CVE-2026-2909

A vulnerability was detected in Tenda HG9 300001138. This affects an unknown part of the file /boaform/formPing of the component Diagnostic Ping Endpoint. Performing a manipulation of the argument pingAddr results in stack-based buffer overflow. The attack is possible to be carried out remotely...

CVE-2026-2909

A vulnerability was detected in Tenda HG9 300001138. This affects an unknown part of the file /boaform/formPing of the component Diagnostic Ping Endpoint. Performing a manipulation of the argument pingAddr results in stack-based buffer overflow. The attack is possible to be carried out remotely...

CVE-2026-2909

CVE-2026-2909 affects Tenda HG9 300001138. The vulnerability exists in the Diagnostic Ping Endpoint at /boaform/formPing, where manipulating the pingAddr argument triggers a stack-based buffer overflow. It is exploitable remotely, and public exploits exist. CVSS metrics indicate high impact acros...

CVE-2026-2909 Tenda HG9 Diagnostic Ping Endpoint formPing stack-based overflow

A vulnerability was detected in Tenda HG9 300001138. This affects an unknown part of the file /boaform/formPing of the component Diagnostic Ping Endpoint. Performing a manipulation of the argument pingAddr results in stack-based buffer overflow. The attack is possible to be carried out remotely...

CVE-2026-2909 Tenda HG9 Diagnostic Ping Endpoint formPing stack-based overflow

A vulnerability was detected in Tenda HG9 300001138. This affects an unknown part of the file /boaform/formPing of the component Diagnostic Ping Endpoint. Performing a manipulation of the argument pingAddr results in stack-based buffer overflow. The attack is possible to be carried out remotely...

CVE-2026-2909

A vulnerability was detected in Tenda HG9 300001138. This affects an unknown part of the file /boaform/formPing of the component Diagnostic Ping Endpoint. Performing a manipulation of the argument pingAddr results in stack-based buffer overflow. The attack is possible to be carried out remotely...

PT-2026-21410

Name of the Vulnerable Software and Affected Versions Tenda HG9 version 300001138 Description A security flaw exists in the Tenda HG9 router's Diagnostic Ping component. The issue stems from a stack-based buffer overflow caused by improper handling of input in the pingAddr argument of the...

Tenda HG9 安全漏洞

The Tenda HG9 is a WiFi router produced by the Chinese company Tenda. The Tenda HG9 300001138 version has a security vulnerability. This vulnerability stems from incorrect handling of the parameter “pingAddr” in the file/boaform/formPing of the Diagnostic Ping Endpoint component, which may lead t...

CVE-2026-2824

A flaw has been found in Comfast CF-E7 2.6.0.9. This affects the function sub441CF4 of the file /cgi-bin/mbox-config?method=SET=pingconfig of the component webmggnt. Executing a manipulation of the argument destination can lead to command injection. The attack may be performed from remote. The...

CVE-2026-2824

A flaw has been found in Comfast CF-E7 2.6.0.9. This affects the function sub441CF4 of the file /cgi-bin/mbox-config?method=SET&section=pingconfig of the component webmggnt. Executing a manipulation of the argument destination can lead to command injection. The attack may be performed from remote...

CVE-2026-2824

A flaw has been found in Comfast CF-E7 2.6.0.9. This affects the function sub441CF4 of the file /cgi-bin/mbox-config?method=SET&section=pingconfig of the component webmggnt. Executing a manipulation of the argument destination can lead to command injection. The attack may be performed from remote...

CVE-2026-2824 Comfast CF-E7 webmggnt mbox-config sub_441CF4 command injection

A flaw has been found in Comfast CF-E7 2.6.0.9. This affects the function sub441CF4 of the file /cgi-bin/mbox-config?method=SET&section=pingconfig of the component webmggnt. Executing a manipulation of the argument destination can lead to command injection. The attack may be performed from remote...

PT-2026-21000

A flaw has been found in Comfast CF-E7 2.6.0.9. This affects the function sub 441CF4 of the file /cgi-bin/mbox-config?method=SET&section=ping config of the component webmggnt. Executing a manipulation of the argument destination can lead to command injection. The attack may be performed from...

Comfast CF-E7 命令注入漏洞

The Comfast CF-E7 is a wireless router produced by Comfast Corporation. The Comfast CF-E7 version 2.6.0.9 has a command injection vulnerability. This vulnerability stems from an incorrect handling of parameters in the function sub441CF4 of the webmggnt component’s...

PT-2026-8243

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted POST requests to the diag ping.php endpoint with script payloads ...

Deciso OPNsense 跨站脚本漏洞

Deciso OPNsense is a firewall and router operating system developed by the Dutch company Deciso. Version 19.1 of Decivo OPNsense contains a cross-site scripting vulnerability. This vulnerability stems from insufficient input validation for the host parameter in the diagping.php endpoint, which ma...

CVE-2026-25123 Homarr affected by Unauthenticated SSRF / Port-Scan Primitive via widget.app.ping

Homarr is an open-source dashboard. Prior to 1.52.0, a public unauthenticated tRPC endpoint widget.app.ping accepts an arbitrary url and performs a server-side request to that URL. This allows an unauthenticated attacker to trigger outbound HTTP requests from the Homarr server, enabling SSRF...

CVE-2026-25123 Homarr affected by Unauthenticated SSRF / Port-Scan Primitive via widget.app.ping

Homarr is an open-source dashboard. Prior to 1.52.0, a public unauthenticated tRPC endpoint widget.app.ping accepts an arbitrary url and performs a server-side request to that URL. This allows an unauthenticated attacker to trigger outbound HTTP requests from the Homarr server, enabling SSRF...

CVE-2026-25123 Homarr affected by Unauthenticated SSRF / Port-Scan Primitive via widget.app.ping

Homarr is an open-source dashboard. Prior to 1.52.0, a public unauthenticated tRPC endpoint widget.app.ping accepts an arbitrary url and performs a server-side request to that URL. This allows an unauthenticated attacker to trigger outbound HTTP requests from the Homarr server, enabling SSRF...

PT-2026-6801

Name of the Vulnerable Software and Affected Versions Homarr versions prior to 1.52.0 Description Homarr is an open-source dashboard susceptible to Server-Side Request Forgery SSRF. A public, unauthenticated tRPC endpoint, widget.app.ping, accepts an arbitrary URL and makes a server-side request ...