44 matches found
EUVD-2026-31643
A vulnerability was detected in Totolink A8000RU 7.1cu.643b20200521. The affected element is the function setQosCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument enable results in os command injection. Remote exploitation of...
TOTOLINK A3300R 命令注入漏洞
Totolink A3300R is a wireless router product from Totolink. A command injection vulnerability exists in the Totolink A3300R version 17.0.0cu.557b20221024, which stems from improper handling of the qosupbw parameter in the setSmartQosCfg function of the /cgi-bin/cstecgi.cgi file in its parameter...
CVE-2026-4492
A vulnerability was found in Tenda A18 Pro 02.03.02.28. The affected element is the function setqosMiblist of the file /goform/formSetQosBand. Performing a manipulation of the argument list results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has...
CVE-2026-4492 Tenda A18 Pro formSetQosBand set_qosMib_list stack-based overflow
A vulnerability was found in Tenda A18 Pro 02.03.02.28. The affected element is the function setqosMiblist of the file /goform/formSetQosBand. Performing a manipulation of the argument list results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has...
CVE-2025-70234
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetQoS...
CVE-2026-2870 Tenda A21 formSetQosBand set_qosMib_list stack-based overflow
A security flaw has been discovered in Tenda A21 1.0.0.0. Affected by this issue is the function setqosMiblist of the file /goform/formSetQosBand. The manipulation of the argument list results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been released to th...
CVE-2026-2187
Tenda RX3 16.03.13.11 is affected by a stack-based buffer overflow in the set_qosMib_list function of /goform/formSetQosBand. Manipulating the argument list can trigger the overflow, and the vulnerability can be exploited remotely. Public exploit exists. The PT-2026-6984 entry notes there is no i...
CVE-2026-2142
A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub420688 of the file /goform/setqos. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been made available to the public and could be us...
CVE-2026-2142 D-Link DIR-823X set_qos sub_420688 os command injection
A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub420688 of the file /goform/setqos. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been made available to the public and could be us...
EUVD-2026-5806
A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub420688 of the file /goform/setqos. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been made available to the public and could be us...
CVE-2026-2142
A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub420688 of the file /goform/setqos. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been made available to the public and could be us...
CVE-2026-2142 D-Link DIR-823X set_qos sub_420688 os command injection
A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub420688 of the file /goform/setqos. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been made available to the public and could be us...
CVE-2026-2142
CVE-2026-2142 concerns D-Link DIR-823X firmware (build 250416). The vulnerability affects the function sub_420688 in /goform/set_qos, allowing remote OS command injection via manipulation of that function. Public exploit code is available, enabling remote attacks with high impact on confidentiali...
Tenda RX3 安全漏洞
The Tenda RX3 is a dual-band WiFi 6 home router produced by the Chinese company Tenda. It is used for network coverage in households and supports high-speed wireless connections. The version 16.03.13.11 of the Tenda RX3 contains a security vulnerability. This vulnerability stems from improper...
PT-2026-6969
Name of the Vulnerable Software and Affected Versions D-Link DIR-823X version 250416 Description A flaw exists in the D-Link DIR-823X firmware. This issue affects the sub 420688 function within the /goform/set qos file, potentially allowing for operating system command injection. The attack can b...
CVE-2025-60571
D-Link DIR600LAx FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetQoS...
CVE-2025-57570
Tenda F3 V12.01.01.48multi and after is vulnerable to Buffer Overflow via the QosList parameter in goform/setQoS...
CVE-2025-57570
Tenda F3 V12.01.01.48multi and after is vulnerable to Buffer Overflow via the QosList parameter in goform/setQoS...
Tenda F3 安全漏洞
Tenda F3 is a 300M wireless router launched on May 15, 2015 by Shenzhen Jixiang Tenda Technology Co. Tenda F3 suffers from a buffer overflow vulnerability that originates from the QosList parameter of the goform/setQoS file failing to properly validate the length size of the input data, which can...
The vulnerability of the set_qos() function in the internet.cgi script of the Wavlink AC3000 router microprogramming system allows a hacker to execute arbitrary commands.
The vulnerability of the setqos function in the internet.cgi script of the Wavlink AC3000 WL-WN533A8 router microprogramming system is related to the escape of operations from the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by sending...