PT-2025-9131

Name of the Vulnerable Software and Affected Versions: TOTOlink A3002R version V1.1.1-B20200824.0128 Description: The issue arises from a buffer overflow due to improper input validation of the pppoe dns1 parameter in the formIpv6Setup interface of the /bin/boa endpoint. Recommendations: For...

CVE-2022-24144

Tenda AX3 v16.03.12.10CN was discovered to contain a command injection vulnerability in the function WanParameterSetting. This vulnerability allows attackers to execute arbitrary commands via the gateway, dns1, and dns2 parameters...

CVE-2021-40410

An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.13620121102. At 4 the dnsdata-dns1 variable, that has the value of the dns1 parameter provided through the SetLocal API, is not validated properly. This would lead to an OS command...

CVE-2021-40410

An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.13620121102. At 4 the dnsdata-dns1 variable, that has the value of the dns1 parameter provided through the SetLocal API, is not validated properly. This would lead to an OS command...