CVE-2026-10125

A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formPPPoESetup of the file /goform/formPPPoESetup of the component POST Request Handler. The manipulation of the argument pppUserName leads to stack-based buffer overflow. The attack can be...

CVE-2026-10125

CVE-2026-10125 affects Edimax BR-6478AC firmware 1.23. The issue is in the POST Request Handler’s file /goform/formPPPoESetup, specifically the formPPPoESetup function. Manipulating the pppUserName argument triggers a stack-based buffer overflow, with remote initiation possible. Public exploit ma...

CVE-2026-10125

A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formPPPoESetup of the file /goform/formPPPoESetup of the component POST Request Handler. The manipulation of the argument pppUserName leads to stack-based buffer overflow. The attack can be...

EUVD-2026-33468

A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formPPPoESetup of the file /goform/formPPPoESetup of the component POST Request Handler. The manipulation of the argument pppUserName leads to stack-based buffer overflow. The attack can be...

ZTE ZXHN H188A V6 - Authentication Bypass

Exploit Title: ZTE ZXHN H188A V6 - Authentication Bypass Date: 2026-05-20 Exploit Author: Mina Nageh Salalma Monx Research Vendor Homepage: https://www.zte.com.cn Software Link: https://github.com/minanagehsalalma/cve-2026-34472-auth-bypass-zte-h188a-router Version: ZXHN H188A V6.0.10P2TE,...

CVE-2026-36539

Netis AC1200 Router NC21 V4.0.1.4296 exposes a CGI endpoint /cgi-bin/skkget.cgi that returns the entire router configuration as a JSON response with no authentication required. Any attacker on the LAN can send a single HTTP GET request and instantly retrieve administrator credentials, WiFi...

PT-2026-43706

Netis AC1200 Router NC21 V4.0.1.4296 exposes a CGI endpoint /cgi-bin/skk get.cgi that returns the entire router configuration as a JSON response with no authentication required. Any attacker on the LAN can send a single HTTP GET request and instantly retrieve administrator credentials, WiFi...

CVE-2026-36539

The affected product is Netis AC1200 Router NC21 (firmware version referenced: V4.0.1.4296). The issue is an unauthenticated CGI endpoint at /cgi-bin/skk_get.cgi that returns the entire router configuration as JSON, exposing administrator credentials, Wi‑Fi and PPPoE credentials, DDNS credentials...

📄 ZTE ZXHN H168N 3.5 Credential Disclosure

The ZTE ZXHN H168N V3.5 firmware exposes quick-setup wizard endpoints that return PPPoE credentials ADUsername, VDUsername and the WLAN KeyPassphrase via the GetPassword action without requiring authentication. The firmware routing allowlists these endpoints through a QuickSetupEnable branch. In...

📄 ZTE ZXHN H188A V6 Authentication Bypass

Unauthenticated requests to the root path of ZTE ZXHN H188A V6 firmware can reach pre-login wizard handlers and disclose WLAN PSKs, SSIDs, and PPPoE usernames. The leaked Wi-Fi password is also the default administrator password after uppercasing, resulting in full authentication bypass. -----BEG...

CVE-2026-9399

A vulnerability was detected in Edimax BR-6675nD 1.12. This vulnerability affects the function formsetPPPoE of the file /goform/formsetPPPoE of the component POST Request Handler. Performing a manipulation of the argument pppUserName results in buffer overflow. It is possible to initiate the atta...

CVE-2026-9381

The CVE describes a buffer overflow in Edimax BR-6675nD firmware version 1.12 affecting the POST Request Handler’s formPPPoESetup function (file /goform/formPPPoESetup). The issue is triggered by manipulating the pppUserName argument, potentially allowing remote exploitation. Public exploit infor...

kernel: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto()

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: account for Ethernet header in nfflowpppoeproto syzbot found a potential access to uninit-value in nfflowpppoeproto Blamed commit forgot the Ethernet header. BUG: KMSAN: uninit-value in...

kernel: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto()

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: account for Ethernet header in nfflowpppoeproto syzbot found a potential access to uninit-value in nfflowpppoeproto Blamed commit forgot the Ethernet header. BUG: KMSAN: uninit-value in...

TOTOLINK A3300R pppoeMtu Parameter Command Injection Vulnerability

TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A3300R pppoeMtu parameter suffers from a command injection vulnerability that stems from the firmware failing to properly validate user input for the pppoeMtu parameter in /cgi-bin/cstecgi.cgi, which can be...

EUVD-2026-25242

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the pppoeMtu parameter to /cgi-bin/cstecgi.cgi...

TOTOLINK A3300R 命令注入漏洞

TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A3300R pppoeServiceName parameter suffers from a command injection vulnerability that stems from the cstecgi.cgi file failing to properly validate the pppoeServiceName parameter, which can be exploited by an...

CVE-2026-31165

An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557B20221024 allowing attackers to execute arbitrary commands via the pppoeServiceName parameter to /cgi-bin/cstecgi.cgi...

D-Link DI-8003 Buffer Overflow Vulnerability (CNVD-2026-17623)

The D-Link DI-8003 is a wireless router from China-based AUO D-Link. The D-Link DI-8003 suffers from a buffer overflow vulnerability that stems from the s parameter in the pppoelistopt.asp endpoint failing to properly validate the length size of the input data, which can be exploited by an attack...

CVE-2026-6155

A weakness has been identified in Totolink A7100RU 7.4cu.2313. The impacted element is the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument pppoeServiceName can lead to os command injection. The attack may be launched...