EUVD-2026-21749

A vulnerability was determined in Totolink A7100RU 7.4cu.2313b20191024. Affected by this issue is the function setLedCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument enable causes os command injection. Remote exploitation of the attack is...

CVE-2026-6132 Totolink A7100RU CGI cstecgi.cgi setLedCfg os command injection

A vulnerability was determined in Totolink A7100RU 7.4cu.2313b20191024. Affected by this issue is the function setLedCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument enable causes os command injection. Remote exploitation of the attack is...

CVE-2025-9023

A vulnerability has been found in Tenda AC7 and AC18 15.03.05.19/15.03.06.44. Affected is the function formSetSchedLed of the file /goform/SetLEDCfg. The manipulation of the argument Time leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the...

CVE-2025-9023

A vulnerability has been found in Tenda AC7 and AC18 15.03.05.19/15.03.06.44. Affected is the function formSetSchedLed of the file /goform/SetLEDCfg. The manipulation of the argument Time leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the...

CVE-2025-9023 Tenda AC7/AC18 SetLEDCfg formSetSchedLed buffer overflow

A vulnerability has been found in Tenda AC7 and AC18 15.03.05.19/15.03.06.44. Affected is the function formSetSchedLed of the file /goform/SetLEDCfg. The manipulation of the argument Time leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the...

CVE-2025-5850

A vulnerability was found in Tenda AC15 15.03.05.19multi. It has been declared as critical. This vulnerability affects the function formsetschedled of the file /goform/SetLEDCf of the component HTTP POST Request Handler. The manipulation of the argument Time leads to buffer overflow. The attack c...

WAVLINK AC3000 命令注入漏洞

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A command injection vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505 version, which stems from the failure of the adm.cgi setledonoff function to correctly filter constructed command special characters, commands, etc. The...

CVE-2023-46993

In TOTOLINK A3300R V17.0.0cu.557B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection...

PT-2022-23477 · Tenda · Tenda Ac9

Name of the Vulnerable Software and Affected Versions: Tenda AC9 version 15.03.05.19 Description: A stack overflow issue was discovered via the time parameter at the "/goform/SetLEDCfg" API endpoint. Recommendations: For Tenda AC9 version 15.03.05.19, avoid using the time parameter in the...

Tenda AC9 缓冲区错误漏洞

Tenda AC9 is a wireless router from Tenda China. A security vulnerability exists in Tenda AC9 firmware version V15.03.05.19, which stems from its /goform/SetLEDCfg component's manipulation of the parameter time that allows a remote attacker to submit a special request resulting in a stack overflo...