CVE-2025-7758 TOTOLINK T6 HTTP POST Request cstecgi.cgi setDiagnosisCfg buffer overflow

A vulnerability, which was classified as critical, has been found in TOTOLINK T6 up to 4.1.5cu.748B20211015. Affected by this issue is the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ip leads to buffer...

CVE-2025-7758 TOTOLINK T6 HTTP POST Request cstecgi.cgi setDiagnosisCfg buffer overflow

A vulnerability, which was classified as critical, has been found in TOTOLINK T6 up to 4.1.5cu.748B20211015. Affected by this issue is the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ip leads to buffer...

CVE-2025-34108

A stack-based buffer overflow vulnerability exists in the login functionality of Disk Pulse Enterprise version 9.0.34. An attacker can send a specially crafted HTTP POST request to the /login endpoint with an overly long username parameter, causing a buffer overflow in the libspp.dll component...

CVE-2025-34108

A stack-based buffer overflow vulnerability exists in the login functionality of Disk Pulse Enterprise version 9.0.34. An attacker can send a specially crafted HTTP POST request to the /login endpoint with an overly long username parameter, causing a buffer overflow in the libspp.dll component...

CVE-2025-34108 Disk Pulse Enterprise 9.0.34 Login Stack Buffer Overflow

A stack-based buffer overflow vulnerability exists in the login functionality of Disk Pulse Enterprise version 9.0.34. An attacker can send a specially crafted HTTP POST request to the /login endpoint with an overly long username parameter, causing a buffer overflow in the libspp.dll component...

CVE-2025-34108

Disk Pulse Enterprise 9.0.34 contains a stack-based buffer overflow in the login function. The overflow occurs in the libspp.dll when a crafted long username is sent to POST /login, enabling arbitrary code execution with SYSTEM privileges. Exploitation details and PoCs exist (e.g., Metasploit mod...

CVE-2025-7524

A vulnerability was found in TOTOLINK T6 4.1.5cu.748B20211015. It has been classified as critical. This affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ip leads to command injection. It is possible ...

CVE-2025-7505

A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. Affected is the function frmL7ProtForm of the file /goform/L7Prot of the component HTTP POST Request Handler. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the atta...

CVE-2025-7506

A vulnerability classified as critical was found in Tenda FH451 1.0.0.9. Affected by this vulnerability is the function fromNatlimit of the file /goform/Natlimit of the component HTTP POST Request Handler. The manipulation of the argument page leads to stack-based buffer overflow. The attack can ...

CVE-2025-7614

A vulnerability classified as critical has been found in TOTOLINK T6 4.1.5cu.748. Affected is the function delDevice of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ipAddr leads to command injection. It is possible to launch the attack...

CVE-2025-7613

A vulnerability was found in TOTOLINK T6 4.1.5cu.748. It has been rated as critical. This issue affects the function CloudSrvVersionCheck of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ip leads to command injection. The attack may be...

CVE-2025-7615 TOTOLINK T6 HTTP POST Request cstecgi.cgi clearPairCfg command injection

A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748. Affected by this vulnerability is the function clearPairCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ip leads to command injection. The attack can be...

CVE-2025-7615

CVE-2025-7615 affects TOTOLINK T6 at version 4.1.5cu.748. The vulnerability is in the HTTP POST Request Handler, specifically the function clearPairCfg in the file /cgi-bin/cstecgi.cgi, where the ip argument can be manipulated to cause a command injection. The attack can be launched remotely and ...

CVE-2025-7615 TOTOLINK T6 HTTP POST Request cstecgi.cgi clearPairCfg command injection

A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748. Affected by this vulnerability is the function clearPairCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ip leads to command injection. The attack can be...

CVE-2025-7614

CVE-2025-7614 affects TOTOLINK T6 (4.1.5cu.748); the issue is in the HTTP POST Request Handler, specifically the delDevice function in /cgi-bin/cstecgi.cgi. By manipulating the ipAddr argument, an attacker can achieve command injection and potentially execute remote code. The exploit has been pub...

CVE-2025-7614 TOTOLINK T6 HTTP POST Request cstecgi.cgi delDevice command injection

A vulnerability classified as critical has been found in TOTOLINK T6 4.1.5cu.748. Affected is the function delDevice of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ipAddr leads to command injection. It is possible to launch the attack...

CVE-2025-7613 TOTOLINK T6 HTTP POST Request cstecgi.cgi CloudSrvVersionCheck command injection

A vulnerability was found in TOTOLINK T6 4.1.5cu.748. It has been rated as critical. This issue affects the function CloudSrvVersionCheck of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ip leads to command injection. The attack may be...

CVE-2025-7613 TOTOLINK T6 HTTP POST Request cstecgi.cgi CloudSrvVersionCheck command injection

A vulnerability was found in TOTOLINK T6 4.1.5cu.748. It has been rated as critical. This issue affects the function CloudSrvVersionCheck of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ip leads to command injection. The attack may be...

CVE-2025-7613

Totolink T6 (version 4.1.5cu.748) is affected by a command-injection in CloudSrvVersionCheck (file /cgi-bin/cstecgi.cgi, HTTP POST Request Handler). The ip argument is mishandled, enabling remote command execution when crafted inputs are sent. Public exploitation is disclosed. Practical impact is...

CVE-2025-7465

A vulnerability classified as critical was found in Tenda FH1201 1.2.0.14. Affected by this vulnerability is the function fromRouteStatic of the file /goform/fromRouteStatic of the component HTTP POST Request Handler. The manipulation of the argument page leads to buffer overflow. The attack can ...