CVE-2025-1103 D-Link DIR-823X HTTP POST Request set_wifi_blacklists null pointer dereference

A vulnerability, which was classified as problematic, was found in D-Link DIR-823X 240126/240802. This affects the function setwifiblacklists of the file /goform/setwifiblacklists of the component HTTP POST Request Handler. The manipulation of the argument macList leads to null pointer dereferenc...

CVE-2025-1103 D-Link DIR-823X HTTP POST Request set_wifi_blacklists null pointer dereference

A vulnerability, which was classified as problematic, was found in D-Link DIR-823X 240126/240802. This affects the function setwifiblacklists of the file /goform/setwifiblacklists of the component HTTP POST Request Handler. The manipulation of the argument macList leads to null pointer dereferenc...

CVE-2025-1103

CVE-2025-1103 affects D-Link DIR-823X (versions 240126–240802). The vulnerability resides in the HTTP POST Request Handler: set_wifi_blacklists (/goform/set_wifi_blacklists). Manipulating the macList argument triggers a null pointer dereference, with remote exploitability and public disclosure. P...

CVE-2019-5071

An exploitable command injection vulnerability exists in the /goform/WanParameterSetting functionality of Tenda AC9 Router AC1200 Smart Dual-Band Gigabit WiFi Route AC9V1.0 Firmware V15.03.05.16multiTRU. A specially crafted HTTP POST request can cause a command injection in the DNS1 post...

CVE-2019-5072

An exploitable command injection vulnerability exists in the /goform/WanParameterSetting functionality of Tenda AC9 Router AC1200 Smart Dual-Band Gigabit WiFi Route AC9V1.0 Firmware V15.03.05.16multiTRU. A specially crafted HTTP POST request can cause a command injection in the DNS2 post...

CVE-2024-7707

A vulnerability was found in Tenda FH1206 02.03.01.35 and classified as critical. Affected by this issue is the function formSafeEmailFilter of the file /goform/SafeEmailFilter of the component HTTP POST Request Handler. The manipulation of the argument page leads to stack-based buffer overflow...

CVE-2024-3150

In mintplex-labs/anything-llm, a vulnerability exists in the thread update process that allows users with Default or Manager roles to escalate their privileges to Administrator. The issue arises from improper input validation when handling HTTP POST requests to the endpoint...

CVE-2024-1601

An SQL injection vulnerability exists in the deletediscussion function of the parisneo/lollms-webui application, allowing an attacker to delete all discussions and message data. The vulnerability is exploitable via a crafted HTTP POST request to the /deletediscussion endpoint, which internally...

CVE-2024-13200

A vulnerability, which was classified as critical, was found in wander-chu SpringBoot-Blog 1.0. This affects the function preHandle of the file src/main/java/com/my/blog/website/interceptor/BaseInterceptor.java of the component HTTP POST Request Handler. The manipulation leads to improper access...

CVE-2024-40890

CVE-2024-40890 affects Zyxel VMG4325-B10A legacy DSL CPE. The vulnerability is a post-authentication command-injection flaw in the device’s CGI program, exploitable by sending a crafted HTTP POST request to execute OS commands with elevated privileges (reported for firmware 1.00(AAFR.4)C0_2017061...

CVE-2025-0848

A vulnerability was found in Tenda A18 up to 15.13.07.09. It has been rated as critical. This issue affects the function SetCmdlineRun of the file /goform/SetCmdlineRun of the component HTTP POST Request Handler. The manipulation of the argument wpapskcrypto5g leads to stack-based buffer overflow...

CVE-2025-0848 Tenda A18 HTTP POST Request SetCmdlineRun stack-based overflow

A vulnerability was found in Tenda A18 up to 15.13.07.09. It has been rated as critical. This issue affects the function SetCmdlineRun of the file /goform/SetCmdlineRun of the component HTTP POST Request Handler. The manipulation of the argument wpapskcrypto5g leads to stack-based buffer overflow...

CVE-2025-0848 Tenda A18 HTTP POST Request SetCmdlineRun stack-based overflow

A vulnerability was found in Tenda A18 up to 15.13.07.09. It has been rated as critical. This issue affects the function SetCmdlineRun of the file /goform/SetCmdlineRun of the component HTTP POST Request Handler. The manipulation of the argument wpapskcrypto5g leads to stack-based buffer overflow...

CVE-2025-0848

The CVE-2025-0848 entry concerns the Tenda A18 router (versions up to 15.13.07.09) with a vulnerability in the HTTP POST handler function SetCmdlineRun. The root cause is a stack-based buffer overflow triggered by manipulating the wpapsk_crypto5g argument, which can be exploited remotely. Public ...

D-Link DIR-878 Information Disclosure Vulnerability

The D-Link DIR-878 is a wireless router from China's AUO D-Link. An information disclosure vulnerability exists in the D-Link DIR-878 version 1.03, which stems from insufficient protection of sensitive information in the component HTTP POST request handler, and can be exploited by an attacker to...

CVE-2025-0481

A vulnerability classified as problematic has been found in D-Link DIR-878 1.03. Affected is an unknown function of the file /dllog.cgi of the component HTTP POST Request Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-0481

CVE-2025-0481 affects D-Link DIR-878 (firmware 1.03). The issue is in an unknown function of the /dllog.cgi HTTP POST Request Handler, leading to information disclosure. It can be exploited remotely, and multiple sources describe public exploits or disclosures. The provided connected documents co...

CVE-2025-0481 D-Link DIR-878 HTTP POST Request dllog.cgi information disclosure

A vulnerability classified as problematic has been found in D-Link DIR-878 1.03. Affected is an unknown function of the file /dllog.cgi of the component HTTP POST Request Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-0481 D-Link DIR-878 HTTP POST Request dllog.cgi information disclosure

A vulnerability classified as problematic has been found in D-Link DIR-878 1.03. Affected is an unknown function of the file /dllog.cgi of the component HTTP POST Request Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been...

PT-2025-1265 · D Link · D-Link Dir-878

Name of the Vulnerable Software and Affected Versions: D-Link DIR-878 version 1.03 Description: A vulnerability has been found in the D-Link DIR-878, affecting an unknown function of the file /dllog.cgi of the component HTTP POST Request Handler. This issue leads to information disclosure and can...