CVE-2025-68715

An issue was discovered in Panda Wireless PWRU0 devices with firmware 2.2.9 that exposes multiple HTTP endpoints /goform/setWan, /goform/setLan, /goform/wirelessBasic that do not enforce authentication. A remote unauthenticated attacker can modify WAN, LAN, and wireless settings directly, leading...

CVE-2025-68715

An issue was discovered in Panda Wireless PWRU0 devices with firmware 2.2.9 that exposes multiple HTTP endpoints /goform/setWan, /goform/setLan, /goform/wirelessBasic that do not enforce authentication. A remote unauthenticated attacker can modify WAN, LAN, and wireless settings directly, leading...

PT-2026-1917

Name of the Vulnerable Software and Affected Versions Panda Wireless PWRU0 version 2.2.9 Description An issue exists in Panda Wireless PWRU0 devices that exposes multiple HTTP endpoints without authentication. These endpoints include '/goform/setWan', '/goform/setLan', and '/goform/wirelessBasic'...

EUVD-2025-12411

Malicious code in bioql PyPI...

TOTOLINK N150RT LAN Settings Page Component Cross-Site Scripting Vulnerability

The TOTOLINK N150RT is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK N150RT version 3.4.0-B20190525 suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data by the parameter Hostname in the...

CVE-2025-3995

A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /boafrm/fromStaticDHCP of the component LAN Settings Page. The manipulation of the argument Hostname leads to cross site...

CVE-2025-3995

A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /boafrm/fromStaticDHCP of the component LAN Settings Page. The manipulation of the argument Hostname leads to cross site...

CVE-2025-3995

A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /boafrm/fromStaticDHCP of the component LAN Settings Page. The manipulation of the argument Hostname leads to cross site...

CVE-2025-3995 TOTOLINK N150RT LAN Settings Page fromStaticDHCP cross site scripting

A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /boafrm/fromStaticDHCP of the component LAN Settings Page. The manipulation of the argument Hostname leads to cross site...

CVE-2025-3995

CVE-2025-3995 affects TOTOLINK N150RT v3.4.0-B20190525. The LAN Settings Page component’s /boafrm/fromStaticDHCP handler accepts the Hostname argument and allows cross-site scripting (XSS). Exploitation is possible remotely and the vulnerability is evidenced across multiple sources (CNVD/CNNVD, R...

CVE-2025-3995 TOTOLINK N150RT LAN Settings Page fromStaticDHCP cross site scripting

A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /boafrm/fromStaticDHCP of the component LAN Settings Page. The manipulation of the argument Hostname leads to cross site...

TOTOLINK N150RT 代码注入漏洞

The TOTOLINK N150RT is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK N150RT version 3.4.0-B20190525 suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data by the parameter Hostname in the...

PT-2025-18032 · Totolink · Totolink N150Rt

Name of the Vulnerable Software and Affected Versions: TOTOLINK N150RT version 3.4.0-B20190525 Description: A vulnerability was found in the LAN Settings Page component, specifically in the /boafrm/fromStaticDHCP file. The manipulation of the Hostname argument leads to cross-site scripting. The...

Canon Printer Wireless Configuration Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'nokogiri' class MetasploitModule 'Canon Printer Wireless Configuration Disclosure', 'Description' = %q This module enumerates wireless credentials from Canon...

D-Link DAP-1325 DeviceName Command Injection Remote Code Execution Vulnerability

D-Link DAP-1325 is a wireless network extender made by D-Link, which is mainly used to extend the wireless network coverage, support the conversion of wired network and wireless network or connect to different wireless networks. The D-Link DAP-1325 suffers from a command injection remote code...

D-Link DAP-1325 SetAPLanSettings Command Injection Vulnerability

D-Link DAP-1325 is a wireless access point/bridge made by D-Link, which is mainly used to extend the wireless network coverage, support the conversion of wired network to wireless network or connect to different wireless networks. The D-Link DAP-1325 suffers from a command injection vulnerability...

CVE-2024-39202

D-Link DIR-823X firmware - 240126 was discovered to contain a remote command execution RCE vulnerability via the dhcpdstartip parameter at /goform/setlansettings...

CVE-2024-39202

D-Link DIR-823X firmware - 240126 was discovered to contain a remote command execution RCE vulnerability via the dhcpdstartip parameter at /goform/setlansettings...

PT-2024-4624 · D Link · D-Link Dir-823G

Name of the Vulnerable Software and Affected Versions: D-Link DIR-823X firmware - 240126 Description: A remote command execution vulnerability exists in the D-Link DIR-823X firmware due to insufficient measures to neutralize special elements. This vulnerability can be exploited by sending a...

The vulnerability of the SetAPLanSettings function in the microprogramming software of the D-Link DAP-1325 wireless signal booster allows a intruder to execute arbitrary code.

The vulnerability of the SetAPLanSettings function in the microprogramming software of the D-Link DAP-1325 wireless signal booster relates to reading data outside the buffer in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...