CVE-2025-5623

A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been classified as critical. This affects the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument dipaddress/sipaddress leads to stack-based buffer overflow. It is possible to initiate the attack...

CVE-2025-5622

A vulnerability was found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this issue is the function wirelessApcli5g of the file /goform/wirelessApcli5g. The manipulation of the argument apclimode5g/apclienc5g/apclidefaultkey5g leads to stack-based buffer overflow. The attack...

CVE-2025-5600

A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232B20210713. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument LangType leads to stack-based buffer overflow. The attack may be initiated...

CVE-2025-5572

A vulnerability was found in D-Link DCS-932L 2.18.01. It has been declared as critical. Affected by this vulnerability is the function setSystemEmail of the file /setSystemEmail. The manipulation of the argument EmailSMTPPortNumber leads to stack-based buffer overflow. The attack can be launched...

CVE-2025-5572

CVE-2025-5572 concerns the D-Link DCS-932L camera (firmware 2.18.01). The vulnerability lies in the function setSystemEmail in /setSystemEmail, where manipulating the EmailSMTPPortNumber argument causes a stack-based buffer overflow. It is described as remotely exploitable, and the affected devic...

PT-2025-23871 · Tenda · Tenda Ch22

Name of the Vulnerable Software and Affected Versions: Tenda CH22 version 1.0.0.1 Description: A critical issue has been found in the Tenda CH22, affecting the formaddUserName function of the file /goform/addUserName. The manipulation of the Password argument leads to a stack-based buffer overflo...

PT-2025-23975 · Tenda · Tenda Ch22

Name of the Vulnerable Software and Affected Versions: Tenda CH22 version 1.0.0.1 Description: A critical vulnerability was found in Tenda CH22, affecting the formNatlimit function of the file /goform/Natlimit. The manipulation of the page argument leads to a stack-based buffer overflow. It is...

CVE-2025-5527

A vulnerability was found in Tenda RX3 16.03.13.11multiTDE01. It has been rated as critical. This issue affects the function savestaticroutedata of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely...

CVE-2025-5527

The CVE-2025-5527 entry concerns Tenda RX3 with build 16.03.13.11_multi_TDE01. A vulnerability exists in the function save_staticroute_data of the file /goform/SetStaticRouteCfg where manipulation of the argument list (list) causes a stack-based buffer overflow. The issue can be exploited remotel...

CVE-2025-5503

A vulnerability, which was classified as critical, was found in TOTOLINK X15 1.0.0-B20230714.1105. This affects the function formMapReboot of the file /boafrm/formMapReboot. The manipulation of the argument deviceMacAddr leads to stack-based buffer overflow. It is possible to initiate the attack...

CVE-2025-5503

CVE-2025-5503 affects TOTOLINK X15 with firmware 1.0.0-B20230714.1105. The issue resides in the /boafrm/formMapReboot function; manipulating the deviceMacAddr argument leads to a stack-based buffer overflow, enabling remote execution of code. A public exploit is disclosed, and the vendor did not ...

PT-2025-23875 · D Link · D-Link Dir-816

Name of the Vulnerable Software and Affected Versions: D-Link DIR-816 version 1.10CNB05 Description: A critical vulnerability affects the function qosClassifier of the file /goform/qosClassifier. The manipulation of the arguments dip address and sip address leads to a stack-based buffer overflow...

CVE-2025-5297

A vulnerability, which was classified as critical, has been found in SourceCodester Computer Store System 1.0. This issue affects the function Add of the file main.c. The manipulation of the argument laptopcompany/RAM/Processor leads to stack-based buffer overflow. An attack has to be approached...

(Pwn2Own) Canon imageCLASS MF656Cdw sfpcmAuthenticateSecAdmin Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF656Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the sfpcmAuthenticateSecAdmin function. The issue results...

CVE-2025-5228

A vulnerability was found in D-Link DI-8100 up to 20250523. It has been classified as critical. Affected is the function httpdgetparm of the file /login.cgi of the component jhttpd. The manipulation of the argument notify leads to stack-based buffer overflow. The attack can only be initiated with...

CVE-2025-5228

The CVE-2025-5228 affects D-Link DI-8100 up to version 20250523. The vulnerability is in the jhttpd component’s httpd_get_parm function, where manipulating the notify argument in /login.cgi leads to a stack-based buffer overflow. This can be exploited by an attacker within the local network, and ...

CVE-2025-5215

A vulnerability classified as critical has been found in D-Link DCS-5020L 1.01B2. This affects the function websReadEvent of the file /rame/ptdc.cgi. The manipulation of the argument Authorization leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit ha...

CVE-2025-5215

D-Link DCS-5020L (firmware 1.01_B2) is affected by a buffer overflow in the function websReadEvent() of /rame/ptdc.cgi, caused by improper handling of the Authorization argument. This remote vulnerability can be triggered over the network and has been publicly disclosed; affected products are not...

PT-2025-23625 · Totolink · Totolink X15

Name of the Vulnerable Software and Affected Versions: TOTOLINK X15 version 1.0.0-B20230714.1105 Description: A critical vulnerability was found in the TOTOLINK X15, affecting the function formMapReboot of the file /boafrm/formMapReboot. The manipulation of the deviceMacAddr argument leads to a...

CVE-2025-0848

A vulnerability was found in Tenda A18 up to 15.13.07.09. It has been rated as critical. This issue affects the function SetCmdlineRun of the file /goform/SetCmdlineRun of the component HTTP POST Request Handler. The manipulation of the argument wpapskcrypto5g leads to stack-based buffer overflow...