PT-2025-29576 · NetGear · Netgear Xr300

Name of the Vulnerable Software and Affected Versions: Netgear XR300 version 1.0.3.38 10.3.30 Description: A stack-based buffer overflow exists in the HTTPD service through the usb device.cgi endpoint when processing POST requests containing the usb folder parameter. Recommendations: Update to a...

Fedora: Security Advisory (FEDORA-2025-6d7a183951)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 42 : httpd (2025-6d7a183951)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-6d7a183951 advisory. New httpd 2.4.64 release + security fixes Tenable has extracted the preceding description block directly from the Fedora security advisory. Note tha...

FreeBSD : Apache httpd -- Multiple vulnerabilities (342f2a0a-5e9b-11f0-8baa-8447094a420f)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 342f2a0a-5e9b-11f0-8baa-8447094a420f advisory. The Apache httpd project reports: moderate: Apache HTTP Server: HTTP response splitting...

[slackware-security] httpd

New httpd packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/httpd-2.4.64-i586-1slack15.0.txz: Upgraded. This release contains security fixes and improvements. The update resolves a range of issue...

CVE-2025-7421

A vulnerability was found in Tenda O3V2 1.0.0.123880. It has been rated as critical. This issue affects the function fromMacFilterModify of the file /goform/operateMacFilter of the component httpd. The manipulation of the argument mac leads to stack-based buffer overflow. The attack may be...

CVE-2025-7423 Tenda O3V2 httpd setWrlFilterList formWifiMacFilterSet stack-based overflow

A vulnerability classified as critical was found in Tenda O3V2 1.0.0.123880. Affected by this vulnerability is the function formWifiMacFilterSet of the file /goform/setWrlFilterList of the component httpd. The manipulation of the argument macList leads to stack-based buffer overflow. The attack c...

Slackware Linux 15.0 / current httpd Multiple Vulnerabilities (SSA:2025-192-02)

The version of httpd installed on the remote host is prior to 2.4.64. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2025-192-02 advisory. New httpd packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the preceding...

CVE-2025-7420 Tenda O3V2 httpd setWrlBasicInfo formWifiBasicSet stack-based overflow

A vulnerability was found in Tenda O3V2 1.0.0.123880. It has been declared as critical. This vulnerability affects the function formWifiBasicSet of the file /goform/setWrlBasicInfo of the component httpd. The manipulation of the argument extChannel leads to stack-based buffer overflow. The attack...

CVE-2025-7420

CVE-2025-7420 affects Tenda O3V2 (version 1.0.0.12(3880)). The vulnerability is in the httpd component’s function setWrlBasicInfo (formWifiBasicSet). The root cause is a stack-based buffer overflow triggered by manipulating the extChannel argument in /goform/setWrlBasicInfo. It is remotely exploi...

CVE-2025-7419

A vulnerability was found in Tenda O3V2 1.0.0.123880. It has been classified as critical. This affects the function fromSpeedTestSet of the file /goform/setRateTest of the component httpd. The manipulation of the argument destIP leads to stack-based buffer overflow. It is possible to initiate the...

CVE-2025-7419 Tenda O3V2 httpd setRateTest fromSpeedTestSet stack-based overflow

A vulnerability was found in Tenda O3V2 1.0.0.123880. It has been classified as critical. This affects the function fromSpeedTestSet of the file /goform/setRateTest of the component httpd. The manipulation of the argument destIP leads to stack-based buffer overflow. It is possible to initiate the...

CVE-2025-7419

The CVE-2025-7419 entry applies to Tenda O3V2, version 1.0.0.12(3880). The vulnerability is in the httpd component, specifically the fromSpeedTestSet function in /goform/setRateTest. The destIP parameter length validation is inadequate, causing a stack-based buffer overflow that can be exploited ...

CVE-2025-7418 Tenda O3V2 httpd setPing fromPingResultGet stack-based overflow

A vulnerability was found in Tenda O3V2 1.0.0.123880 and classified as critical. Affected by this issue is the function fromPingResultGet of the file /goform/setPing of the component httpd. The manipulation of the argument destIP leads to stack-based buffer overflow. The attack may be launched...

CVE-2025-7416 Tenda O3V2 httpd setSysTimeInfo fromSysToolTime stack-based overflow

A vulnerability, which was classified as critical, was found in Tenda O3V2 1.0.0.123880. Affected is the function fromSysToolTime of the file /goform/setSysTimeInfo of the component httpd. The manipulation of the argument Time leads to stack-based buffer overflow. It is possible to launch the...

CVE-2025-7416 Tenda O3V2 httpd setSysTimeInfo fromSysToolTime stack-based overflow

A vulnerability, which was classified as critical, was found in Tenda O3V2 1.0.0.123880. Affected is the function fromSysToolTime of the file /goform/setSysTimeInfo of the component httpd. The manipulation of the argument Time leads to stack-based buffer overflow. It is possible to launch the...

CVE-2025-7414

A vulnerability classified as critical was found in Tenda O3V2 1.0.0.123880. This vulnerability affects the function fromNetToolGet of the file /goform/setPingInfo of the component httpd. The manipulation of the argument domain leads to os command injection. The attack can be initiated remotely...

CVE-2025-7415

A vulnerability, which was classified as critical, has been found in Tenda O3V2 1.0.0.123880. This issue affects the function fromTraceroutGet of the file /goform/getTraceroute of the component httpd. The manipulation of the argument dest leads to command injection. The attack may be initiated...

CVE-2025-7414

A vulnerability classified as critical was found in Tenda O3V2 1.0.0.123880. This vulnerability affects the function fromNetToolGet of the file /goform/setPingInfo of the component httpd. The manipulation of the argument domain leads to os command injection. The attack can be initiated remotely...

AZL-65097 CVE-2025-49812 affecting package httpd for versions less than 2.4.64-1

In some modssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enable TLS upgrades are affected. Users are recommend...