CVE-2026-32678

The CVE-2026-32678 entry describes an authentication bypass vulnerability in BUFFALO Wi‑Fi router products. The issue would allow an attacker to alter critical configuration settings without authentication, compromising device configuration integrity and potentially impacting network management. ...

CVE-2026-32669

CVE-2026-32669 is a code-injection vulnerability in BUFFALO Wi‑Fi router products. Multiple connected sources (Red Hat, JVN, NVD, CVE records, and security trackers) confirm an arbitrary-code execution could be triggered on affected devices via code-injection (CWE-94). The issue is network‑vector...

CVE-2026-27650

OS Command Injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary OS command may be executed on the products...

PT-2026-28355

Name of the Vulnerable Software and Affected Versions BUFFALO Wi-Fi router products affected versions not specified Description An OS Command Injection issue exists in BUFFALO Wi-Fi router products. Successful exploitation of this issue could allow an attacker to execute arbitrary OS commands on...

EUVD-2020-30240

Malware in sbrugna...

CVE-2024-48457

An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi 11AC Router NC63 3.0.0.3327 and 3.0.0.3503 and Netis Wifi 11AC Router NC21 3.0.0.3800, 3.0.0.3500 and 3.0.0.3329 and Netis Wifi Router MW5360 1.0.1.3442 and 1.0.1.3031 allows a...

CVE-2021-3275

Unauthenticated stored cross-site scripting XSS exists in multiple TP-Link products including WIFI Routers Wireless AC routers, Access Points, ADSL + DSL Gateways and Routers, which affects TD-W9977v1, TL-WA801NDv5, TL-WA801Nv6, TL-WA802Nv5, and Archer C3150v2 devices through the improper...

CVE-2020-9419

Multiple stored cross-site scripting XSS vulnerabilities in Arcadyan Wifi routers VRV9506JAC23 allow remote attackers to inject arbitrary web script or HTML via the hostName and domainname parameters present in the LAN configuration section of the administrative dashboard...

CVE-2020-9420

The login password of the web administrative dashboard in Arcadyan Wifi routers VRV9506JAC23 is sent in cleartext, allowing an attacker to sniff and intercept traffic to learn the administrative credentials to the router...

PSV-2023-0039

creationtimestamp| type| source ---|---|--- 2025-02-01 12:00:00+00:00| seen| https://kb.netgear.com/000066558/Security-Advisory-for-Unauthenticated-RCE-on-Some-WiFi-Routers-PSV-2023-0039 2025-02-10 18:21:16+00:00| seen| https://nvd.nist.gov/vuln/detail/CVE-2025-25246...

CVE-2024-48455

CVE-2024-48455 affects multiple Netis routers (e.g., NX10, NC65/NC63/NC21, MW5360) with a information disclosure vulnerability in the web component skk_get.cgi. An unauthenticated remote attacker can obtain sensitive configuration details via the mode_name and wl_link parameters. Connected docume...

PT-2024-18203 · Asus · Asus Wifi Routers

Name of the Vulnerable Software and Affected Versions: ASUS WiFi routers affected versions not specified Description: The issue allows an authenticated remote attacker to execute arbitrary system commands by sending a specially crafted request, due to an OS Command Injection vulnerability...

Roaming Mantis Spreading Mobile Malware That Hijacks Wi-Fi Routers' DNS Settings

Threat actors associated with the Roaming Mantis attack campaign have been observed delivering an updated variant of their patent mobile malware known as Wroba to infiltrate Wi-Fi routers and undertake Domain Name System DNS hijacking. Kaspersky, which carried out an analysis of the malicious...

CVE-2020-9419

Multiple stored cross-site scripting XSS vulnerabilities in Arcadyan Wifi routers VRV9506JAC23 allow remote attackers to inject arbitrary web script or HTML via the hostName and domainname parameters present in the LAN configuration section of the administrative dashboard...

Cross site scripting

Multiple stored cross-site scripting XSS vulnerabilities in Arcadyan Wifi routers VRV9506JAC23 allow remote attackers to inject arbitrary web script or HTML via the hostName and domainname parameters present in the LAN configuration section of the administrative dashboard...

Default credentials

The login password of the web administrative dashboard in Arcadyan Wifi routers VRV9506JAC23 is sent in cleartext, allowing an attacker to sniff and intercept traffic to learn the administrative credentials to the router...

CVE-2020-9420

The login password of the web administrative dashboard in Arcadyan Wifi routers VRV9506JAC23 is sent in cleartext, allowing an attacker to sniff and intercept traffic to learn the administrative credentials to the router...

CVE-2020-9419

Multiple stored cross-site scripting XSS vulnerabilities in Arcadyan Wifi routers VRV9506JAC23 allow remote attackers to inject arbitrary web script or HTML via the hostName and domainname parameters present in the LAN configuration section of the administrative dashboard...

CVE-2020-9420

The login password of the web administrative dashboard in Arcadyan Wifi routers VRV9506JAC23 is sent in cleartext, allowing an attacker to sniff and intercept traffic to learn the administrative credentials to the router...

PT-2022-9077 · Arcadyan · Arcadyan Wifi Routers Vrv9506Jac23

Name of the Vulnerable Software and Affected Versions: Arcadyan Wifi routers VRV9506JAC23 version VRV9506JAC23 Description: The login password of the web administrative dashboard in the affected routers is sent in cleartext. This allows an attacker to sniff and intercept traffic, potentially...