TOTOLINK A3300R pppoeMtu Parameter Command Injection Vulnerability

TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A3300R pppoeMtu parameter suffers from a command injection vulnerability that stems from the firmware failing to properly validate user input for the pppoeMtu parameter in /cgi-bin/cstecgi.cgi, which can be...

EUVD-2026-25255

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the dhcpMtu parameter to /cgi-bin/cstecgi.cgi...

EUVD-2026-25242

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the pppoeMtu parameter to /cgi-bin/cstecgi.cgi...

PT-2026-34712

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557 B20221024 allowing attackers to execute arbitrary commands via the dhcpMtu parameter to /cgi-bin/cstecgi.cgi...

Tenda AX-1803 sub_4F55C function stack buffer overflow vulnerability

Tenda AX-1803 is a dual-band Gigabit WiFi6 wireless router from Tenda that supports dual bands of 2.4GHz and 5GHz with a maximum transmission rate of 1774Mbps for home or small office scenarios. The Tenda AX-1803 suffers from a stack buffer overflow vulnerability that originates from the wanMTU...

PT-2025-46173

Name of the Vulnerable Software and Affected Versions Tenda AX-1803 version 1.0.0.1 Description The Tenda AX-1803 version 1.0.0.1 contains a stack overflow issue. This occurs through the wanMTU parameter within the sub 4F55C function. A crafted request can trigger this, leading to a Denial of...

EUVD-2024-30167

Malicious code in bioql PyPI...

EUVD-2025-32183

Malicious code in bioql PyPI...

CVE-2025-60663

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the wanMTU parameter in the fromAdvSetMacMtuWan function...

CVE-2025-10432

A vulnerability was found in Tenda AC1206 15.03.06.23. This vulnerability affects the function checkparamchanged of the file /goform/AdvSetMacMtuWa of the component HTTP Request Handler. Performing manipulation of the argument wanMTU results in stack-based buffer overflow. Remote exploitation of...

Tenda AC1206 安全漏洞

Tenda AC1206 is a wireless gigabit router from Tenda China. A security vulnerability exists in Tenda AC1206 version 15.03.06.23, which originates from the incorrect manipulation of the parameter wanMTU by the function checkparamchanged in the file /goform/AdvSetMacMtuWa in the HTTP Request Handle...

Tenda AC20 安全漏洞

The Tenda AC20 is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC20 version 16.03.08.05, which originates from the parameter wanMTU in the file /goform/fromAdvSetMacMtuWan that fails to correctly validate the length of the incoming data, and ca...

Tenda AC10 安全漏洞

The Tenda AC10 is a home wireless router that provides a stable and fast internet connection. A buffer overflow vulnerability exists in Tenda AC10. The vulnerability stems from the AdvSetMacMtuWan function not validly checking the length of the incoming data when processing the wanMTU2 parameter...

CVE-2025-29384

In Tenda AC9 v1.0 V15.03.05.14multi, the wanMTU parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution...

Tenda AC9 缓冲区错误漏洞

Tenda AC9 is a wireless router from Tenda, a Chinese company. The Tenda AC9 suffers from a buffer overflow vulnerability that originates from the wanMTU parameter of the formAdvSetMacMtuWan function failing to properly validate the length of the input data, which can be exploited by an attacker t...

TOTOLINK X5000R mtu parameter code execution vulnerability

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A code execution vulnerability exists in the TOTOLINK X5000R mtu parameter, which stems from the mtu parameter of cstecgi.cgi failing to properly filter special elements of the constructed snippet. An attacker could exploit...

CVE-2024-32349

TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain an authenticated remote command execution RCE vulnerability via the "mtu" parameters in the "cstecgi.cgi" binary...

TOTOLINK X5000R 安全漏洞

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A code execution vulnerability exists in the TOTOLINK X5000R mtu parameter, which stems from the mtu parameter of cstecgi.cgi failing to properly filter special elements of the constructed snippet. An attacker could exploit...

CVE-2022-30525 (FIXED): Zyxel Firewall Unauthenticated Remote Command Injection

Rapid7 discovered and reported a vulnerability that affects Zyxel firewalls supporting Zero Touch Provisioning ZTP, which includes the ATP series, VPN series, and the USG FLEX series including USG20-VPN and USG20W-VPN. The vulnerability, identified as CVE-2022-30525, allows an unauthenticated and...