Tenda AC18 ssid parameter cross-site scripting vulnerability

Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 suffers from a cross-site scripting vulnerability, which stems from the lack of effective filtering and escaping of user-supplied data by th...

EUVD-2015-5582

Malware in sbrugna...

EUVD-2018-15696

Malware in sbrugna...

EUVD-2017-9599

Malware in sbrugna...

EUVD-2021-9631

Malicious code in bioql PyPI...

EUVD-2021-8062

Malicious code in bioql PyPI...

CVE-2025-50740

AutoConnect 1.4.2, an Arduino library, is vulnerable to a cross site scripting xss vulnerability. The AutoConnect web interface /ac/config allows HTML/JS code to be executed via a crafted network SSID...

Systeminformation has command injection vulnerability in getWindowsIEEE8021x (SSID)

Summary The SSID is not sanitized when before it is passed as a parameter to cmd.exe in the getWindowsIEEE8021x function. This means that malicious content in the SSID can be executed as OS commands. Details I have exploited this vulnerability in a Windows service using version 5.22.11 of the...

D-Link DWR-2000M 跨站脚本漏洞

The D-Link DWR-2000M is a wireless router from China AUO D-Link. A security vulnerability exists in the D-Link DWR-2000M. A local attacker can exploit the vulnerability to obtain sensitive information by sending a crafted payload to the WiFi SSID name field...

CVE-2024-37633

TOTOLINK A3700R V9.1.2u.616520211012 was discovered to contain a stack overflow via ssid in the function setWiFiGuestCfg...

CVE-2024-37635

TOTOLINK A3700R V9.1.2u.616520211012 was discovered to contain a stack overflow via ssid in the function setWiFiBasicCfg...

CVE-2024-28551

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the ssid parameter of formfastsettingwifiset function...

CVE-2023-44023

Tenda AC10U v1.0 USAC10UV1.0RTLV15.03.06.49multiTDE01 was discovered to contain a stack overflow via the ssid parameter in the formfastsettingwifiset function...

CVE-2019-25015

LuCI in OpenWrt 18.06.0 through 18.06.4 allows stored XSS via a crafted SSID...

mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value aka CID-5c455c5ab332.

...

DEBIAN-CVE-2020-36158

mwifiexcmd80211adhocstart in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332...

CVE-2015-5630

Cross-site scripting XSS vulnerability in the NTT Broadband Platform Japan Connected-free Wi-Fi application 1.6.0 and earlier for Android and 1.0.2 and earlier for iOS allows remote attackers to inject arbitrary web script or HTML via a crafted SSID...

SUSE-SU-2015:1013-1 Security update for wpa_supplicant

wpasupplicant was updated to fix three security issues: - CVE-2015-0210: wpasupplicant: broken certificate subject check this adds the 'domainmatch' config option from upstream additional to the already existing domainsuffixmatch - CVE-2014-3686: hostapd command execution - CVE-2015-1863: P2P SSI...

Pirelli Discus DRG A125g - Remote Change SSID Value Vulnerability

No description provided by source...

NETGEAR WG311v1 Wireless Driver 2.3.1.10 - SSID Heap Buffer Overflow

NETGEAR WG311v1 Wireless Driver 2.3.1.10 - SSID Heap Buffer Overflow source: https://www.securityfocus.com/bid/21251/info NetGear WG311v1 Wireless devices are prone to a heap-based buffer-overflow vulnerability because the driver fails to properly bounds-check user-supplied data before copying it...