CVE-2026-2142

A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub420688 of the file /goform/setqos. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been made available to the public and could be us...

CVE-2026-2142 D-Link DIR-823X set_qos sub_420688 os command injection

A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub420688 of the file /goform/setqos. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been made available to the public and could be us...

CVE-2026-2142

A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub420688 of the file /goform/setqos. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been made available to the public and could be us...

CVE-2026-2142

CVE-2026-2142 concerns D-Link DIR-823X firmware (build 250416). The vulnerability affects the function sub_420688 in /goform/set_qos, allowing remote OS command injection via manipulation of that function. Public exploit code is available, enabling remote attacks with high impact on confidentiali...

CVE-2024-42644

FlashMQ v1.14.0 contains an assertion failure in PublishCopyFactory::getNewPublish when the publish QoS > 0. This is a network-exploitable issue with high availability impact; CVSS v3.1 vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. No patched version is provided in the sources; some references ...

CVE-2023-53092

In the Linux kernel, the following vulnerability has been resolved: interconnect: exynos: fix node leak in probe PM QoS error path Make sure to add the newly allocated interconnect node to the provider before adding the PM QoS request so that the node is freed on errors...

The vulnerability of the set_qos() function in the internet.cgi script of the Wavlink AC3000 router microprogramming system allows a hacker to execute arbitrary commands.

The vulnerability of the setqos function in the internet.cgi script of the Wavlink AC3000 WL-WN533A8 router microprogramming system is related to the escape of operations from the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by sending...

CVE-2024-39769

Multiple buffer overflow vulnerabilities exist in the internet.cgi setqos functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This...

Stack overflow

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the hiup parameter in the qosext.asp function...

The vulnerability of the set_qosl function in the Milesight UR32L router software allows a hacker to execute arbitrary code.

The vulnerability of the setqos function in the Milesight UR32L router microprogramming system arises due to a stack-based buffer overflow. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

CVE-2021-27705

Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.179502CN allows remote attackers to execute arbitrary code via a crafted action/"qosIndex "request. This occurs because the "formQOSRuleDel" function directly passes the parameter "qosIndex" to strcpy without limit...

Buffer overflow

Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.179502CN allows remote attackers to execute arbitrary code via a crafted action/"qosIndex "request. This occurs because the "formQOSRuleDel" function directly passes the parameter "qosIndex" to strcpy without limit...