10 matches found
CVE-2026-8137
A vulnerability has been found in Totolink X5000R 9.1.0u.6369B20230113. This vulnerability affects the function sub458E40 of the file /boafrm/formDdns. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclos...
CVE-2026-8137
A vulnerability has been found in Totolink X5000R 9.1.0u.6369B20230113. This vulnerability affects the function sub458E40 of the file /boafrm/formDdns. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclos...
CVE-2026-24934 An improper certificate validation vulnerability was found in ADM while querying an external server for the device's WAN IP address.
The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. An unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to spoof the response, leading the device to update its...
EUVD-2017-11995
Malware in sbrugna...
EUVD-2020-6261
Malware in sbrugna...
PT-2025-12342 · D Link · D-Link Dir-605L +1
Name of the Vulnerable Software and Affected Versions: D-Link DIR-618 versions 2.02/3.02 D-Link DIR-605L versions 2.02/3.02 Description: A vulnerability was found in the DDNS Service of the affected devices, specifically in the file /goform/formSetDDNS. This issue leads to improper access control...
(Pwn2Own) TP-Link Omada ER605 Reliance on Security Through Obscurity Vulnerability
This vulnerability allows network-adjacent attackers to access or spoof DDNS messages on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service. The...
CVE-2022-25553
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service DoS via the ddnsPwd parameter...
OpenWrt Command Injection Vulnerability
OpenWrt is a Linux distribution for embedded devices. A command injection vulnerability exists in applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDNS package for OpenWrt 19.07. A remote authenticated user can exploit this vulnerability to inject arbitrary commands via a POST...
CVE-2017-2855
An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue...