28 matches found
CVE-2026-31846
Missing authentication in the /goform/ate endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows an adjacent unauthenticated attacker to retrieve sensitive device information, including the administrator password. The endpoint returns a raw response containing...
EUVD-2026-14402
An unauthenticated credential disclosure vulnerability in the /goform/ate endpoint of Nexxt Solutions Nebula 300+ firmware through Nebula300+v12.01.01.37 allows an adjacent attacker to obtain the administrator password in Base64-encoded form via a crafted HTTP request. The recovered credential ca...
CVE-2026-31846
Missing authentication in the /goform/ate endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows an adjacent unauthenticated attacker to retrieve sensitive device information, including the administrator password. The endpoint returns a raw response containing...
CVE-2026-31846
CVE-2026-31846 affects Nexxt Solutions Nebula 300+ firmware up to 12.01.01.37. A missing authentication flaw exists on the /goform/ate endpoint, allowing an adjacent unauthenticated attacker to retrieve sensitive information, including the administrator password. The response exposes parameters s...
CVE-2026-31846
Missing authentication in the /goform/ate endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows an adjacent unauthenticated attacker to retrieve sensitive device information, including the administrator password. The endpoint returns a raw response containing...
CVE-2026-31846 Unauthenticated Credential Disclosure via /goform/ate in Nexxt Nebula 300+
Missing authentication in the /goform/ate endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows an adjacent unauthenticated attacker to retrieve sensitive device information, including the administrator password. The endpoint returns a raw response containing...
CVE-2026-31846 Unauthenticated Credential Disclosure via /goform/ate in Nexxt Nebula 300+
Missing authentication in the /goform/ate endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows an adjacent unauthenticated attacker to retrieve sensitive device information, including the administrator password. The endpoint returns a raw response containing...
Nexxt Solutions Nebula 300+ 安全漏洞
The Nexxt Solutions Nebula 300+ is a wireless router produced by the American company Nexxt Solutions. Versions of the Nebula 300+ with the software version 12.01.01.37 and earlier contain security vulnerabilities. These vulnerabilities stem from unvalidated credentials exposure in the /goform/at...
PT-2026-27112
An unauthenticated credential disclosure vulnerability in the /goform/ate endpoint of Nexxt Solutions Nebula 300+ firmware through Nebula300+ v12.01.01.37 allows an adjacent attacker to obtain the administrator password in Base64-encoded form via a crafted HTTP request. The recovered credential c...
EUVD-2025-205784
A vulnerability was found in Tenda W6-S 1.0.0.4510. This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing manipulation results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used...
CVE-2025-15254
A vulnerability was found in Tenda W6-S 1.0.0.4510. This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing a manipulation results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used...
CVE-2025-15254 Tenda W6-S ATE Service ate TendaAte os command injection
A vulnerability was found in Tenda W6-S 1.0.0.4510. This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing a manipulation results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used...
CVE-2025-15254
A vulnerability was found in Tenda W6-S 1.0.0.4510. This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing a manipulation results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used...
CVE-2025-15254
CVE-2025-15254 affects Tenda W6-S 1.0.0.4(510) ATE Service, specifically the TendaAte function in the /goform/ate file. The root cause is an input manipulation that enables an OS command injection. The vulnerability can be exploited remotely over the network, and the exploit has been publicly dis...
CVE-2025-15254 Tenda W6-S ATE Service ate TendaAte os command injection
A vulnerability was found in Tenda W6-S 1.0.0.4510. This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing a manipulation results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used...
Tenda W6-S 操作系统命令注入漏洞
Tenda W6-S is a wireless access point device from Tenda China. An OS command injection vulnerability exists in Tenda W6-S version 1.0.0.4, which originates from an incorrect operation of the file /goform/ate in the component ATE Service, which could lead to os command injection...
Tenda AC10 Improper Access Control Vulnerability
Tenda AC10 is a dual-band Gigabit wireless router launched by Shenzhen Jixiang Tenda Technology Co., Ltd, mainly for 200M and above fiber optic users. Tenda AC10 suffers from an improper access control vulnerability, which originates from improper access control of the /goform/ate endpoint, and c...
CVE-2025-57219
Incorrect access control in the endpoint /goform/ate of Tenda AC10 v4.0 firmware v16.03.10.09multiTDE01 allows attackers to escalate privileges or access sensitive components via a crafted request...
CVE-2025-57219
Incorrect access control in the endpoint /goform/ate of Tenda AC10 v4.0 firmware v16.03.10.09multiTDE01 allows attackers to escalate privileges or access sensitive components via a crafted request...
CVE-2025-57219
Incorrect access control in the endpoint /goform/ate of Tenda AC10 v4.0 firmware v16.03.10.09multiTDE01 allows attackers to escalate privileges or access sensitive components via a crafted request...