EUVD-2026-31643

A vulnerability was detected in Totolink A8000RU 7.1cu.643b20200521. The affected element is the function setQosCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument enable results in os command injection. Remote exploitation of...

TOTOLINK A3300R 命令注入漏洞

Totolink A3300R is a wireless router product from Totolink. A command injection vulnerability exists in the Totolink A3300R version 17.0.0cu.557b20221024, which stems from improper handling of the qosupbw parameter in the setSmartQosCfg function of the /cgi-bin/cstecgi.cgi file in its parameter...

CVE-2026-4492

A vulnerability was found in Tenda A18 Pro 02.03.02.28. The affected element is the function setqosMiblist of the file /goform/formSetQosBand. Performing a manipulation of the argument list results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has...

CVE-2026-4492 Tenda A18 Pro formSetQosBand set_qosMib_list stack-based overflow

A vulnerability was found in Tenda A18 Pro 02.03.02.28. The affected element is the function setqosMiblist of the file /goform/formSetQosBand. Performing a manipulation of the argument list results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has...

CVE-2025-70234

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetQoS...

CVE-2026-2870 Tenda A21 formSetQosBand set_qosMib_list stack-based overflow

A security flaw has been discovered in Tenda A21 1.0.0.0. Affected by this issue is the function setqosMiblist of the file /goform/formSetQosBand. The manipulation of the argument list results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been released to th...

CVE-2026-2187

Tenda RX3 16.03.13.11 is affected by a stack-based buffer overflow in the set_qosMib_list function of /goform/formSetQosBand. Manipulating the argument list can trigger the overflow, and the vulnerability can be exploited remotely. Public exploit exists. The PT-2026-6984 entry notes there is no i...

CVE-2026-2142

A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub420688 of the file /goform/setqos. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been made available to the public and could be us...

EUVD-2026-5806

A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub420688 of the file /goform/setqos. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been made available to the public and could be us...

CVE-2026-2142

A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub420688 of the file /goform/setqos. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been made available to the public and could be us...

CVE-2026-2142 D-Link DIR-823X set_qos sub_420688 os command injection

A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub420688 of the file /goform/setqos. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been made available to the public and could be us...

CVE-2026-2142

CVE-2026-2142 concerns D-Link DIR-823X firmware (build 250416). The vulnerability affects the function sub_420688 in /goform/set_qos, allowing remote OS command injection via manipulation of that function. Public exploit code is available, enabling remote attacks with high impact on confidentiali...

CVE-2026-2142 D-Link DIR-823X set_qos sub_420688 os command injection

A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub420688 of the file /goform/setqos. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been made available to the public and could be us...

Tenda RX3 安全漏洞

The Tenda RX3 is a dual-band WiFi 6 home router produced by the Chinese company Tenda. It is used for network coverage in households and supports high-speed wireless connections. The version 16.03.13.11 of the Tenda RX3 contains a security vulnerability. This vulnerability stems from improper...

PT-2026-6969

Name of the Vulnerable Software and Affected Versions D-Link DIR-823X version 250416 Description A flaw exists in the D-Link DIR-823X firmware. This issue affects the sub 420688 function within the /goform/set qos file, potentially allowing for operating system command injection. The attack can b...

CVE-2025-60571

D-Link DIR600LAx FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetQoS...

CVE-2025-57570

Tenda F3 V12.01.01.48multi and after is vulnerable to Buffer Overflow via the QosList parameter in goform/setQoS...

CVE-2025-57570

Tenda F3 V12.01.01.48multi and after is vulnerable to Buffer Overflow via the QosList parameter in goform/setQoS...

Tenda F3 安全漏洞

Tenda F3 is a 300M wireless router launched on May 15, 2015 by Shenzhen Jixiang Tenda Technology Co. Tenda F3 suffers from a buffer overflow vulnerability that originates from the QosList parameter of the goform/setQoS file failing to properly validate the length size of the input data, which can...

The vulnerability of the set_qos() function in the internet.cgi script of the Wavlink AC3000 router microprogramming system allows a hacker to execute arbitrary commands.

The vulnerability of the setqos function in the internet.cgi script of the Wavlink AC3000 WL-WN533A8 router microprogramming system is related to the escape of operations from the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by sending...