64 matches found
CVE-2025-11097 D-Link DIR-823X set_device_name command injection
A vulnerability has been found in D-Link DIR-823X 250416. Impacted is an unknown function of the file /goform/setdevicename. The manipulation of the argument mac leads to command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be...
UBUNTU-CVE-2023-53241
In the Linux kernel, the following vulnerability has been resolved: nfsd: call oprelease, even when opfunc returns an error For ops with "trivial" replies, nfsd4encodeoperation will shortcut most of the encoding work and skip to just marshalling up the status. One of the things it skips is callin...
CVE-2025-8823
A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function setDeviceName of the file /goform/setDeviceName. The manipulation of the argument DeviceName leads to os command injection. The attack can be...
CVE-2025-8823 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setDeviceName os command injection
A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function setDeviceName of the file /goform/setDeviceName. The manipulation of the argument DeviceName leads to os command injection. The attack can be...
CVE-2025-8823
CVE-2025-8823 affects Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 up to 20250801. The issue is in the function setDeviceName of /goform/setDeviceName, where manipulating the DeviceName argument leads to OS command injection. The vulnerability can be exploited remotely, and public proof-of-e...
PT-2025-32501 · Linksys · Linksys Re9000 +5
Name of the Vulnerable Software and Affected Versions: Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions up to 20250801 Description: A vulnerability exists in Linksys range extenders that allows for remote operating system command injection. The vulnerability is located in the...
The vulnerability of the set_device_language() function in the portal.cgi script of Linksys E8450 Wi-Fi router software allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the setdevicelanguage function in the portal.cgi script of Linksys E8450 Wi-Fi routers is related to the issue where the operation results outside the buffer in memory when processing the dutlanguage parameter. Exploiting this vulnerability allows an attacker to compromise th...
Linksys E8450 安全漏洞
The Linksys E8450 is an E-Series wireless router from Linksys, Inc. A security vulnerability exists in Linksys E8450 1.2.00.360516 and earlier versions, which stems from improper manipulation of the dutlanguage parameter by the setdevicelanguage function in the portal.cgi file, which may result i...
CVE-2023-23302
The Toybox.GenericChannel.setDeviceConfig API method in CIQ API version 1.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the executi...
TOTOLINK A950RG 安全漏洞
The TOTOLINK A950RG is an ultra-generation Giga wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A950RG suffers from a command execution vulnerability that stems from improper handling of the deviceMac parameter in the setDeviceName interface in the /lib/cstemodules/global.so...
The vulnerability of the set_device_flags() function in the net/bluetooth/mgmt.c module of Linux kernel allows a hacker to trigger a service failure.
The vulnerability of the setdeviceflags function in the net/bluetooth/mgmt.c module of Linux kernel relates to the unlocking of a mutex that has not been unlocked before. Exploiting this vulnerability could allow an attacker to cause a service failure...
OESA-2024-1818 xorg-x11-server-xwayland security update
Xwayland is an X server for running X clients under Wayland. %package devel Summary: Development package Requires: pkgconfig %description devel The development package provides the developmental files which are necessary for developing Wayland compositors using Xwayland. %prep %autosetup -n...
CVE-2023-37312
D-Link DAP-2622 DDP Set Device Info Device Name Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...
The vulnerability of the setDeviceInfo() function in Tenda AX9 Wi-Fi routers allows a hacker to execute arbitrary commands.
The vulnerability of the setDeviceInfo function in Tenda AX9 Wi-Fi routers’ microprogramming software is related to the lack of measures taken to protect the SQL query structure when processing the mac parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
CVE-2023-49408
Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the function setdevicename...
CVE-2023-49408
Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the function setdevicename...
CVE-2023-49429
Tenda AX9 V22.03.01.46 was discovered to contain a SQL command injection vulnerability in the 'setDeviceInfo' feature through the 'mac' parameter at /goform/setModules...
PT-2023-31210 · Tenda · Tenda Ax3
Name of the Vulnerable Software and Affected Versions: Tenda AX3 version 16.03.12.11 Description: A stack overflow issue was discovered via the function set device name. Recommendations: For Tenda AX3 version 16.03.12.11, consider disabling the set device name function until a patch is available...
CVE-2023-24294
Zumtobel Netlink CCD Onboard v3.74 - Firmware v3.80 was discovered to contain a buffer overflow via the component NetlinkWeb::Information::SetDeviceIdentification...
CVE-2023-49047
Tenda AX1803 v1.0.0.1 contains a stack overflow via the devName parameter in the function formSetDeviceName...