CVE-2026-7705

A flaw has been found in JD Cloud JDCOS 4.5.1.r4518. This vulnerability affects the function setiptvinfo of the file /jdcap of the component Service Interface. Executing a manipulation of the argument vid can lead to command injection. It is possible to launch the attack remotely. The exploit has...

CVE-2026-7705

A flaw has been found in JD Cloud JDCOS 4.5.1.r4518. This vulnerability affects the function setiptvinfo of the file /jdcap of the component Service Interface. Executing a manipulation of the argument vid can lead to command injection. It is possible to launch the attack remotely. The exploit has...

EUVD-2026-26843

A flaw has been found in JD Cloud JDCOS 4.5.1.r4518. This vulnerability affects the function setiptvinfo of the file /jdcap of the component Service Interface. Executing a manipulation of the argument vid can lead to command injection. It is possible to launch the attack remotely. The exploit has...

CVE-2026-7705

JD Cloud JDCOS 4.5.1.r4518 is affected. The vulnerability targets the /jdcap Service Interface’s set_iptv_info function, where manipulating the vid argument enables remote command injection. Exploitation is possible remotely and a published exploit exists. Vendor was contacted early but did not r...

JD Cloud JDCOS 注入漏洞

JD Cloud JDCOS is a cloud object storage service provided by JD.com, a Chinese e-commerce company. The version JD Cloud JDCOS 4.5.1.r4518 contains a vulnerability due to an injection flaw in the Service Interface component. This flaw stems from the function setiptvinfo in the file/jdcap, which...

PT-2026-36722

Name of the Vulnerable Software and Affected Versions JD Cloud JDCOS version 4.5.1.r4518 Description A flaw in the Service Interface component allows remote command injection. The issue exists within the set iptv info function of the '/jdcap' file, where improper handling of the vid argument...

CVE-2026-7123

CVE-2026-7123 affects Totolink A8000RU (firmware 7.1cu.643_b20200521) CGI Handler, specifically the file /cgi-bin/cstecgi.cgi function setIptvCfg. The vulnerability is a remote OS command injection caused by manipulation of the setIptvCfg argument. Public exploits exist, enabling remote attackers...

CVE-2026-7123 Totolink A8000RU CGI cstecgi.cgi setIptvCfg os command injection

A vulnerability was found in Totolink A8000RU 7.1cu.643b20200521. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument setIptvCfg results in os command injection. The attack can be initiated remotely. The...

CVE-2026-5852 Totolink A7100RU CGI cstecgi.cgi setIptvCfg os command injection

A weakness has been identified in Totolink A7100RU 7.4cu.2313b20191024. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument igmpVer causes os command injection. The attack is possible to be carried out remotely. The...

CVE-2026-5178 Totolink A3300R cstecgi.cgi setIptvCfg command injection

A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557b20221024. Affected by this issue is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument vlanPriLan3 leads to command injection. Remote exploitation of the attack is possible. The...

VulnCheck KEV: CVE-2025-57296

Tenda AC6 router firmware 15.03.05.19 contains a command injection vulnerability in the formSetIptv function, which processes requests to the /goform/SetIPTVCfg web interface. When handling the list and vlanId parameters, the subADBC0 helper function concatenates these user-supplied values into...

EUVD-2025-208247

Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formGetIptv function and the list parameter, which can cause memory corruption and enable remote code execution...

CVE-2026-24101

An issue was discovered in goform/formSetIptv in Tenda AC15V1.0 V15.03.05.18multi. When the condition is met, s11 will be passed into subB0488, concatenated into doSystemCmd. The value of s11 is not validated, potentially leading to a command injection vulnerability...

CVE-2026-24101

An issue was discovered in goform/formSetIptv in Tenda AC15V1.0 V15.03.05.18multi. When the condition is met, s11 will be passed into subB0488, concatenated into doSystemCmd. The value of s11 is not validated, potentially leading to a command injection vulnerability...

Fake IPTV Apps Spread Massiv Android Malware Targeting Mobile Banking Users

Cybersecurity researchers have disclosed details of a new Android trojan called Massiv that's designed to facilitate device takeover DTO attacks for financial theft. The malware, according to ThreatFabric, masquerades as seemingly harmless IPTV apps to deceive victims, indicating that the activit...

Tenda Ax3 security vulnerabilities

The Tenda AX3 is a Wi-Fi 6 dual-band router with a gigabit port from the Chinese company Tenda. Version 16.03.12.11 of the Tenda AX3 contains a security vulnerability. This vulnerability stems from improper handling of the stbpvid stack buffer in the formGetIptv function, leading to a stack-based...

Tenda Ax3 Buffer Overflow Vulnerability

The Tenda Ax3 is an Ax1800 Gigabit Port Dual Band Wifi 6 Wireless Router from Tenda China. A buffer overflow vulnerability exists in Tenda Ax3 version v16.03.12.11, which stems from the iptvType parameter failing to properly validate the length and size of the input data, and can be exploited by ...

EUVD-2025-201799

Tenda AX3 v16.03.12.11 contains a stack overflow in formSetIptv via the iptvType parameter, which can cause memory corruption and enable remote code execution RCE...

CVE-2025-65804

Tenda AX3 v16.03.12.11 contains a stack overflow in formSetIptv via the iptvType parameter, which can cause memory corruption and enable remote code execution RCE...

CVE-2025-65804

Tenda AX3 v16.03.12.11 contains a stack overflow in formSetIptv via the iptvType parameter, which can cause memory corruption and enable remote code execution RCE...