CVE-2026-24110

An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Attackers may send overly long addDhcpRules data. When these rules enter the addDhcpRule function and are processed by ret = sscanfpRule, " %d\t%^\t\t%^\n\r\t", &dhcpsIndex, dhcpsIP, dhcpsMac;, the lack of size validation for the rules could...

CVE-2022-46641

D-Link DIR-846 A1FW100A43 was discovered to contain a command injection vulnerability via the lan0dhcpsstaticlist parameter in the SetIpMacBindSettings function...

CVE-2024-48416

Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Buffer Overflow via /goform/fromSetLanDhcpsClientbinding...

CVE-2024-44341

D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution RCE vulnerability via the lan0dhcpsstaticlist parameter. This vulnerability is exploited via a crafted POST request...

D-Link DIR-846W 安全漏洞

D-Link DIR-846W is a dual-band Gigabit wireless router with second-generation 11AC technology and MU-MIMO technology, supporting dual-band concurrent transmission rates up to 1200Mbps for 200M and above broadband users. A command execution vulnerability exists in the D-Link DIR-846W. The...

CVE-2022-46552

D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote command execution RCE vulnerability via the lan0dhcpsstaticlist parameter. This vulnerability is exploited via a crafted POST request...

D-Link DIR-846 命令注入漏洞

D-Link DIR-846 is a wireless router from D-Link, a Chinese company. d-link DIR-846 A1FW100A43 has a security vulnerability that originates from the lan0dhcpsstaticlist parameter in the SetIpMacBindSettings function found to contain the command injection. No details of the vulnerability are...

PT-2022-19883 · Amb1 Sdk · Amb1 Sdk

Name of the Vulnerable Software and Affected Versions: amb1 sdk versions prior to 2022-03-11 Description: The issue is related to the mishandling of data structures for DHCP packet data in the dhcps.c file within the amb1 sdk. Recommendations: For versions prior to 2022-03-11, update to a version...

CVE-2017-17758

TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, related to the zonegetifacebydev function in /usr/lib/lua/luci/controller/admin/dhcps.lua in uhttpd...

Command injection

TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, related to the zonegetifacebydev function in /usr/lib/lua/luci/controller/admin/dhcps.lua in uhttpd...

CVE-2017-17758

CVE-2017-17758 affects TP-Link TL-WVR and TL-WAR devices. A remote authenticated user can execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, tied to zone_get_iface_bydev in /usr/lib/lua/luci/controller/admin/dhcps.lua in uhttpd. C...