CVE-2024-0542

CVE-2024-0542 concerns a stack-based buffer overflow in the Tenda W9 1.0.0.7(httpd) through the function formWifiMacFilterGet, triggered by manipulating the index parameter. Multiple connected sources (CNVD CNVD-2024-14312, CNVD/RedHat/other records) consistently describe a network-exposed vulner...

CVE-2024-0539

CVE-2024-0539 affects Tenda W9 v1.0.0.7(4456) via the httpd component’s formQosManage_user function. The vulnerability is a stack-based overflow triggered by manipulating the ssidIndex argument, allowing remote exploitation. Publicly disclosed exploit details exist, and multiple sources (NVD, CNV...

CVE-2024-0536

A vulnerability, which was classified as critical, has been found in Tenda W9 1.0.0.74456. Affected by this issue is the function setWrlAccessList of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack may be launched remotely. The...

Stack overflow

A vulnerability has been found in Tenda W9 1.0.0.74456 and classified as critical. This vulnerability affects the function formQosManageauto of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit h...

CVE-2024-0537

The CVE-2024-0537 issue affects Tenda W9 1.0.0.7(4456) in the httpd component, specifically the setWrlBasicInfo function. The root cause is a stack-based buffer overflow triggered by manipulating the ssidIndex argument, enabling remote attack and potential arbitrary code execution. The vulnerabil...

CVE-2024-0537 Tenda W9 httpd setWrlBasicInfo stack-based overflow

A vulnerability, which was classified as critical, was found in Tenda W9 1.0.0.74456. This affects the function setWrlBasicInfo of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has...

CVE-2024-0536

CVE-2024-0536 affects Tenda W9 (firmware 1.0.0.7/4456) with a vulnerability in httpd.setWrlAccessList. The root cause is a stack-based buffer overflow triggered by manipulating the ssidIndex argument, enabling a remote attacker to potentially execute arbitrary code. Public disclosure of the explo...

CVE-2024-0534

A vulnerability classified as critical has been found in Tenda A15 15.13.07.13. Affected is an unknown function of the file /goform/SetOnlineDevName of the component Web-based Management Interface. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to launch...

Stack overflow

A vulnerability was found in Tenda A15 15.13.07.13. It has been rated as critical. This issue affects some unknown processing of the file /goform/SetOnlineDevName of the component Web-based Management Interface. The manipulation of the argument devName leads to stack-based buffer overflow. The...

CVE-2024-0535 Tenda PA6 httpd portmap cgiPortMapAdd stack-based overflow

A vulnerability classified as critical was found in Tenda PA6 1.0.1.21. Affected by this vulnerability is the function cgiPortMapAdd of the file /portmap of the component httpd. The manipulation of the argument groupName leads to stack-based buffer overflow. The attack can be launched remotely. T...

CVE-2024-0535 Tenda PA6 httpd portmap cgiPortMapAdd stack-based overflow

A vulnerability classified as critical was found in Tenda PA6 1.0.1.21. Affected by this vulnerability is the function cgiPortMapAdd of the file /portmap of the component httpd. The manipulation of the argument groupName leads to stack-based buffer overflow. The attack can be launched remotely. T...

CVE-2024-0533

CVE-2024-0533 affects Tenda A15 firmware 15.13.07.13 through the Web-based Management Interface, specifically the /goform/SetOnlineDevName handler. The root cause is a stack-based buffer overflow triggered by the devName parameter due to improper input validation. This vulnerability can be exploi...

CVE-2024-0532

A vulnerability was found in Tenda A15 15.13.07.13. It has been declared as critical. This vulnerability affects the function setrepeat5 of the file /goform/WifiExtraSet of the component Web-based Management Interface. The manipulation of the argument wpapskcrypto24g/wpapskcrypto5g leads to...

CVE-2024-0532

CVE-2024-0532 affects Tenda A15 (version 15.13.07.13) Web-based Management Interface: the WifiExtraSet function set_repeat5, when handling wpapsk_crypto2_4g/wpapsk_crypto5g, can cause a stack-based buffer overflow. The issue is exploitable remotely and has publicly disclosed exploits. Connected d...

CVE-2024-0531

The CVE-2024-0531 issue affects Tenda A15 Web-based Management Interface, specifically the unknown part of the file /goform/setBlackRule . The vulnerability arises from manipulating the deviceList parameter, causing a stack-based buffer overflow that can be triggered remotely. Reported impact inc...

Exploit for Stack-based Buffer Overflow in Sonicwall Sonicos

SonicWall NGFW CVE-2022-22274 & CVE-2023-0656 !example gif...

Horner Automation Cscape

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Low attack complexity Vendor : Horner Automation Equipment : Cscape Vulnerability : Stack-Based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 3. TECHNICAL...

Ivanti Avalanche WLAvalancheService Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService. The issue results from the lack of proper validation of the...

D-Link DIR-X3260 prog.cgi SetDynamicDNSSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd...

D-Link DIR-X3260 prog.cgi SetWLanRadioSecurity Stack-Based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd...