42 matches found
CVE-2026-13564
Summary: CVE-2026-13564 affects Edimax EW-7478APC firmware 1.04, specifically the POST Request Handler’s formPPPoESetup function. Manipulating the pppUserName argument triggers a stack-based buffer overflow, enabling remote attacker access. Public exploit reportedly exists and the vendor did not ...
EUVD-2026-38871
In the Linux kernel, the following vulnerability has been resolved: pppoe: drop PFC frames RFC 2516 Section 7 states that Protocol Field Compression PFC is NOT RECOMMENDED for PPPoE. In practice, pppd does not support negotiating PFC for PPPoE sessions, and the current PPPoE driver assumes an...
CVE-2026-53003
In the Linux kernel, the following vulnerability has been resolved: pppoe: drop PFC frames RFC 2516 Section 7 states that Protocol Field Compression PFC is NOT RECOMMENDED for PPPoE. In practice, pppd does not support negotiating PFC for PPPoE sessions, and the current PPPoE driver assumes an...
CVE-2026-46306 flow_dissector: do not dissect PPPoE PFC frames
In the Linux kernel, the following vulnerability has been resolved: flowdissector: do not dissect PPPoE PFC frames RFC 2516 Section 7 states that Protocol Field Compression PFC is NOT RECOMMENDED for PPPoE. In practice, pppd does not support negotiating PFC for PPPoE sessions, and the flow...
EUVD-2026-35171
In the Linux kernel, the following vulnerability has been resolved: flowdissector: do not dissect PPPoE PFC frames RFC 2516 Section 7 states that Protocol Field Compression PFC is NOT RECOMMENDED for PPPoE. In practice, pppd does not support negotiating PFC for PPPoE sessions, and the flow...
CVE-2026-46306
In the Linux kernel, the following vulnerability has been resolved: flowdissector: do not dissect PPPoE PFC frames RFC 2516 Section 7 states that Protocol Field Compression PFC is NOT RECOMMENDED for PPPoE. In practice, pppd does not support negotiating PFC for PPPoE sessions, and the flow...
PT-2026-47377
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the flow dissector where the processing of PPPoE Protocol Field Compression PFC frames can lead to a 4-byte misalignment of the network header. This misalignment cause...
Edimax BR-6675nD 安全漏洞
The Edimax BR-6675nD is a dual-band broadband wireless router produced by Edimax Corporation. Version 1.12 of the Edimax BR-6675nD contains a security vulnerability. This vulnerability stems from the formsetPPPoE function in the POST Request Handler component, where improper handling of the...
CVE-2026-34472
Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2TE and V6.0.10P3N3TE allows unauthenticated attackers on the local network to retrieve sensitive credentials from the router's web management interface, including the default administrator password, WLAN PSK,...
netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto()
...
EUVD-2025-32460
A flaw has been found in Belkin F9K1015 1.00.10. This affects an unknown part of the file /goform/formPPPoESetup. This manipulation of the argument pppUserName causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor was...
PT-2025-40811
Name of the Vulnerable Software and Affected Versions Belkin F9K1015 version 1.00.10 Description A flaw exists in Belkin F9K1015 version 1.00.10 related to a buffer overflow. The issue is located in the file /goform/formPPPoESetup. Manipulation of the pppUserName argument causes the overflow...
CVE-2025-34150
The PPPoE configuration interface of the Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 is vulnerable to command injection via the 'user' parameter. Input is processed unsafely during network setup, allowing attackers to execute arbitrary system commands with root privileges...
Belkin F9K1122 安全漏洞
The Belkin F9K1122 is a WiFi signal extender. The Belkin F9K1122 suffers from a buffer overflow vulnerability that originates from the incorrect operation of the parameter pppUserName in the file /goform/formPPPoESetup, no details of the vulnerability are provided at this time...
CVE-2024-20327
A vulnerability in the PPP over Ethernet PPPoE termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to crash the pppma process, resulting in a denial of service DoS condition. This vulnerability is du...
kernel: netfilter: flowtable: incorrect pppoe tuple
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: incorrect pppoe tuple pppoe traffic reaching ingress path does not match the flowtable entry because the pppoe header is expected to be at the network header offset. This bug causes a mismatch in the flow...
DEBIAN-CVE-2024-27015
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: incorrect pppoe tuple pppoe traffic reaching ingress path does not match the flowtable entry because the pppoe header is expected to be at the network header offset. This bug causes a mismatch in the flow...
DEBIAN-CVE-2024-27016
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: validate pppoe header Ensure there is sufficient room to access the protocol field of the PPPoe header. Validate it once before the flowtable lookup, then use a helper function to access protocol field...
AZL-42237 CVE-2024-27015 affecting package kernel for versions less than 5.15.158.1-1
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: incorrect pppoe tuple pppoe traffic reaching ingress path does not match the flowtable entry because the pppoe header is expected to be at the network header offset. This bug causes a mismatch in the flow...
The vulnerability of the PPP over Ethernet (PPPoE) network gateway function in Cisco IOS XR operating systems allows a hacker to induce a service failure.
The vulnerability of the PPP over Ethernet PPPoE network gateway function in Cisco IOS XR operating systems is related to insufficient input data validation. Exploiting this vulnerability could allow a malicious actor to cause service interruptions by sending specific PPPoE packets...