19 matches found
CVE-2026-10180
A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. Impacted is the function formSysCmd of the file /goform/formSysCmd. Such manipulation of the argument sysCmd leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and ma...
CVE-2025-10107
TRENDnet TEW-831DR v1.0 (601.130.1.1410) contains a command-injection flaw in the /boafrm/formSysCmd function, triggered by manipulating the sysHost argument. This vulnerability can be exploited remotely and has public exploit disclosures. Several sources (including NVD/Red Hat CVE entries and PT...
CVE-2025-55602
D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formSysCmd function via the submit-url parameter...
TOTOLINK A3002R 安全漏洞
TOTOLINK A3002R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A3002R version 4.0.0-B20230531.1404 suffers from a buffer overflow vulnerability, which originates from the failure of the submit-url parameter in the /boafrm/formSysLog file to correctly validate the length...
CVE-2025-6145
A vulnerability was found in TOTOLINK EX1200T 4.1.2cu.5232B20210713 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The...
Logic Flaw Vulnerability in Forms System of Hunan Zhongda Numerical Information Technology Co.
Hunan Zhongda Numerical Information Technology Co., Ltd. is a technology-based company mainly engaged in regional Internet e-commerce new retail and platform development services. A logic flaw vulnerability exists in the form system of Hunan Zhongda Digital Wei Information Technology Co., Ltd. th...
PT-2024-34567 · Totolink · Totolink-Cx-N150Rt +3
Name of the Vulnerable Software and Affected Versions: TOTOLINK-CX-A3002RU version 1.0.4-B20171106.1512 TOTOLINK-CX-N150RT version 2.1.6-B20171121.1002 TOTOLINK-CX-N300RT versions 2.1.6-B20170724.1420 through 2.1.8-B20191010.1107 TOTOLINK-CX-N302RE version 2.0.2-B20170511.1523 Description: A...
TRENDnet TEW-814DAP Stack Buffer Overflow Vulnerability (CNVD-2025-17862)
The TRENDnet TEW-814DAP is a wireless access point from TRENDnet. The TRENDnet TEW-814DAP suffers from a stack buffer overflow vulnerability that stems from the submit-url parameter at /formSysLog failing to properly validate the length of the input data, which could be exploited by an attacker t...
CVE-2024-37642
TRENDnet TEW-814DAP v1FW1.01B01 was discovered to contain a command injection vulnerability via the ipv4ping, ipv6ping parameter at /formSystemCheck...
PT-2024-27695 · Trendnet · Trendnet Tew-814Dap
Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-814DAP version 1 FW1.01B01 Description: A command injection issue was discovered, affecting the ipv4 ping and ipv6 ping parameters at the /formSystemCheck API endpoint. This allows for potential command injection attacks...
TRENDnet TEW-814DAP Security Vulnerability
The TRENDnet TEW-814DAP is a wireless access point from Trendnet, Inc. A security vulnerability exists in TRENDnet TEW-814DAP version v1FW1.01B01, which originates from a command injection vulnerability contained in the ipv4ping, ipv6ping parameters at /formSystemCheck...
TRENDnet TEW-822DRE Security Vulnerability
The TRENDnet TEW-822DRE is a dual-band wireless router from TRENDnet. A security vulnerability exists in the TRENDnet TEW-822DRE version v.1.03B02, which originates from a vulnerability that allows a local attacker to execute arbitrary code via the parameter ipv4ping in /boafrm/formSystemCheck...
CVE-2023-24095
TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formSystemCheck. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects...
TRENDnet TEW-820AP 缓冲区错误漏洞
The TRENDnet TEW-820AP is a router from TRENDnet. A security vulnerability exists in TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, which stems from the discovery of a contained stack overflow vulnerability via the submit-url parameter of /formSystemCheck. An attacker could exploit the...
PT-2023-19398 · Trendnet · Trendnet Wireless Ac Easy-Upgrader Tew-820Ap
Name of the Vulnerable Software and Affected Versions: TrendNet Wireless AC Easy-Upgrader TEW-820AP version 1.0R, firmware version 1.01.B01 Description: A stack overflow vulnerability was discovered in the submit-url parameter at the "/formSystemCheck" API endpoint. This issue allows attackers to...
Malicious code in scalable-form-system (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 830465c028625eadb1da591638a8a6c06b5cc02560ee7ec2ebca321103b31553 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-5956 Malicious code in scalable-form-system (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 830465c028625eadb1da591638a8a6c06b5cc02560ee7ec2ebca321103b31553 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
EGavilan Media Contact-Form-With-Messages-Entry-Management SQL注入漏洞
EGavilan Media Contact-Form-With-Messages-Entry-Management is a simple contact form system from EGavilan Media. EGavilan Media Contact-Form-With-Messages-Entry -Management version 1.0 contains a SQL injection vulnerability that stems from vulnerability to SQL injection attacks via Addmessage.php....
FormField with square brackets in field name skips validation
FileField with array notation skips validation The FileField class is commonly used for file upload in custom code on a Silverstripe website. This field is designed to be used with a single file upload. PHP allows for submitting multiple values by adding square brackets to the field name. When th...