CVE-2018-25316

Tenda W308R v2 V5.07.48 contains a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the goform/AdvSetDns endpoint with a crafted admin language cookie to change DNS...

CVE-2018-25318

Tenda FH303/A300 firmware V5.07.68EN contains a session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient cookie validation. Attackers can send GET requests to the /goform/AdvSetDns endpoint with a crafted admin cookie to change DNS...

CVE-2018-25317

The CVE-2018-25317 issue affects Tenda W3002R/A302/W309R routers (V5.07.64_en). It describes a cookie session weakness that lets unauthenticated attackers modify DNS settings by abusing insufficient session validation. An attacker can issue GET requests to the /goform/AdvSetDns endpoint using a c...

CVE-2018-25316 Tenda W308R v2 V5.07.48 Cookie Session Weakness DNS Change

Tenda W308R v2 V5.07.48 contains a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the goform/AdvSetDns endpoint with a crafted admin language cookie to change DNS...

CVE-2019-25465

Hisilicon HiIpcam V100R003 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by exploiting directory listing in the cgi-bin directory. Attackers can request the getadslattr.cgi endpoint to retrieve ADSL credentials and netwo...

CVE-2026-2855

A vulnerability has been found in D-Link DWR-M960 1.01.07. Affected is the function sub4648F0 of the file /boafrm/formDdns of the component DDNS Settings Handler. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit ha...

CVE-2026-2855 D-Link DWR-M960 DDNS Settings formDdns sub_4648F0 stack-based overflow

A vulnerability has been found in D-Link DWR-M960 1.01.07. Affected is the function sub4648F0 of the file /boafrm/formDdns of the component DDNS Settings Handler. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit ha...

CVE-2005-1932

Lpanel 1.59 and earlier, and other versions before 1.597, allows remote authenticated users to modify certain critical variables and 1 modify DNS settings for arbitrary domains via the domain parameter to diagnose.php, 2 close, open, or respond to arbitrary support tickets via the close, open, or...

CVE-2009-4821

The D-Link DIR-615 with firmware 3.10NA does not require administrative authentication for apply.cgi, which allows remote attackers to 1 change the admin password via the adminpassword parameter, 2 disable the security requirement for the Wi-Fi network via unspecified vectors, or 3 modify DNS...

CVE-2020-12127

An information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication...

CVE-2025-60672

An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetDynamicDNSSettings' functionality, where the 'ServerAddress' and 'Hostname' parameters in prog.cgi are stored in NVRAM and later used by rc to...

D-Link DIR-878 安全漏洞

The D-Link DIR-878 is a wireless router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-878 version A1FW101B04.bin, which originates from the unvalidated ServerAddress and Hostname parameters in the SetDynamicDNSSettings function, which can lead to remote command...

CVE-2025-60672

CVE-2025-60672 affects the D-Link DIR-878A1 router (firmware FW101B04.bin). The vulnerability is an unauthenticated command-injection in the SetDynamicDNSSettings function, where ServerAddress and Hostname parameters in prog.cgi are stored in NVRAM and later used by rc to build system commands ex...

EUVD-2018-2162

Malware in sbrugna...

EUVD-2018-13410

Malware in sbrugna...

EUVD-2020-21667

Malware in sbrugna...

EUVD-2021-10045

Malware in sbrugna...

EUVD-2011-0898

Malware in sbrugna...

EUVD-2005-1934

Malware in sbrugna...

EUVD-2020-1536

Malware in sbrugna...