CVE-2026-5104

A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557b20221024. Impacted is the function setStaticRoute of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ip leads to command injection. The attack may be performed from remote. The exploit has been disclosed...

CVE-2026-2157

A security vulnerability has been detected in D-Link DIR-823X 250416. This affects the function sub4175CC of the file /goform/setstaticroutetable. Such manipulation of the argument interface/destip/netmask/gateway/metric leads to os command injection. The attack may be performed from remote. The...

CVE-2026-2157

A security vulnerability has been detected in D-Link DIR-823X 250416. This affects the function sub4175CC of the file /goform/setstaticroutetable. Such manipulation of the argument interface/destip/netmask/gateway/metric leads to os command injection. The attack may be performed from remote. The...

CVE-2026-2157 D-Link DIR-823X set_static_route_table sub_4175CC os command injection

A security vulnerability has been detected in D-Link DIR-823X 250416. This affects the function sub4175CC of the file /goform/setstaticroutetable. Such manipulation of the argument interface/destip/netmask/gateway/metric leads to os command injection. The attack may be performed from remote. The...

CVE-2026-2157

A security vulnerability has been detected in D-Link DIR-823X 250416. This affects the function sub4175CC of the file /goform/setstaticroutetable. Such manipulation of the argument interface/destip/netmask/gateway/metric leads to os command injection. The attack may be performed from remote. The...

CVE-2026-2157

D-Link DIR-823X 250416 is affected by CVE-2026-2157. The vulnerability is in the function sub_4175CC of /goform/set_static_route_table, where manipulating arguments (interface, destip, netmask, gateway, metric) enables OS command injection. Attack can be performed remotely and public exploits hav...

CVE-2026-2138

A vulnerability was found in Tenda TX9 up to 22.03.02.10multi. Affected is the function sub42D03C of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used...

EUVD-2026-5810

A vulnerability was found in Tenda TX9 up to 22.03.02.10multi. Affected is the function sub42D03C of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used...

CVE-2026-2138

CVE-2026-2138 affects Tenda TX9 devices (firmware up to 22.03.02.10_multi). The vulnerability is in the function sub_42D03C of /goform/SetStaticRouteCfg, where the argument list manipulation leads to a buffer overflow. This allows remote exploitation and has public PoC/exploit material. Impact is...

CVE-2023-49430

Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetStaticRouteCfg...

CVE-2025-11356

CVE-2025-11356 affects Tenda AC23 (pre-16.03.07.52). The vulnerability is in sscanf within /goform/SetStaticRouteCfg, where input length validation allows a buffer overflow, enabling remote exploitation. Public exploits exist. Remedies include upgrading to a version newer than 16.03.07.52 (per PT...

PT-2025-40968

Name of the Vulnerable Software and Affected Versions Tenda AC23 versions prior to 16.03.07.52 Description A flaw exists in the sscanf function within the /goform/SetStaticRouteCfg file. Manipulation of the argument list can lead to a buffer overflow, potentially allowing for remote attacks. The...

EUVD-2025-31447

Malicious code in bioql PyPI...

CVE-2025-11091

A security flaw has been discovered in Tenda AC21 up to 16.03.08.16. Affected by this vulnerability is the function sscanf of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overflow. The attack can be launched remotely. The exploit has been released to...

CVE-2025-11091

A security flaw has been discovered in Tenda AC21 up to 16.03.08.16. Affected by this vulnerability is the function sscanf of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overflow. The attack can be launched remotely. The exploit has been released to...

CVE-2025-11091 Tenda AC21 SetStaticRouteCfg sscanf buffer overflow

A security flaw has been discovered in Tenda AC21 up to 16.03.08.16. Affected by this vulnerability is the function sscanf of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overflow. The attack can be launched remotely. The exploit has been released to...

PT-2025-36899

Name of the Vulnerable Software and Affected Versions: Tenda G3 version 3.0br V15.11.0.17 Description: The Tenda G3 router firmware contains a stack overflow in the staticRouteGateway parameter within the formSetStaticRoute function. This flaw allows attackers to trigger a Denial of Service DoS b...

Tenda AC20 Buffer Overflow Vulnerability

Tenda AC20 is a dual-band wireless router with IPv6 protocol support, featuring a triple-core 1GHz main controller with six 6dBi external antennas and a maximum wireless transmission rate of 2033Mbps. The Tenda AC20 suffers from a buffer overflow vulnerability that originates from a flaw in the...

The vulnerability of the /goform/SetStaticRouteCfg component in the Tenda TX3 router software, which involves copying buffers without checking the size of the input data, allows an attacker to compromise the accessibility of protected information.

The vulnerability of the /goform/SetStaticRouteCfg component in the Tenda TX3 router software lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability could allow an attacker to compromise the accessibility of protected information...

CVE-2025-1896

A vulnerability classified as critical was found in Tenda TX3 16.03.13.11multi. This vulnerability affects unknown code of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to th...