CVE-2026-2068

A vulnerability was detected in UTT 进取 520W 1.7.7-180627. This issue affects the function strcpy of the file /goform/formSyslogConf. The manipulation of the argument ServerIp results in buffer overflow. The attack may be launched remotely. The exploit is now public and may be used. The vendor was...

CVE-2026-2068

A vulnerability was detected in UTT 进取 520W 1.7.7-180627. This issue affects the function strcpy of the file /goform/formSyslogConf. The manipulation of the argument ServerIp results in buffer overflow. The attack may be launched remotely. The exploit is now public and may be used. The vendor was...

CVE-2026-2068

The CVE-2026-2068 entry concerns UTT 进取 520W (version 1.7.7-180627). The vulnerability stems from the strcpy usage in /goform/formSyslogConf where manipulating the ServerIp argument can cause a buffer overflow. It is exploitable remotely, and public PoC/exploits are noted across sources. Multiple...

CVE-2026-2068 UTT 进取 520W formSyslogConf strcpy buffer overflow

A vulnerability was detected in UTT 进取 520W 1.7.7-180627. This issue affects the function strcpy of the file /goform/formSyslogConf. The manipulation of the argument ServerIp results in buffer overflow. The attack may be launched remotely. The exploit is now public and may be used. The vendor was...

PT-2026-6800

Name of the Vulnerable Software and Affected Versions UTT 进取 520W version 1.7.7-180627 Description A buffer overflow issue exists in the strcpy function within the /goform/formSyslogConf file. Manipulation of the ServerIp argument can trigger this issue, potentially allowing for remote attacks. T...

UTT 520W 安全漏洞

UTT 520W is a wireless router produced by China's UT Technology Co., Ltd. The UTT 520W version 1.7.7-180627 contains a security vulnerability. This vulnerability stems from incorrect handling of parameters in the file/goform/formSyslogConf, specifically the ServerIp parameter, which may lead to a...

EUVD-2020-7419

Malware in sbrugna...

EUVD-2023-28215

Malicious code in bioql PyPI...

EUVD-2023-28220

Malicious code in bioql PyPI...

EUVD-2023-40614

Malicious code in bioql PyPI...

TOTOLINK T6 安全漏洞

TOTOLINK T6 is a wireless dual-band router from China's Gion Electronics TOTOLINK. A security vulnerability exists in TOTOLINK T6 version 4.1.5cu.748B20211015, which originates from a buffer overflow due to an incorrect operation of the parameter serverIp in the MQTT packet processing component i...

TOTOLINK T6 安全漏洞

TOTOLINK T6 is a wireless dual-band router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in TOTOLINK T6 version 4.1.5cu.748B20211015, which stems from the failure of the parameter serverIp in the MQTT Service to correctly validate the length and size of the input...

CVE-2023-36671

An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the VPN server's IP address is sent in plaintext outside the VPN tunnel even if this traffic is not generated by the VPN client. Thi...

TOTOLINK T8 meshSlaveUpdate Method Command Injection Vulnerability

TOTOLINK T8 is a wireless dual-band router that is mainly used for internet connection and data transmission. TOTOLINK T8 suffers from a command injection vulnerability that stems from the serverIp parameter of the meshSlaveUpdate method failing to properly filter construct command special...

TOTOLINK T8 meshSlaveDlfw Method Command Injection Vulnerability

TOTOLINK T8 is a wireless dual-band router that is mainly used for internet connection and data transmission. The TOTOLINK T8 suffers from a command injection vulnerability that stems from the serverIp parameter of the meshSlaveDlfw method failing to properly filter constructed command special...

CVE-2023-24157

A command injection vulnerability in the serverIp parameter in the function updateWifiInfo of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet...

CVE-2023-24152

A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet...

CVE-2023-24152

A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet...

CVE-2023-24150

A command injection vulnerability in the serverIp parameter in the function meshSlaveDlfw of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet...

CVE-2023-24150

A command injection vulnerability in the serverIp parameter in the function meshSlaveDlfw of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet...