27 matches found
CVE-2025-68715
An issue was discovered in Panda Wireless PWRU0 devices with firmware 2.2.9 that exposes multiple HTTP endpoints /goform/setWan, /goform/setLan, /goform/wirelessBasic that do not enforce authentication. A remote unauthenticated attacker can modify WAN, LAN, and wireless settings directly, leading...
CVE-2025-68715
An issue was discovered in Panda Wireless PWRU0 devices with firmware 2.2.9 that exposes multiple HTTP endpoints /goform/setWan, /goform/setLan, /goform/wirelessBasic that do not enforce authentication. A remote unauthenticated attacker can modify WAN, LAN, and wireless settings directly, leading...
PT-2026-1917
Name of the Vulnerable Software and Affected Versions Panda Wireless PWRU0 version 2.2.9 Description An issue exists in Panda Wireless PWRU0 devices that exposes multiple HTTP endpoints without authentication. These endpoints include '/goform/setWan', '/goform/setLan', and '/goform/wirelessBasic'...
EUVD-2025-12411
Malicious code in bioql PyPI...
TOTOLINK N150RT LAN Settings Page Component Cross-Site Scripting Vulnerability
The TOTOLINK N150RT is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK N150RT version 3.4.0-B20190525 suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data by the parameter Hostname in the...
CVE-2025-3995
A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /boafrm/fromStaticDHCP of the component LAN Settings Page. The manipulation of the argument Hostname leads to cross site...
CVE-2025-3995
A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /boafrm/fromStaticDHCP of the component LAN Settings Page. The manipulation of the argument Hostname leads to cross site...
CVE-2025-3995
A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /boafrm/fromStaticDHCP of the component LAN Settings Page. The manipulation of the argument Hostname leads to cross site...
CVE-2025-3995 TOTOLINK N150RT LAN Settings Page fromStaticDHCP cross site scripting
A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /boafrm/fromStaticDHCP of the component LAN Settings Page. The manipulation of the argument Hostname leads to cross site...
CVE-2025-3995 TOTOLINK N150RT LAN Settings Page fromStaticDHCP cross site scripting
A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /boafrm/fromStaticDHCP of the component LAN Settings Page. The manipulation of the argument Hostname leads to cross site...
CVE-2025-3995
CVE-2025-3995 affects TOTOLINK N150RT v3.4.0-B20190525. The LAN Settings Page component’s /boafrm/fromStaticDHCP handler accepts the Hostname argument and allows cross-site scripting (XSS). Exploitation is possible remotely and the vulnerability is evidenced across multiple sources (CNVD/CNNVD, R...
TOTOLINK N150RT 代码注入漏洞
The TOTOLINK N150RT is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK N150RT version 3.4.0-B20190525 suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data by the parameter Hostname in the...
PT-2025-18032 · Totolink · Totolink N150Rt
Name of the Vulnerable Software and Affected Versions: TOTOLINK N150RT version 3.4.0-B20190525 Description: A vulnerability was found in the LAN Settings Page component, specifically in the /boafrm/fromStaticDHCP file. The manipulation of the Hostname argument leads to cross-site scripting. The...
Canon Printer Wireless Configuration Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'nokogiri' class MetasploitModule 'Canon Printer Wireless Configuration Disclosure', 'Description' = %q This module enumerates wireless credentials from Canon...
D-Link DAP-1325 SetAPLanSettings Command Injection Vulnerability
D-Link DAP-1325 is a wireless access point/bridge made by D-Link, which is mainly used to extend the wireless network coverage, support the conversion of wired network to wireless network or connect to different wireless networks. The D-Link DAP-1325 suffers from a command injection vulnerability...
D-Link DAP-1325 DeviceName Command Injection Remote Code Execution Vulnerability
D-Link DAP-1325 is a wireless network extender made by D-Link, which is mainly used to extend the wireless network coverage, support the conversion of wired network and wireless network or connect to different wireless networks. The D-Link DAP-1325 suffers from a command injection remote code...
CVE-2024-39202
D-Link DIR-823X firmware - 240126 was discovered to contain a remote command execution RCE vulnerability via the dhcpdstartip parameter at /goform/setlansettings...
PT-2024-4624 · D Link · D-Link Dir-823G
Name of the Vulnerable Software and Affected Versions: D-Link DIR-823X firmware - 240126 Description: A remote command execution vulnerability exists in the D-Link DIR-823X firmware due to insufficient measures to neutralize special elements. This vulnerability can be exploited by sending a...
CVE-2024-39202
D-Link DIR-823X firmware - 240126 was discovered to contain a remote command execution RCE vulnerability via the dhcpdstartip parameter at /goform/setlansettings...
SKT LTE Wi-Fi SDT-CW3B1 Unauthorized Admin Credential Change
Exploit Title: SKT LTE Wi-Fi SDT-CW3B1 - Unauthorized Admin Credential Change Shodan Dork: SDT-CW3B1 Date: 2018-05-23 Exploit Author: Safak Aslan Vendor Homepage: http://telesquare.co.kr/ Version: SKT CW3B1 sw version 1.2.0 Tested on: Windows CVE: - Class: Unauthorized Admin Credential Change...