PT-2026-37213

Name of the Vulnerable Software and Affected Versions D-Link DI-8100 version 16.07.26A1 Description A buffer overflow can be triggered remotely in the HTTP Handler component. The issue exists within the sprintf function of the '/auto reboot.asp' endpoint, where manipulation of the enable/time...

CVE-2026-2962

A vulnerability was found in D-Link DWR-M960 1.01.07. This vulnerability affects the function sub460F30 of the file /boafrm/formDateReboot of the component Scheduled Reboot Configuration Endpoint. The manipulation of the argument submit-url results in stack-based buffer overflow. The attack may b...

CVE-2026-2962

A vulnerability was found in D-Link DWR-M960 1.01.07. This vulnerability affects the function sub460F30 of the file /boafrm/formDateReboot of the component Scheduled Reboot Configuration Endpoint. The manipulation of the argument submit-url results in stack-based buffer overflow. The attack may b...

CVE-2026-2962 D-Link DWR-M960 Scheduled Reboot Configuration Endpoint formDateReboot sub_460F30 stack-based overflow

A vulnerability was found in D-Link DWR-M960 1.01.07. This vulnerability affects the function sub460F30 of the file /boafrm/formDateReboot of the component Scheduled Reboot Configuration Endpoint. The manipulation of the argument submit-url results in stack-based buffer overflow. The attack may b...

D-Link DWR-M960 安全漏洞

The D-Link DWR-M960 is a router produced by D-Link Corporation. Version 1.01.07 of the D-Link DWR-M960 contains a security vulnerability. This vulnerability stems from incorrect handling of a parameter called submit-url in the function sub460F30 of the Scheduled Reboot Configuration Endpoint, whi...

Exploit for CVE-2026-26235

👤 Author Mohammed Idrees Banyamer - 📍 Country: Jorda...

EUVD-2020-31042

Edimax EW-7438RPn-v3 Mini 1.27 allows unauthenticated attackers to access the /wizardreboot.asp page in unsetup mode, which discloses the Wi-Fi SSID and security key. Attackers can retrieve the wireless password by sending a GET request to this endpoint, exposing sensitive information without...

CVE-2020-37150

Affected software: Edimax EW-7438RPn-v3 Mini, version 1.27. The vulnerability allows unauthenticated attackers to access the /wizard_reboot.asp endpoint in unsetup mode, disclosing the Wi-Fi SSID and security key. Attackers can retrieve the wireless password by issuing a GET request to this endpo...

PT-2026-6590

Name of the Vulnerable Software and Affected Versions Edimax EW-7438RPn-v3 Mini version 1.27 Description The Edimax EW-7438RPn-v3 Mini version 1.27 allows unauthenticated attackers to access the /wizard reboot.asp API endpoint in unsetup mode. This access discloses the Wi-Fi SSID and security key...

CVE-2025-59403

The Flock Safety Android Collins application aka com.flocksafety.android.collins 6.35.31 for Android lacks authentication. It is responsible for the camera feed on Falcon, Sparrow, and Bravo devices, but exposes administrative API endpoints on port 8080 without authentication. Endpoints include b...

CVE-2025-59403

The Flock Safety Android Collins application aka com.flocksafety.android.collins 6.35.31 for Android lacks authentication. It is responsible for the camera feed on Falcon, Sparrow, and Bravo devices, but exposes administrative API endpoints on port 8080 without authentication. Endpoints include b...

CVE-2025-56311

In Shenzhen C-Data Technology Co. FD602GW-DX-R410 firmware v2.2.14, the web management interface contains an authenticated CSRF vulnerability on the reboot endpoint /boaform/admin/formReboot. An attacker can craft a malicious webpage that, when visited by an authenticated administrator, causes th...

CVE-2025-56311

In Shenzhen C-Data Technology Co. FD602GW-DX-R410 firmware v2.2.14, the web management interface contains an authenticated CSRF vulnerability on the reboot endpoint /boaform/admin/formReboot. An attacker can craft a malicious webpage that, when visited by an authenticated administrator, causes th...

C-Data FD602GW-DX-R410 安全漏洞

The C-Data FD602GW-DX-R410 is a wireless router from China Sidet C-Data. A security vulnerability exists in the C-Data FD602GW-DX-R410 version 2.2.14, which stems from a lack of CSRF protection in the /boaform/admin/formReboot endpoint in the web management interface, which could lead to a denial...

CVE-2025-56311

In Shenzhen C-Data Technology Co. FD602GW-DX-R410 firmware v2.2.14, the web management interface contains an authenticated CSRF vulnerability on the reboot endpoint /boaform/admin/formReboot. An attacker can craft a malicious webpage that, when visited by an authenticated administrator, causes th...

PT-2025-39211

Name of the Vulnerable Software and Affected Versions Shenzhen C-Data Technology Co. FD602GW-DX-R410 firmware version 2.2.14 Description The web management interface contains an authenticated Cross-Site Request Forgery CSRF issue on the reboot endpoint /boaform/admin/formReboot. An attacker can...

PT-2024-21118 · Wyrestorm · Wyrestorm Apollo Vx20

Name of the Vulnerable Software and Affected Versions: WyreStorm Apollo VX20 versions prior to 1.3.58 Description: An issue allows remote attackers to restart the device via a "/device/reboot" GET request. Recommendations: For versions prior to 1.3.58, update to version 1.3.58 or later to resolve...

CVE-2022-26953

Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow. An attacker can supply a string in the page parameter for reboot.asp endpoint, allowing him to force an overflow when the string is concatenated to the HTML body...

CVE-2022-26953

Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow. An attacker can supply a string in the page parameter for reboot.asp endpoint, allowing him to force an overflow when the string is concatenated to the HTML body...

CVE-2022-26953

Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow. An attacker can supply a string in the page parameter for reboot.asp endpoint, allowing him to force an overflow when the string is concatenated to the HTML body...