50 matches found
📄 ZTE ZXHN H298A / H108N Credential Disclosure
A single unauthenticated HTTP GET to /getpage.lua?pid=1000ÐCheat=1 on ZTE H298A or H108N routers returns the live administrator password OBJUSERINFOIDPassword1, WLAN PSK WLANPSKKeyPassphrase1, and SSID in plaintext HTML. A second endpoint exposes the device serial number. -----BEGIN SECURITY...
CVE-2026-7027
A vulnerability was identified in D-Link DSL-2740R EU01.15. Impacted is an unknown function of the component Wireless Setup Section. Such manipulation of the argument Wireless Network Name leads to cross site scripting. The attack can be executed remotely. The exploit is publicly available and...
CVE-2026-7027
A vulnerability was identified in D-Link DSL-2740R EU01.15. Impacted is an unknown function of the component Wireless Setup Section. Such manipulation of the argument Wireless Network Name leads to cross site scripting. The attack can be executed remotely. The exploit is publicly available and...
EUVD-2026-25702
A vulnerability was identified in D-Link DSL-2740R EU01.15. Impacted is an unknown function of the component Wireless Setup Section. Such manipulation of the argument Wireless Network Name leads to cross site scripting. The attack can be executed remotely. The exploit is publicly available and...
CVE-2026-7027
A vulnerability was identified in D-Link DSL-2740R EU01.15. Impacted is an unknown function of the component Wireless Setup Section. Such manipulation of the argument Wireless Network Name leads to cross site scripting. The attack can be executed remotely. The exploit is publicly available and...
CVE-2026-7027 D-Link DSL-2740R Wireless Setup Section cross site scripting
A vulnerability was identified in D-Link DSL-2740R EU01.15. Impacted is an unknown function of the component Wireless Setup Section. Such manipulation of the argument Wireless Network Name leads to cross site scripting. The attack can be executed remotely. The exploit is publicly available and...
PT-2026-35208
A vulnerability was identified in D-Link DSL-2740R EU 01.15. Impacted is an unknown function of the component Wireless Setup Section. Such manipulation of the argument Wireless Network Name leads to cross site scripting. The attack can be executed remotely. The exploit is publicly available and...
D-Link DSL-2740R 跨站脚本漏洞
The D-Link DSL-2740R is a high-performance ADSL router from D-Link Corporation. The D-Link DSL-2740R EU01.15 version has a cross-site scripting vulnerability. This vulnerability stems from improper handling of the Wireless Network Name parameter by the Wireless Setup Section component, which may...
PT-2026-28701
Name of the Vulnerable Software and Affected Versions Totolink LR350 version 9.3.5u.6369 B20220309 Description A buffer overflow issue exists in the setWiFiGuestCfg function of the /cgi-bin/cstecgi.cgi file. The issue is triggered by manipulating the ssid argument. The exploit for this issue has...
CVE-2026-32721 LuCI luci-mod-network: Possible XSS attack in WiFi scan on Joining Wireless Client modal
LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability in the wireless scan modal, where SSID values from scan results are rendered as raw HTML without any sanitization. The wireless.js file in the luci-mod-network package passe...
CVE-2026-4043 Tenda i12 wifiSSIDget formwrlSSIDget stack-based overflow
A security vulnerability has been detected in Tenda i12 1.0.0.62204. The impacted element is the function formwrlSSIDget of the file /goform/wifiSSIDget. Such manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclos...
EUVD-2026-8978
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the Wi-Fi SSID and/or password fields can lead to remote code execution when the configuration is...
PT-2026-7623
Name of the Vulnerable Software and Affected Versions Shenzhen Zhibotong Electronics ZBT WE2001 version 23.09.27 Description A flaw exists in the web management API components that allows unauthenticated attackers on the local network to modify router and network configurations. Attackers can...
CVE-2020-37150
Edimax EW-7438RPn-v3 Mini 1.27 allows unauthenticated attackers to access the /wizardreboot.asp page in unsetup mode, which discloses the Wi-Fi SSID and security key. Attackers can retrieve the wireless password by sending a GET request to this endpoint, exposing sensitive information without...
CVE-2020-37097 Edimax EW-7438RPn 1.13 - Information Disclosure (WiFi Password)
Edimax EW-7438RPn 1.13 contains an information disclosure vulnerability that exposes WiFi network configuration details through the wlencryptwiz.asp file. Attackers can access the script to retrieve sensitive information including WiFi network name and plaintext password stored in device...
CVE-2020-37093 Netis E1+ 1.2.32533 - Unauthenticated WiFi Password Leak
Netis E1+ 1.2.32533 contains an information disclosure vulnerability that allows unauthenticated attackers to retrieve WiFi passwords through the netcoreget.cgi endpoint. Attackers can send a GET request to the endpoint to extract sensitive network credentials including SSID and WiFi passwords in...
PT-2026-3773
Name of the Vulnerable Software and Affected Versions Tenda AX-1803 version 1.0.0.1 Description The Tenda AX-1803 router contains a stack overflow in the ssid parameter of the form fast setting wifi set function. This issue allows attackers to cause a Denial of Service DoS by sending a crafted...
Tenda AC18 安全漏洞
Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 suffers from a cross-site scripting vulnerability, which stems from the lack of effective filtering and escaping of user-supplied data by th...
PT-2025-43375
Name of the Vulnerable Software and Affected Versions TOTOLINK N600R version 4.3.0cu.7866 B20220506 Description The TOTOLINK N600R device contains a stack overflow in the ssid parameter within the setWiFiBasicConfig function. This issue allows attackers to cause a Denial of Service DoS by providi...
CVE-2025-56675
The EKEN video doorbell T6 BT60PLUSMAINV1.0GC108420230531 periodically sends debug logs to the EKEN cloud servers with sensitive information such as the Wi-Fi SSID and password...