CVE-2025-70222

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin,goform/getAuthCode...

CVE-2025-68715

An issue was discovered in Panda Wireless PWRU0 devices with firmware 2.2.9 that exposes multiple HTTP endpoints /goform/setWan, /goform/setLan, /goform/wirelessBasic that do not enforce authentication. A remote unauthenticated attacker can modify WAN, LAN, and wireless settings directly, leading...

CVE-2025-68715

An issue was discovered in Panda Wireless PWRU0 devices with firmware 2.2.9 that exposes multiple HTTP endpoints /goform/setWan, /goform/setLan, /goform/wirelessBasic that do not enforce authentication. A remote unauthenticated attacker can modify WAN, LAN, and wireless settings directly, leading...

CVE-2025-43983

KuWFi CPF908-CP5 WEB5.0LCD20210125 devices have multiple unauthenticated access control vulnerabilities within goform/goformsetcmdprocess and goform/goformgetcmdprocess. These allow an unauthenticated attacker to retrieve sensitive information including the device admin username and password,...

CVE-2024-53945

The KuWFi 4G AC900 LTE router 1.0.13 is vulnerable to command injection on the HTTP API endpoints /goform/formMultiApnSetting and /goform/atCmd. An authenticated attacker can execute arbitrary OS commands with root privileges via shell metacharacters in parameters such as pincode and cmds...

CVE-2025-43983

KuWFi CPF908-CP5 WEB5.0LCD20210125 devices have multiple unauthenticated access control vulnerabilities within goform/goformsetcmdprocess and goform/goformgetcmdprocess. These allow an unauthenticated attacker to retrieve sensitive information including the device admin username and password,...

CVE-2024-29082

Improper access control vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enables an unauthenticated remote attacker to bypass authentication and factory reset the device via unprotected goform endpoints...

CVE-2024-29082

Improper access control vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enables an unauthenticated remote attacker to bypass authentication and factory reset the device via unprotected goform endpoints...

CVE-2024-29082 Vonets WiFi Bridges Improper Access Control

Improper access control vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enables an unauthenticated remote attacker to bypass authentication and factory reset the device via unprotected goform endpoints...

PT-2024-5763 · Vonets · Vonets Wifi Bridge Repeaters +1

Name of the Vulnerable Software and Affected Versions: Vonets industrial wifi bridge relays and wifi bridge repeaters versions 3.3.23.6.9 and prior Description: The issue is related to improper access control, allowing an unauthenticated remote attacker to bypass authentication and factory reset...

Intelbras NCLOUD 300 Denial of Service Vulnerability

Intelbras NCLOUD 300 is a wireless router device from Intelbras, Brazil. A security vulnerability exists in Intelbras NCLOUD 300 version 1.0, which stems from the program failing to require authentication. An attacker can exploit the vulnerability by sending requests to /cgi-bin/ExportSettings.sh...

Cross site request forgery (csrf)

EE 4GEE WiFi MBB before EE600005.0031 devices have CSRF, related to goform/AddNewProfile, goform/setWanDisconnect, goform/setSMSAutoRedirectSetting, goform/setReset, and goform/uploadBackupSettings...