CVE-2026-9628

A weakness has been identified in UTT HiPER 1200GW up to 2.5.3-170306. Affected is an unknown function of the file /goform/formPptpClientConfig of the component Web Management Interface. This manipulation of the argument PPTP server address/username/password/tunnel name causes stack-based buffer...

CVE-2026-7054 Tenda F456 httpd PPTPDClient fromPptpUserAdd buffer overflow

A weakness has been identified in Tenda F456 1.0.0.5. This vulnerability affects the function fromPptpUserAdd of the file /goform/PPTPDClient of the component httpd. Executing a manipulation of the argument opttype/usernamewith can lead to buffer overflow. The attack can be executed remotely. The...

CVE-2026-3729

A vulnerability was identified in Tenda F453 1.0.0.3/3.As. Impacted is the function fromPptpUserAdd of the file /goform/PPTPDClient. Such manipulation of the argument username/opttype leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and...

UTT 520W 安全漏洞

UTT 520W is a wireless router from China Aitai UTT. A security vulnerability exists in the UTT 520W version 1.7.7-180627, which originates from incorrect manipulation of the parameter EncryptionMode of the function strcpy in the file /goform/formPptpClientConfig, which could lead to a buffer...

CVE-2025-15046

A vulnerability has been found in Tenda WH450 1.0.0.18. The impacted element is an unknown function of the file /goform/PPTPClient of the component HTTP Request Handler. Such manipulation of the argument netmsk leads to stack-based buffer overflow. It is possible to launch the attack remotely. Th...

CVE-2025-15046

A vulnerability has been found in Tenda WH450 1.0.0.18. The impacted element is an unknown function of the file /goform/PPTPClient of the component HTTP Request Handler. Such manipulation of the argument netmsk leads to stack-based buffer overflow. It is possible to launch the attack remotely. Th...

CVE-2025-15046 Tenda WH450 HTTP Request PPTPClient stack-based overflow

A vulnerability has been found in Tenda WH450 1.0.0.18. The impacted element is an unknown function of the file /goform/PPTPClient of the component HTTP Request Handler. Such manipulation of the argument netmsk leads to stack-based buffer overflow. It is possible to launch the attack remotely. Th...

PT-2025-52850

Name of the Vulnerable Software and Affected Versions Tenda WH450 version 1.0.0.18 Description A stack-based buffer overflow exists in the HTTP Request Handler component of the Tenda WH450. The issue is located in the /goform/PPTPClient file and can be triggered by manipulating the netmsk argumen...

Tenda FH1202 /goform/PPTPDClient File Buffer Overflow Vulnerability

The Tenda FH1202 is a wireless router from Tenda China. The Tenda FH1202 version 1.2.0.14408 suffers from a buffer overflow vulnerability, which originates from the failure of the function fromPptpUserAdd parameter Username to correctly validate the length of the input data in the file...

CVE-2025-7551

A vulnerability was found in Tenda FH1201 1.2.0.14408. It has been declared as critical. Affected by this vulnerability is the function fromPptpUserAdd of the file /goform/PPTPDClient. The manipulation of the argument modino/username leads to stack-based buffer overflow. The attack can be launche...

Command injection

A post-authentication command injection vulnerability exists in the PPTP client functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to...

CVE-2023-36498

A post-authentication command injection vulnerability exists in the PPTP client functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to...

TP-Link ER7206 Omada Gigabit VPN Router uhttpd PPTP client Command injection Vulnerability

Talos Vulnerability Report TALOS-2023-1853 TP-Link ER7206 Omada Gigabit VPN Router uhttpd PPTP client Command injection Vulnerability February 6, 2024 CVE Number CVE-2023-36498 SUMMARY A post-authentication command injection vulnerability exists in the PPTP client functionality of Tp-Link ER7206...

SUSE CVE-2017-15631

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-workmode variable in the pptpclient.lua file...

CVE-2017-15627

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-pns variable in the pptpclient.lua file...

CVE-2017-15630

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-remotesubnet variable in the pptpclient.lua file...

CVE-2017-15631

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-workmode variable in the pptpclient.lua file...

CVE-2017-15629

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-tunnelname variable in the pptpclient.lua file...

CVE-2017-15615

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptpclient.lua file...

CVE-2017-15618

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-enable variable in the pptpclient.lua file...