EUVD-2026-33510

A flaw has been found in Tenda W12 3.0.0.74763. This affects the function cgistaKickOff of the file /bin/httpd. Executing a manipulation of the argument staMac can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used...

CVE-2026-2530

A weakness has been identified in Wavlink WL-WN579A3 up to 20210219. This affects the function AddMac of the file /cgi-bin/wireless.cgi. This manipulation of the argument macAddr causes command injection. The attack is possible to be carried out remotely. The exploit has been made available to th...

CVE-2025-10962

A vulnerability was identified in Wavlink NU516U1 M16U1V240425. This impacts the function sub403198 of the file /cgi-bin/wireless.cgi of the component SetName Page. The manipulation of the argument mac5g leads to command injection. It is possible to initiate the attack remotely. The exploit is...

CVE-2025-10962

A vulnerability was identified in Wavlink NU516U1 M16U1V240425. This impacts the function sub403198 of the file /cgi-bin/wireless.cgi of the component SetName Page. The manipulation of the argument mac5g leads to command injection. It is possible to initiate the attack remotely. The exploit is...

Wavlink WL-WN578W2 sub_404DBC Function OS Command Injection Vulnerability

The Wavlink WL-WN578W2 is a wireless repeater from China's Wavlink. The Wavlink WL-WN578W2 221110 version has an operating system command injection vulnerability, which originates from the parameter macAddr in the sub404DBC function of the file /cgi-bin/wireless.cgi that fails to correctly filter...

CVE-2025-10359 Wavlink WL-WN578W2 wireless.cgi sub_404DBC os command injection

A vulnerability was detected in Wavlink WL-WN578W2 221110. This impacts the function sub404DBC of the file /cgi-bin/wireless.cgi. The manipulation of the argument macAddr results in os command injection. The attack can be launched remotely. The exploit is now public and may be used. The vendor wa...

Tenda AC20 Buffer Overflow Vulnerability

Tenda AC20 is a wireless router product from Tenda. A buffer overflow vulnerability exists in Tenda AC20 16.03.08.12 and earlier versions, which originates from the improper handling of the mac parameter in the strcpy function in the /goform/GetParentControlInfo file. The vulnerability can be...

CVE-2025-57061

Tenda G3 v3.0brV15.11.0.17 was discovered to contain multiple stack overflows in the formIPMacBindModify function via the ruleId, ip, mac, v6 and remark parameters. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

PT-2025-2558 · Wavlink · Wavlink Ac3000

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 version M33A8.V5030.210505 Description: Multiple buffer overflow vulnerabilities exist in the set qos functionality of internet.cgi. A specially crafted HTTP request can lead to a stack-based buffer overflow. An attacker can ma...

CVE-2024-48630

D-Link DIR882FW130B06 and DIR878 DIR878FW130B08 were discovered to contain a command injection vulnerability via the MacAddress parameter in the SetMACFilters2 function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request...

PT-2024-7029 · D Link · D-Link Dir-878 +1

Name of the Vulnerable Software and Affected Versions: D-Link DIR-882 versions FW130B06 D-Link DIR-878 versions FW130B08 Description: A command injection issue exists in the SetMACFilters2 function due to insufficient neutralization of special elements used in an OS command. This allows attackers...

TOTOLINK A3600R 安全漏洞

TOTOLINK A3600R is a 6-antenna 1200M wireless router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in the TOTOLINK A3600R version 4.1.2cu.5182B20201102, which originates from the priority/macAddress parameter in the setMacQos function of the /cgi-bin/cstecgi.cgi...

PT-2024-23093 · Tenda · Tenda Fh1202

Name of the Vulnerable Software and Affected Versions: Tenda FH1202 version 1.2.0.14408 Description: A critical vulnerability has been found, affecting the function GetParentControlInfo of the file "/goform/GetParentControlInfo". The manipulation of the argument mac leads to a stack-based buffer...

Tenda AC8 缓冲区错误漏洞

Tenda AC8 is a dual-band Gigabit wireless router from Tenda, designed for fiber optic homes up to 1000 megabytes, supporting dual-band concurrent transmission rates up to 1167Mbps, equipped with full Gigabit ports 1 WAN port + 3 LAN ports for 100-1000 megabit broadband access. Tenda AC8 suffers...

PT-2023-4094 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10 version 15.03.06.26 Description: The issue is related to a command injection vulnerability in the function formWriteFacMac, which can be exploited via the mac parameter. This vulnerability may allow a remote attacker to execute...

PT-2023-3384 · Tenda · Tenda Ac5

Name of the Vulnerable Software and Affected Versions: Tenda AC5 router version V15.03.06.28 Description: The issue is related to insufficient input validation in the Tenda AC5 router's firmware, which can be exploited by a remote attacker to execute arbitrary code using the Mac parameter at the...

CVE-2022-46532

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the deviceMac parameter at /goform/addWifiMacFilter...

CVE-2022-37810

Tenda AC1206 V15.03.06.23 was discovered to contain a command injection vulnerability via the mac parameter in the function formWriteFacMac...

CVE-2022-35535

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameter macAddr, which leads to command injection in page /wifimesh.shtml...

CVE-2022-29394

TOTOLINK N600R V4.3.0cu.7647B20210106 was discovered to contain a stack overflow via the macAddress parameter in the function FUN0041b448...