2269 matches found
Netgear R6850 - Information Disclosure
Netgear R6850 router firmware version V1.1.0.88 contains an information leakage vulnerability in the currentsetting.htm page.This hidden interface is not protected by authentication, allowing unauthenticated attackers to access sensitive informationsuch as firmware version, model details,...
Razer Sila Gaming Router - Remote Code Execution
A command injection in the command parameter of Razer Sila Gaming Router v2.0.441api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request. id: CVE-2022-29013 info: name: Razer Sila Gaming Router - Remote Code Execution author: DhiyaneshDK severity: critical descriptio...
Intelbras WRN 150 - Authentication Bypass
Intelbras WRN 150 router is vulnerable to authentication bypass through cookie manipulation. An attacker can bypass authentication and download the router configuration file by manipulating the admin:language cookie. id: CVE-2017-14942 info: name: Intelbras WRN 150 - Authentication Bypass author:...
EUVD-2026-42504
An issue in Generic OEM UZ801v2.1 4G LTE Router V3.4.3 allows a remote attacker to execute arbitrary code via the /ajax web management API endpoint in MifiService.apk...
CVE-2026-59800 9Router < 0.4.44 - OS Command Injection via sudoPassword Parameter in Tailscale Install Endpoint
9Router before 0.4.44 contains an OS command injection vulnerability in the unauthenticated POST /api/tunnel/tailscale-install endpoint this route is not covered by the dashboard middleware matcher, so no authorization check is applied. The sudoPassword field from the request body is written to t...
9router: Login brute-force protection bypass via spoofed X-Forwarded-For header
Summary The 9router dashboard login rate limiter derives the client identity from the attacker-controlled X-Forwarded-For HTTP header. When 9router is directly exposed, or deployed behind a reverse proxy that does not overwrite untrusted forwarding headers, a remote attacker can rotate the...
The vulnerability of the final point /goform/getHomePageInfo of the microprogramming software for the Pix-Link LV-WR21Q router, which allows a hacker to trigger a service failure.
The vulnerability of the final point /goform/getHomePageInfo of the Pix-Link LV-WR21Q router’s microprogramming system is related to insufficient checking of unusual or exceptional states. Exploiting this vulnerability could allow a malicious actor to cause service failures...
PT-2026-50084
Name of the Vulnerable Software and Affected Versions TL-WR940N version v6 Description An authenticated OS command injection exists in the BigPond Cable BPA WAN configuration module due to improper sanitization of user input. An attacker with administrative access can exploit this flaw to execute...
EUVD-2026-36078
An OS command injection vulnerability exists in the VPN module of TP-Link Archer AX12 v1, AX17 v1. AX18 v1, and AX1300 v1.6 routers. This vulnerability allows an adjacent, authenticated attacker to execute arbitrary commands on the device by importing a specially crafted VPN client configuration...
CVE-2026-0416 Improper input validation in certain NETGEAR routers allows unauthorized modification of protected router functionality
An insufficient input validation vulnerability in certain NETGEAR router models as listed allows an authenticated administrator with local network access to submit crafted input that bypasses intended management interface restrictions, resulting in unauthorized modification of protected router...
PT-2026-48176
Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.32204 was discovered to contain a stack overflow in the wl radio parameter of the formwrlSSIDset function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...
NETGEAR 多款产品输入验证错误漏洞
NETGEAR is a router product from the American company NETGEAR. It is a hardware device used to connect two or more networks, acting as a gateway between them. Several NETGEAR products have a vulnerability related to input validation. This vulnerability allows attackers to intercept and tamper wit...
Tenda W15E 安全漏洞
The Tenda W15E is a wireless router produced by the Chinese company Tenda. The version 15.11.0.10 of the Tenda W15E contains a security vulnerability. This vulnerability stems from a buffer overflow in the webAuthUserPwd parameter within the formModifyWebAuthUser function, which could allow...
Tenda W20E 安全漏洞
The Tenda W20E is a router produced by the Chinese company Tenda. The version 15.11.0.6 of the Tenda W20E contains a security vulnerability. This vulnerability stems from a buffer overflow in the webAuthWhiteUserInfo parameter within the formAddWebAuthWhiteUser function. It is possible for...
Tenda G0 安全漏洞
Tenda G0 is a router produced by the Chinese company Tenda. The version 15.11.0.5 of Tenda G0 contains a security vulnerability. This vulnerability stems from a stack overflow issue in the picCropName parameter within the formCropAndSetWewifiPic function. It may allow attackers to cause...
NETGEAR RAXE450和NETGEAR RAXE500 输入验证错误漏洞
NETGEAR RAXE450 and NETGEAR RAXE500 are wireless routers produced by the American company NETGEAR. Both devices have a vulnerability related to input validation. This vulnerability stems from the possibility of authenticated administrators who are connected to the local network being able to modi...
Tenda G0 安全漏洞
Tenda G0 is a router produced by the Chinese company Tenda. The version 15.11.0.5 of Tenda G0 contains a security vulnerability. This vulnerability stems from a buffer overflow in the portalAuth parameter of the formPortalAuth function, which could allow attackers to cause denial-of-service attac...
D-Link DIR-823G 安全漏洞
The D-Link DIR-823G is a wireless router produced by D-Link Corporation. The D-Link DIR-823G version 1.0.2B05 has a security vulnerability. This vulnerability stems from incorrect operations in the vsftpd component’s configuration file /etc/vsftpd.conf, which may lead to violations of the princip...
CVE-2026-36604
Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 does not validate the HTTP Host header, enabling DNS rebinding attacks. An external attacker can rebind a domain to the router's internal IP address, extending the CORS wildcard vulnerability Access-Control-Allow-Origin: to...
CVE-2026-41037
This vulnerability exists in Quantum Networks router due to missing rate limiting and CAPTCHA protection for failed login attempts in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing brute force attacks against administrative...