CVE-2026-3294 Authentication Logic Vulnerability on Multiple TP-Link Range Extenders

An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated attacker on an adjacent network to manipulate a login parameter and reset the administrator password due to insufficient validation. Successful exploitation allows an attacker to obtain full...

EUVD-2026-31502

An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated attacker on an adjacent network to manipulate a login parameter and reset the administrator password due to insufficient validation. Successful exploitation allows an attacker to obtain full...

CVE-2026-41460

SocialEngine versions 7.8.0 and prior contain a SQL injection vulnerability in the /activity/index/get-memberall endpoint where user-supplied input passed via the text parameter is not sanitized before being incorporated into a SQL query. An unauthenticated remote attacker can exploit this...

CVE-2026-23813

A vulnerability has been identified in the web-based management interface of AOS-CX switches that could potentially allow an unauthenticated remote actor to circumvent existing authentication controls. In some cases this could enable resetting the admin password...

CVE-2018-25177 Data Center Audit 2.6.2 Cross-Site Request Forgery via dca_resetpw.php

Data Center Audit 2.6.2 contains a cross-site request forgery vulnerability that allows attackers to reset administrator passwords without authentication by submitting crafted POST requests. Attackers can send requests to dcaresetpw.php with parameters updateuser, pass, pass2, and submitreset to...

PT-2026-3270

Name of the Vulnerable Software and Affected Versions TP-Link VIGI Cameras affected versions not specified Description An authentication bypass issue exists in the password recovery feature of the local web interface of TP-Link VIGI cameras. This allows an attacker on the Local Area Network LAN t...

CVE-2025-31702

CVE-2025-31702 describes a vulnerability in Dahua embedded products where a third-party with normal user credentials can access data restricted to admin privileges via a specific HTTP request, potentially tampering with the admin password and causing privilege escalation. Systems that are configu...

CVE-2020-9529

Firmware developed by Shenzhen Hichip Vision Technology V6 through V20, as used by many different vendors in millions of Internet of Things devices, suffers from a privilege escalation vulnerability that allows attackers on the local network to reset the device's administrator password. This...

Vodafone Mobile Wifi - Reset Admin Password

Vodafone Mobile Wifi - Reset Admin Password import urllib2 import json from datetime import datetime, timedelta import time import httplib from threading import Thread from Queue import Queue from multiprocessing import process print """ Vodafone Mobile WiFi - Password reset exploit Daniele...

Edimax PS-1206MF Authentication Bypass

Title: Edimax PS-1206MF - Web Admin Auth Bypass Date: 30.08.15 Vendor: edimax.com Firmware version: 4.8.25 Author: Smash Contact: smash at devilteam.pl HTTP authorization is not being properly verified while sendind POST requests to .cgi, remote attacker is able to change specific settings or eve...

TP-Link TD-W8951ND - Multiple Vulnerabilities

----------- Author: ----------- xistence ------------------------- Affected products: ------------------------- Tested on TP-Link TD-W8951ND Firmware 4.0.0 Build 120607 Rel.30923 ------------------------- Affected vendors: ------------------------- TP-Link http://www.tp-link.com/ ----------...

sNews 1.5.30 - Remote Reset Admin Pass / Command Execution

126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$stri...