Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 2:58 p.m.4 views

CVE-2026-31846

Missing authentication in the /goform/ate endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows an adjacent unauthenticated attacker to retrieve sensitive device information, including the administrator password. The endpoint returns a raw response containing...

7.1CVSS5.8AI score0.0025EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/23 12:30 p.m.6 views

EUVD-2026-14402

An unauthenticated credential disclosure vulnerability in the /goform/ate endpoint of Nexxt Solutions Nebula 300+ firmware through Nebula300+v12.01.01.37 allows an adjacent attacker to obtain the administrator password in Base64-encoded form via a crafted HTTP request. The recovered credential ca...

7.1CVSS5.8AI score0.0025EPSS
Exploits0References3
NVD
NVD
added 2026/03/23 12:16 p.m.4 views

CVE-2026-31846

Missing authentication in the /goform/ate endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows an adjacent unauthenticated attacker to retrieve sensitive device information, including the administrator password. The endpoint returns a raw response containing...

7.1CVSS0.0025EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/23 12:0 p.m.4 views

CVE-2026-31846

Missing authentication in the /goform/ate endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows an adjacent unauthenticated attacker to retrieve sensitive device information, including the administrator password. The endpoint returns a raw response containing...

7.1CVSS5.8AI score0.0025EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/23 12:0 p.m.27 views

CVE-2026-31846 Unauthenticated Credential Disclosure via /goform/ate in Nexxt Nebula 300+

Missing authentication in the /goform/ate endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows an adjacent unauthenticated attacker to retrieve sensitive device information, including the administrator password. The endpoint returns a raw response containing...

7.1CVSS0.0025EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/30 3:32 p.m.6 views

CVE-2025-15254 Tenda W6-S ATE Service ate TendaAte os command injection

A vulnerability was found in Tenda W6-S 1.0.0.4510. This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing a manipulation results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used...

6.5CVSS6.3AI score0.0326EPSS
Exploits1References5
CNVD
CNVD
added 2025/08/31 12:0 a.m.2 views

Tenda AC10 Improper Access Control Vulnerability

Tenda AC10 is a dual-band Gigabit wireless router launched by Shenzhen Jixiang Tenda Technology Co., Ltd, mainly for 200M and above fiber optic users. Tenda AC10 suffers from an improper access control vulnerability, which originates from improper access control of the /goform/ate endpoint, and c...

5.3CVSS7AI score0.00222EPSS
Exploits0References1
NVD
NVD
added 2025/08/28 7:15 p.m.4 views

CVE-2025-57219

Incorrect access control in the endpoint /goform/ate of Tenda AC10 v4.0 firmware v16.03.10.09multiTDE01 allows attackers to escalate privileges or access sensitive components via a crafted request...

5.3CVSS0.00222EPSS
Exploits0References1
CVE
CVE
added 2025/08/28 12:0 a.m.14 views

CVE-2025-57219

The CVE-2025-57219 vulnerability affects Tenda AC10 v4.0 firmware (16.03.10.09_multi_TDE01). The root cause is improper access control on the /goform/ate endpoint, enabling an attacker to escalate privileges or access sensitive components via a crafted request. Exploit details, affected versions ...

5.3CVSS6.6AI score0.00222EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/08/28 12:0 a.m.10 views

PT-2025-35126

Name of the Vulnerable Software and Affected Versions Tenda AC10 version 4.0 firmware 16.03.10.09 multi TDE01 Description Incorrect access control in the /goform/ate endpoint allows attackers to escalate privileges or access sensitive components via a crafted request. Recommendations At the momen...

5.3CVSS6.6AI score0.00222EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/08/28 12:0 a.m.4 views

Tenda AC10 安全漏洞

Tenda AC10 is a dual-band Gigabit wireless router launched by Shenzhen Jixiang Tenda Technology Co., Ltd, mainly for 200M and above fiber optic users. Tenda AC10 suffers from an improper access control vulnerability, which originates from improper access control of the /goform/ate endpoint, and c...

5.3CVSS6.9AI score0.00222EPSS
Exploits0References2
Rows per page
Query Builder