EUVD-2026-5819

A vulnerability was found in D-Link DIR-823X 250416. Affected by this issue is some unknown functionality of the file /goform/setacstatus. Performing a manipulation of the argument acipaddr/acipstatus/aprandtime results in os command injection. The attack may be initiated remotely. The exploit ha...

CVE-2026-2129 D-Link DIR-823X set_ac_status os command injection

A vulnerability was found in D-Link DIR-823X 250416. Affected by this issue is some unknown functionality of the file /goform/setacstatus. Performing a manipulation of the argument acipaddr/acipstatus/aprandtime results in os command injection. The attack may be initiated remotely. The exploit ha...

CVE-2026-2120

A vulnerability was identified in D-Link DIR-823X 250416. This affects an unknown function of the file /goform/setserversettings of the component Configuration Parameter Handler. The manipulation of the argument terminaladdr/serverip/serverport leads to os command injection. The attack may be...

EUVD-2026-5826

A vulnerability was identified in D-Link DIR-823X 250416. This affects an unknown function of the file /goform/setserversettings of the component Configuration Parameter Handler. The manipulation of the argument terminaladdr/serverip/serverport leads to os command injection. The attack may be...

CVE-2026-2120 D-Link DIR-823X Configuration Parameter set_server_settings os command injection

A vulnerability was identified in D-Link DIR-823X 250416. This affects an unknown function of the file /goform/setserversettings of the component Configuration Parameter Handler. The manipulation of the argument terminaladdr/serverip/serverport leads to os command injection. The attack may be...

Tenda RX3 安全漏洞

The Tenda RX3 is a dual-band WiFi 6 home router produced by the Chinese company Tenda. It is used for network coverage in households and supports high-speed wireless connections. The version 16.03.13.11 of the Tenda RX3 contains a security vulnerability. This vulnerability stems from incorrect...

PT-2026-7026

Name of the Vulnerable Software and Affected Versions D-Link DI-7100G C1 version 24.04.18D1 Description A flaw exists in the set jhttpd info function that allows for command injection. Manipulating the usb username argument can lead to remote exploitation. Recommendations Apply updates to address...

PT-2026-6984

Name of the Vulnerable Software and Affected Versions Tenda RX3 version 16.03.13.11 Description A stack-based buffer overflow exists in the set qosMib list function located in the /goform/formSetQosBand file. Manipulation of arguments to this function can trigger the overflow, allowing for remote...

D-Link DIR-823X 操作系统命令注入漏洞

The D-Link DIR-823X is a wireless router produced by D-Link Corporation. The D-Link DIR-823X 250416 version has a vulnerability related to operating system command injection. This vulnerability stems from incorrect handling of the parameter “upnpenable” in the file/goform/setupnp, which may lead ...

D-Link DIR-823X 操作系统命令注入漏洞

The D-Link DIR-823X is a wireless router produced by D-Link Corporation. The D-Link DIR-823X 250416 version has a vulnerability related to operating system command injection. This vulnerability stems from incorrect operations on the parameters dmzhost/dmzenable in the file/goform/setdmz, which ma...

PT-2026-7007

Name of the Vulnerable Software and Affected Versions D-Link DIR-823X version 250416 Description A weakness exists in D-Link DIR-823X version 250416 related to command injection. The issue affects the sub 420618 function within the /goform/set upnp file. Manipulation of the upnp enable argument c...

D-Link DI-7100G 命令注入漏洞

The D-Link DI-7100G is a wireless router produced by D-Link Corporation. The D-Link DI-7100G C1 version, released on April 18, 2014, has a command injection vulnerability. This vulnerability stems from improper handling of the parameter “usbusername” when using the setjhttpdinfo function, which m...

Tenda RX3 安全漏洞

The Tenda RX3 is a dual-band WiFi 6 home router produced by the Chinese company Tenda. It is used for network coverage in households and supports high-speed wireless connections. The version 16.03.13.11 of the Tenda RX3 contains a security vulnerability. This vulnerability stems from improper...

PT-2026-7019

Name of the Vulnerable Software and Affected Versions Tenda RX3 version 16.03.13.11 Description A flaw exists in Tenda RX3 version 16.03.13.11 related to buffer overflow. The issue is located in the set device name function within the /goform/setBlackRule file, part of the MAC Filtering...

PT-2026-6985

Name of the Vulnerable Software and Affected Versions Tenda AC8 version 16.03.33.05 Description A buffer overflow issue exists in the fromSetWifiGusetBasic function within the /goform/WifiGuestSet file of the httpd component. The shareSpeed argument can be manipulated to trigger this issue,...

PT-2026-6966

Name of the Vulnerable Software and Affected Versions Tenda TX9 versions up to 22.03.02.10 multi Description A flaw exists in the Tenda TX9 device, specifically within the sub 432580 function located in the /goform/fast setting wifi set file. Manipulation of the ssid argument can lead to a buffer...

CVE-2026-2061

A vulnerability was determined in D-Link DIR-823X 250416. Affected by this issue is the function sub424D20 of the file /goform/setipv6. Executing a manipulation can lead to os command injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be...

CVE-2026-2084

A weakness has been identified in D-Link DIR-823X 250416. This impacts an unknown function of the file /goform/setlanguage. Executing a manipulation of the argument langSelection can lead to os command injection. It is possible to launch the attack remotely. The exploit has been made available to...

CVE-2026-2084

A weakness has been identified in D-Link DIR-823X 250416. This impacts an unknown function of the file /goform/setlanguage. Executing a manipulation of the argument langSelection can lead to os command injection. It is possible to launch the attack remotely. The exploit has been made available to...

CVE-2026-2084 D-Link DIR-823X set_language os command injection

A weakness has been identified in D-Link DIR-823X 250416. This impacts an unknown function of the file /goform/setlanguage. Executing a manipulation of the argument langSelection can lead to os command injection. It is possible to launch the attack remotely. The exploit has been made available to...