PT-2025-23871 · Tenda · Tenda Ch22

Name of the Vulnerable Software and Affected Versions: Tenda CH22 version 1.0.0.1 Description: A critical issue has been found in the Tenda CH22, affecting the formaddUserName function of the file /goform/addUserName. The manipulation of the Password argument leads to a stack-based buffer overflo...

CVE-2025-5527

A vulnerability was found in Tenda RX3 16.03.13.11multiTDE01. It has been rated as critical. This issue affects the function savestaticroutedata of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely...

CVE-2025-5527

The CVE-2025-5527 entry concerns Tenda RX3 with build 16.03.13.11_multi_TDE01. A vulnerability exists in the function save_staticroute_data of the file /goform/SetStaticRouteCfg where manipulation of the argument list (list) causes a stack-based buffer overflow. The issue can be exploited remotel...

CVE-2025-5503

A vulnerability, which was classified as critical, was found in TOTOLINK X15 1.0.0-B20230714.1105. This affects the function formMapReboot of the file /boafrm/formMapReboot. The manipulation of the argument deviceMacAddr leads to stack-based buffer overflow. It is possible to initiate the attack...

CVE-2025-5503

CVE-2025-5503 affects TOTOLINK X15 with firmware 1.0.0-B20230714.1105. The issue resides in the /boafrm/formMapReboot function; manipulating the deviceMacAddr argument leads to a stack-based buffer overflow, enabling remote execution of code. A public exploit is disclosed, and the vendor did not ...

PT-2025-23875 · D Link · D-Link Dir-816

Name of the Vulnerable Software and Affected Versions: D-Link DIR-816 version 1.10CNB05 Description: A critical vulnerability affects the function qosClassifier of the file /goform/qosClassifier. The manipulation of the arguments dip address and sip address leads to a stack-based buffer overflow...

CVE-2025-5297

A vulnerability, which was classified as critical, has been found in SourceCodester Computer Store System 1.0. This issue affects the function Add of the file main.c. The manipulation of the argument laptopcompany/RAM/Processor leads to stack-based buffer overflow. An attack has to be approached...

(Pwn2Own) Canon imageCLASS MF656Cdw sfpcmAuthenticateSecAdmin Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF656Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the sfpcmAuthenticateSecAdmin function. The issue results...

CVE-2025-5228

A vulnerability was found in D-Link DI-8100 up to 20250523. It has been classified as critical. Affected is the function httpdgetparm of the file /login.cgi of the component jhttpd. The manipulation of the argument notify leads to stack-based buffer overflow. The attack can only be initiated with...

CVE-2025-5228

The CVE-2025-5228 affects D-Link DI-8100 up to version 20250523. The vulnerability is in the jhttpd component’s httpd_get_parm function, where manipulating the notify argument in /login.cgi leads to a stack-based buffer overflow. This can be exploited by an attacker within the local network, and ...

CVE-2025-5215

A vulnerability classified as critical has been found in D-Link DCS-5020L 1.01B2. This affects the function websReadEvent of the file /rame/ptdc.cgi. The manipulation of the argument Authorization leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit ha...

CVE-2025-5215

D-Link DCS-5020L (firmware 1.01_B2) is affected by a buffer overflow in the function websReadEvent() of /rame/ptdc.cgi, caused by improper handling of the Authorization argument. This remote vulnerability can be triggered over the network and has been publicly disclosed; affected products are not...

PT-2025-23625 · Totolink · Totolink X15

Name of the Vulnerable Software and Affected Versions: TOTOLINK X15 version 1.0.0-B20230714.1105 Description: A critical vulnerability was found in the TOTOLINK X15, affecting the function formMapReboot of the file /boafrm/formMapReboot. The manipulation of the deviceMacAddr argument leads to a...

CVE-2025-0848

A vulnerability was found in Tenda A18 up to 15.13.07.09. It has been rated as critical. This issue affects the function SetCmdlineRun of the file /goform/SetCmdlineRun of the component HTTP POST Request Handler. The manipulation of the argument wpapskcrypto5g leads to stack-based buffer overflow...

CVE-2024-9284

A vulnerability was found in TP-LINK TL-WR841ND up to 20240920. It has been rated as critical. Affected by this issue is some unknown functionality of the file /userRpm/popupSiteSurveyRpm.htm. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack may be launched...

CVE-2024-33212

Tenda FH1206 V1.2.0.88155EN was discovered to contain a stack-based buffer overflow vulnerability via the funcpara1 parameter in ip/goform/setcfm...

CVE-2024-33211

Tenda FH1206 V1.2.0.88155EN was discovered to contain a stack-based buffer overflow vulnerability via the PPPOEPassword parameter in ip/goform/QuickIndex...

CVE-2024-0321

Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV...

CVE-2024-0932

A vulnerability, which was classified as critical, has been found in Tenda AC10U 15.03.06.49multiTDE01. This issue affects the function setSmartPowerManagement. The manipulation of the argument time leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been...

CVE-2024-0927

A vulnerability was found in Tenda AC10U 15.03.06.49multiTDE01. It has been classified as critical. Affected is the function fromAddressNat. The manipulation of the argument entrys/mitInterface/page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit ha...