CVE-2025-57058

Tenda G3 v3.0brV15.11.0.17 was discovered to contain multiple stack overflows in the formSetDebugCfg function via the pEnable, pLevel, and pModule parameters. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

CVE-2025-57058

Affected software: Tenda G3 (v3.0br_V15.11.0.17). Vulnerability: stack overflow in the formSetDebugCfg function, exploitable via the pEnable, pLevel, and pModule parameters. Impact: Denial of Service (DoS) via a crafted request. Notes: Multiple connected documents confirm the function and paramet...

D-Link DI-8400 Null Pointer Dereference Vulnerability

D-Link DI-8400 is an Internet Behavior Management router from D-Link designed for medium to large enterprise network environments, supporting 360 users with parallel access and full Gigabit port configuration. The D-Link DI-8400 suffers from a null pointer dereference vulnerability that originate...

The vulnerability of the bs_SetSSIDHide() function in the libshare-0.0.26.so library of the LB-LINK router software allows a attacker to execute arbitrary commands.

The vulnerability of the bsSetSSIDHide function in the libshare-0.0.26.so library of the LB-LINK router software is related to the lack of measures taken at the management level during the processing of the enable parameter. Exploiting this vulnerability allows a remote attacker to execute...

CVE-2024-24329

TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setPortForwardRules function...

CVE-2024-24325

TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setParentalRules function...

CVE-2023-46993

In TOTOLINK A3300R V17.0.0cu.557B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection...

CVE-2023-46979

TOTOLINK X6000R V9.4.0cu.852B20230719 was discovered to contain a command injection vulnerability via the enable parameter in the setLedCfg function...

CVE-2022-37812

Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the firewallEn parameter in the function formSetFirewallCfg...

CVE-2025-44865

Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the enable parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2025-44865

Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the enable parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

Tenda W20E 安全漏洞

The Tenda W20E is a router from the Chinese company Tenda. The Tenda W20E suffers from a command injection vulnerability that stems from the formSetDebugCfg function enable parameter failing to properly filter construct command special characters, commands, and so on. No detailed vulnerability...

CVE-2025-29209

TOTOLINK X18 v9.1.0cu.2024B20220329 has an unauthorized arbitrary command execution in the enable parameter' of the sub41105C function of cstecgi .cgi...

CVE-2025-29209

TOTOLINK X18 v9.1.0cu.2024B20220329 has an unauthorized arbitrary command execution in the enable parameter' of the sub41105C function of cstecgi .cgi...

TOTOLINK X18 安全漏洞

The TOTOLINK X18 is a wireless router from TOTOLINK that provides a high-speed and stable wireless network connection. The TOTOLINK X18 suffers from a command execution vulnerability that originates in the enable parameter of the sub41105C function of the cstecgi.cgi file. An attacker can exploit...

CVE-2025-29209

CVE-2025-29209 affects TOTOLINK X18 (version 9.1.0cu.2024_B20220329). The vulnerability is an unauthorized arbitrary command execution in the enable parameter of the sub_41105C function in cstecgi.cgi. Multiple sources corroborate the issue and describe it as a high-severity, network-based vulner...

CVE-2025-29063

An issue in BL-AC2100 V1.0.4 and before allows a remote attacker to execute arbitrary code via the enable parameter passed to /goform/sethidessidcfg is not handled properly...

LB-LINK BL-AC2100 命令注入漏洞

LB-LINK BL-AC2100 is a wireless Wi-Fi 6 router from China Bilink LB-LINK. A security vulnerability exists in LB-LINK BL-AC2100 V1.0.4 and earlier versions, which stems from improper handling of the enable parameter and could lead to remote code execution...

CVE-2025-29063

An issue in BL-AC2100 V1.0.4 and before allows a remote attacker to execute arbitrary code via the enable parameter passed to /goform/sethidessidcfg is not handled properly...

TOTOLINK X18 命令注入漏洞

TOTOLINK X18 is a Gigabit router from China's Gion Electronics TOTOLINK. TOTOLINK X18 version 9.1.0cu.2024B20220329 suffers from a command injection vulnerability that stems from the parameter enable in file /cgi-bin/cstecgi.cgi failing to correctly filter constructed command special characters,...