Stack overflow

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service DoS via the deviceName parameter...

Tenda AX1806 缓冲区错误漏洞

The Tenda AX1806 is a WiFi6 wireless router from Tenda, a Chinese company. A stack overflow vulnerability exists in the Tenda AX1806 saveParentControlInfo function, which can be exploited by an attacker to cause a Denial of Service DoS via the deviceName parameter...

CVE-2022-25550

The vulnerability CVE-2022-25550 affects the Tenda AX1806 (v1.0.0.1). A stack overflow in the saveParentControlInfo function can be triggered via the deviceName parameter, enabling a Denial of Service (DoS). The CVSS suggests HIGH impact with network access, low attack complexity, and no user int...

CVE-2022-25550

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service DoS via the deviceName parameter...

CVE-2021-45401

A Command injection vulnerability exists in Tenda AC10U AC1200 Smart Dual-band Wireless Router AC10U V1.0 Firmware V15.03.06.49multi via the setUsbUnload functionality. The vulnerability is caused because the client controlled "deviceName" value is passed directly to the "doSystemCmd" function...

Tenda AC10 安全漏洞

The Tenda AC10U is a router designed with Gigabit ports on both WAN and LAN ports.A command injection vulnerability exists in the Tenda AC10U, which stems from the deviceName value of the client control being passed directly to the doSystemCmd function. An attacker could use this vulnerability to...

CVE-2021-38411

Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter deviceName of the API modbusWriter-Reader, which may allow an attacker to remotely execute code...

Tenda AC1900 Router AC15 Model Remote Code Execution Vulnerability

Tenda AC1900 Router AC15 Model contains an unspecified vulnerability that allows remote attackers to execute system commands via the deviceName POST parameter...

CVE-2020-36489

Dropouts Technologies LLP Air Share v1.2 was discovered to contain a cross-site scripting XSS vulnerability in the devicename parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the devicename information...

CVE-2020-36502

Swift File Transfer Mobile v1.1.2 was discovered to contain a cross-site scripting XSS vulnerability via the devicename parameter which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered as the device name itself...

Cross site scripting

Dropouts Technologies LLP Air Share v1.2 was discovered to contain a cross-site scripting XSS vulnerability in the devicename parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the devicename information...

Delta Electronics DiaLink 跨站脚本漏洞

DIALink is an equipment networking platform from Delta Electronics that effectively manages CNC machines and PLC-controlled machines, collects on-site equipment data and connects it to the upper management platform through a unified interface, and at the same time provides visual information...

VulnCheck KEV: CVE-2020-10987

Tenda AC1900 Router AC15 Model contains an unspecified vulnerability that allows remote attackers to execute system commands via the deviceName POST parameter...

Tenda AC15 AC1900 Remote Code Execution Vulnerability

Tenda AC15 AC1900 is a wireless router from Tenda, a Chinese company. A remote code execution vulnerability exists in the goform/setUsbUnload endpoint in the Tenda AC15 AC1900 version 15.03.05.19, which can be exploited to execute arbitrary system commands via the deviceName POST parameter...

CVE-2020-10987

The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter...

PT-2020-4297 · Tenda · Tenda Ac15 Ac1900

Name of the Vulnerable Software and Affected Versions: Tenda AC15 AC1900 version 15.03.05.19 Description: The issue is related to insufficient neutralization of special elements, allowing remote attackers to execute arbitrary system commands. This can be achieved via the "deviceName" POST paramet...

CVE-2020-12131

The AirDisk Pro app 5.5.3 for iOS allows XSS via the devicename parameter shown next to the UI logo...

CVE-2020-12131

The AirDisk Pro app 5.5.3 for iOS allows XSS via the devicename parameter shown next to the UI logo...

CVE-2020-12131

The AirDisk Pro app 5.5.3 for iOS allows XSS via the devicename parameter shown next to the UI logo...

Advantech WebAccess/NMS MibBrowser SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the handleTargetsByDeviceName method of the...