📄 D-Link DIR-825 Rev.B 2.10 Buffer Overflow

D-Link DIR-825 Rev.B versions 2.10 and below proof of concept stack buffer overflow denial of service exploit. Exploit Title: D-Link DIR-825 Rev.B 2.10 - Stack Buffer Overflow DoS Google Dork: N/A Date: 2025-09-25 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://www.dlink.com/...

D-Link DIR-825 Rev.B 2.10 - Stack Buffer Overflow (DoS)

Exploit Title: D-Link DIR-825 Rev.B 2.10 - Stack Buffer Overflow DoS Google Dork: N/A Date: 2025-09-25 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://www.dlink.com/ Software Link: https://tsd.dlink.com.tw/downloads2008detail.asp Version: DIR-825 Rev.B = 2.10 Tested on: DIR-825...

CVE-2013-10058 Linksys Routers apply.cgi Remote Command Injection

An authenticated OS command injection vulnerability exists in various Linksys router models tested on WRT160Nv2 running firmware version v2.0.03 via the apply.cgi endpoint. The web interface fails to properly sanitize user-supplied input passed to the pingsize parameter during diagnostic...

CVE-2013-10062

This CVE describes a directory traversal vulnerability in Linksys E1500 routers, affecting firmware 1.0.00, 1.0.04, and 1.0.05. The flaw is in the web interface’s /apply.cgi endpoint, exploitable via the next_page POST parameter to access files outside the web root, potentially exposing sensitive...

CVE-2013-10062 Linksys Routers apply.cgi Path Traversal

A directory traversal vulnerability exists in Linksys router's web interface tested on the E1500 model firmware versions 1.0.00, 1.0.04, and 1.0.05, specifically in the /apply.cgi endpoint. Authenticated attackers can exploit the nextpage POST parameter to access arbitrary files outside the...

PT-2024-27137 · Trendnet · Trendnet Tew-827Dru

Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-827DRU versions 2.06B04 and earlier Description: The issue is a stack-based buffer overflow in the ssi binary, allowing an authenticated user to execute arbitrary code. This can be achieved by sending a POST request to the...

PT-2024-22839 · Shenzhen Libituo Technology Co. · Lbt-T300-Mini

Name of the Vulnerable Software and Affected Versions: Shenzhen Libituo Technology Co., Ltd LBT-T300-mini version 1.2.9 Description: A buffer overflow issue was discovered via the pin code 3g parameter at the "/apply.cgi" API endpoint. Recommendations: For version 1.2.9, avoid using the pin code ...

PT-2022-18354 · Inhand Networks · Inrouter 900 Industrial 4G Router

Name of the Vulnerable Software and Affected Versions: InHand Networks InRouter 900 Industrial 4G Router versions prior to 1.0.0.r11700 Description: The issue is related to a stored cross-site scripting XSS vulnerability. This vulnerability can be exploited via the web exec parameter at the...

CVE-2021-25310

The administration web interface on Belkin Linksys WRT160NL 1.0.04.002US20130619 devices allows remote authenticated attackers to execute system commands with root privileges via shell metacharacters in the uilanguage POST parameter to the apply.cgi form endpoint. This occurs in doupgradepost in...

PT-2018-2661 · Linksys · Linksys E2500 +1

Name of the Vulnerable Software and Affected Versions: Linksys E1200 versions 2.0.09 and earlier Linksys E2500 versions 3.0.04 and earlier Description: The issue exists due to improper filtering of data passed to and retrieved from NVRAM, allowing for OS command injection. Data entered into the...

Dell TrueMobile 2300 Remote Credential Reset Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15770/info It is possible for remote attackers to gain control of a target TrueMobile 2300 running firmware versions 3.0.0.8 and 5.1.1.6. Other versions are likely affected. The vulnerability appears to be in an...