CVE-2026-2530

A weakness has been identified in Wavlink WL-WN579A3 up to 20210219. This affects the function AddMac of the file /cgi-bin/wireless.cgi. This manipulation of the argument macAddr causes command injection. The attack is possible to be carried out remotely. The exploit has been made available to th...

CVE-2026-23209 macvlan: fix error recovery in macvlan_common_newlink()

In the Linux kernel, the following vulnerability has been resolved: macvlan: fix error recovery in macvlancommonnewlink valis provided a nice repro to crash the kernel: ip link add p1 type veth peer p2 ip link set address 00:00:00:00:00:20 dev p1 ip link set up dev p1 ip link set up dev p2 ip lin...

CVE-2026-23209

CVE-2026-23209 is a Linux kernel macvlan bug. The issue occurs in macvlan when creating a new link with MACVLAN_MODE_SOURCE and MACVLAN_MACADDR_ADD/SET and the lower device already has a macvlan port, causing a use-after-free after a failed register_netdevice() in the create path. Upstream kernel...

CVE-2022-35535

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameter macAddr, which leads to command injection in page /wifimesh.shtml...

EUVD-2025-11767

Malicious code in bioql PyPI...

EUVD-2022-38422

Malicious code in bioql PyPI...

EUVD-2022-41141

Malicious code in bioql PyPI...

CVE-2025-10958

The CVE-2025-10958 issue affects Wavlink NU516U1 M16U1_V240425, specifically the AddMac Page’s /cgi-bin/wireless.cgi, function sub_403010. The vulnerability stems from manipulating the macAddr argument, leading to command injection. Remote exploitation is possible, and an exploit has been publish...

PT-2025-39431

Name of the Vulnerable Software and Affected Versions Wavlink NU516U1 M16U1 V240425 Description A flaw exists in the function sub 403010 of the file /cgi-bin/wireless.cgi within the AddMac Page component. Manipulation of the macAddr argument can lead to command injection. Remote exploitation is...

CVE-2025-10359

A vulnerability was detected in Wavlink WL-WN578W2 221110. This impacts the function sub404DBC of the file /cgi-bin/wireless.cgi. The manipulation of the argument macAddr results in os command injection. The attack can be launched remotely. The exploit is now public and may be used. The vendor wa...

Wavlink WL-WN578W2 操作系统命令注入漏洞

The Wavlink WL-WN578W2 is a wireless repeater from China's Wavlink. The Wavlink WL-WN578W2 221110 version has an operating system command injection vulnerability, which originates from the parameter macAddr in the sub404DBC function of the file /cgi-bin/wireless.cgi that fails to correctly filter...

CVE-2022-38563

Tenda M3 V1.0.0.124856 was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability allows attackers to cause a Denial of Service DoS via the MACAddr parameter...

CVE-2025-29042

An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the macaddr key value to the function 0x42232c...

CVE-2025-29042

An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the macaddr key value to the function 0x42232c...

D-Link DIR 832x 安全漏洞

The D-Link DIR-832x is a wireless router from China's AUO D-Link. The D-Link DIR-832x suffers from a command injection vulnerability that stems from the macaddr key value and the function 0x42232c failing to properly filter constructed command special characters, commands, and so on. An attacker...

CVE-2025-29042

An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the macaddr key value to the function 0x42232c...

CVE-2025-29042

An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the macaddr key value to the function 0x42232c...

CVE-2025-29042

The CVE-2025-29042 entry concerns D-Link DIR-832x (version 240802) with a command-injection vulnerability in the 0x42232c function triggered via the macaddr parameter, allowing remote arbitrary code execution. Affected component: the 0x42232c handling path in the device firmware; root cause descr...

CVE-2022-38563

Tenda M3 V1.0.0.124856 was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability allows attackers to cause a Denial of Service DoS via the MACAddr parameter...

Heap overflow

Tenda M3 V1.0.0.124856 was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability allows attackers to cause a Denial of Service DoS via the MACAddr parameter...