27 matches found
CVE-2025-11327 Tenda AC18 SetUpnpCfg stack-based overflow
A security vulnerability has been detected in Tenda AC18 15.03.05.196318. This vulnerability affects unknown code of the file /goform/SetUpnpCfg. The manipulation of the argument upnpEn leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been...
CVE-2025-11327 Tenda AC18 SetUpnpCfg stack-based overflow
A security vulnerability has been detected in Tenda AC18 15.03.05.196318. This vulnerability affects unknown code of the file /goform/SetUpnpCfg. The manipulation of the argument upnpEn leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been...
CVE-2025-3667
A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822B20200513. It has been classified as critical. This affects the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been...
PT-2025-16556 · Totolink · Totolink A3700R
Name of the Vulnerable Software and Affected Versions: TOTOLINK A3700R version 9.1.2u.5822 B20200513 Description: A critical issue affects the setUPnPCfg function of the file /cgi-bin/cstecgi.cgi, leading to improper access controls. The manipulation can be initiated remotely. The exploit has bee...
CVE-2024-42745
In TOTOLINK X5000r v9.1.0cu.2350b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUPnPCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands...
TOTOLINK X5000R 操作系统命令注入漏洞
The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in TOTOLINK X5000R version v9.1.0cu.2350b20230313. The vulnerability stems from the setUPnPCfg method of /cgi-bin/cstecgi.cgi failing to properly filter constructed command special...
CVE-2024-42745
In TOTOLINK X5000r v9.1.0cu.2350b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUPnPCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands...