CVE-2025-5848 Tenda AC15 HTTP POST Request setPptpUserList formSetPPTPUserList buffer overflow

A vulnerability was found in Tenda AC15 15.03.05.19multi and classified as critical. Affected by this issue is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component HTTP POST Request Handler. The manipulation of the argument list leads to buffer overflow. The attac...

CVE-2025-5789

A vulnerability classified as critical has been found in TOTOLINK X15 1.0.0-B20230714.1105. This affects an unknown part of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument servicetype leads to buffer overflow. It is possible to initiate the...

CVE-2025-5786

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. Affected is an unknown function of the file /boafrm/formDMZ of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launc...

CVE-2025-5785

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This issue affects some unknown processing of the file /boafrm/formWirelessTbl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack ma...

CVE-2025-5737

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formDosCfg of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer...

CVE-2025-5736

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. Affected is an unknown function of the file /boafrm/formNtp of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launc...

PT-2025-25567 · Totolink · Totolink Ex1200T

Name of the Vulnerable Software and Affected Versions: TOTOLINK EX1200T version 4.1.2cu.5232 B20210713 Description: A critical vulnerability has been found in the TOTOLINK EX1200T, affecting an unknown part of the file /boafrm/formWirelessTbl of the component HTTP POST Request Handler. The...

PT-2025-24366 · Tenda · Tenda Ac9

Name of the Vulnerable Software and Affected Versions: Tenda AC9 version 15.03.02.13 Description: A critical vulnerability has been found in the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg of the component HTTP POST Request Handler. The manipulation of the argument remoteIp...

CVE-2025-5672

A vulnerability has been found in TOTOLINK N302R Plus up to 3.4.0-B20201028 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation of the argument url leads to buffer...

CVE-2025-5839

A vulnerability, which was classified as critical, has been found in Tenda AC9 15.03.02.13. Affected by this issue is the function fromadvsetlanip of the file /goform/AdvSetLanip of the component POST Request Handler. The manipulation of the argument lanMask leads to buffer overflow. The attack m...

CVE-2025-5839

A vulnerability, which was classified as critical, has been found in Tenda AC9 15.03.02.13. Affected by this issue is the function fromadvsetlanip of the file /goform/AdvSetLanip of the component POST Request Handler. The manipulation of the argument lanMask leads to buffer overflow. The attack m...

CVE-2025-5839 Tenda AC9 POST Request AdvSetLanip fromadvsetlanip buffer overflow

A vulnerability, which was classified as critical, has been found in Tenda AC9 15.03.02.13. Affected by this issue is the function fromadvsetlanip of the file /goform/AdvSetLanip of the component POST Request Handler. The manipulation of the argument lanMask leads to buffer overflow. The attack m...

CVE-2025-5836

A vulnerability was found in Tenda AC9 15.03.02.13. It has been rated as critical. This issue affects the function formSetIptv of the file /goform/SetIPTVCfg of the component POST Request Handler. The manipulation of the argument list leads to command injection. The attack may be initiated...

CVE-2025-5836

CVE-2025-5836 concerns a command injection in Tenda AC9 15.03.02.13 via the function formSetIptv in /goform/SetIPTVCfg of the POST Request Handler. The argument list can be manipulated to execute commands, with remote attack possible and exploits publicly disclosed. Affected product is the Tenda ...

CVE-2025-5836 Tenda AC9 POST Request SetIPTVCfg formSetIptv command injection

A vulnerability was found in Tenda AC9 15.03.02.13. It has been rated as critical. This issue affects the function formSetIptv of the file /goform/SetIPTVCfg of the component POST Request Handler. The manipulation of the argument list leads to command injection. The attack may be initiated...

CVE-2025-5836 Tenda AC9 POST Request SetIPTVCfg formSetIptv command injection

A vulnerability was found in Tenda AC9 15.03.02.13. It has been rated as critical. This issue affects the function formSetIptv of the file /goform/SetIPTVCfg of the component POST Request Handler. The manipulation of the argument list leads to command injection. The attack may be initiated...

Cross-site Scripting (XSS)

Overview django-aws-api-gateway-websockets is a Created to allow Django projects to be used as a HTTP backend for AWS API Gateway websockets Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the lack of sanitization an HTTP header in the...

PT-2025-24600 · Totolink · Totolink Ex1200T

Name of the Vulnerable Software and Affected Versions: TOTOLINK EX1200T versions up to 4.1.2cu.5232 B20210713 Description: A critical vulnerability was found in the HTTP POST Request Handler component, affecting the /boafrm/formFilter file. This issue leads to a buffer overflow and can be initiat...

PT-2025-24581 · Totolink · Totolink T10

Name of the Vulnerable Software and Affected Versions: TOTOLINK T10 version 4.1.8cu.5207 Description: A critical vulnerability was found in the TOTOLINK T10, affecting the function setWiFiMeshName of the file /cgi-bin/cstecgi.cgi in the component POST Request Handler. The manipulation of the...

PT-2025-24601 · Totolink · Totolink Ex1200T

Name of the Vulnerable Software and Affected Versions: TOTOLINK EX1200T versions up to 4.1.2cu.5232 B20210713 Description: A critical issue has been found in the HTTP POST Request Handler component, affecting the processing of the file /boafrm/formIpQoS. This leads to a buffer overflow. The attac...