function form_fast_setting_wifi_set in the file /goform/fast_setting_wifi_set (Wi-Fi Configuration Endpoint). Root cause / vulnerability: manipulation of the argument ssid leads to a stack-based buffer overflow; vulnerabilit...
CVE-2026-11503 Tenda CX12L Wi-Fi Configuration Endpoint fast_setting_wifi_set form_fast_setting_wifi_set stack-based overflow
A security vulnerability has been detected in Tenda CX12L 16.03.53.12. The affected element is the function formfastsettingwifiset of the file /goform/fastsettingwifiset of the component Wi-Fi Configuration Endpoint. Such manipulation of the argument ssid leads to stack-based buffer overflow. The...
PT-2026-47265
Name of the Vulnerable Software and Affected Versions Tenda CX12L version 16.03.53.12 Description A stack-based buffer overflow occurs in the Wi-Fi Configuration Endpoint when the ssid argument is manipulated. This issue exists within the form fast setting wifi set function located in the...
CVE-2026-9432 Totolink A8000RU Web Management cstecgi.cgi setWiFiAdvancedCfg os command injection
A security flaw has been discovered in Totolink A8000RU 7.1cu.643b20200521. This vulnerability affects the function setWiFiAdvancedCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument bgProtection results in os command injection. The...
Astra Linux - уязвимость в linux-5.10, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: Wifi: brcmfmac: A check on the count value of channel specifications is added to prevent out-of-bounds reads. This patch fixes out-of-bounds reads in brcmfconstructchaninfo and brcmfenablebw402g when the count value of channel...
CVE-2026-7503 code-projects for Plugin cstecgi.cgi setWiFiMultipleConfig buffer overflow
A vulnerability was detected in code-projects for Plugin 4.1.2cu.5137. The impacted element is the function setWiFiMultipleConfig in the library /lib/cstemodules/wireless.so of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument wepkey2 results in buffer overflow. The attack can be...
EUVD-2026-26450
A vulnerability was detected in code-projects for Plugin 4.1.2cu.5137. The impacted element is the function setWiFiMultipleConfig in the library /lib/cstemodules/wireless.so of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument wepkey2 results in buffer overflow. The attack can be...
CVE-2026-7244 Totolink A8000RU CGI cstecgi.cgi setWiFiEasyGuestCfg os command injection
A security flaw has been discovered in Totolink A8000RU 7.1cu.643b20200521. The impacted element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument merge results in os command injection. It is possible to launch the...
CVE-2026-31548
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: cancel pmsrfreewk in cfg80211pmsrwdevdown When the nl80211 socket that originated a PMSR request is closed, cfg80211releasepmsr sets the request's nlportid to zero and schedules pmsrfreewk to process the abort...
CVE-2026-31548
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: cancel pmsrfreewk in cfg80211pmsrwdevdown When the nl80211 socket that originated a PMSR request is closed, cfg80211releasepmsr sets the request's nlportid to zero and schedules pmsrfreewk to process the abort...
Unity Linux 20.1050a Security Update: kernel (UTSA-2026-006952)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006952 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix use-after-free in cmpbss Following bssfree quirk introduced in commit...
CVE-2026-32296
Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without proper security checks, allowing an unauthenticated attacker with network access to change the saved configured Wi-Fi network to one of the attacker's choosing, or craft a request to exhaust the system memory and terminate...
EUVD-2026-12610
Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without proper security checks, allowing an unauthenticated attacker with network access to change the saved configured Wi-Fi network to one of the attacker's choosing, or craft a request to exhaust the system memory and terminate...