CVE-2026-4254

A weakness has been identified in Tenda AC8 up to 16.03.50.11. This vulnerability affects the function doSystemCmd of the file /goform/SysToolChangePwd of the component HTTP Endpoint. This manipulation of the argument local2c causes stack-based buffer overflow. The attack can be initiated remotel...

CVE-2025-68717

KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 allow authentication bypass during session validation. If any user is logged in, endpoints such as /cgi-bin/system-tool accept unauthenticated requests with empty or invalid session values. This design flaw lets attackers piggyback on another user'...

PT-2026-1919

Name of the Vulnerable Software and Affected Versions KAYSUS KS-WR3600 router version 1.0.5.9.1 Description KAYSUS KS-WR3600 routers with firmware version 1.0.5.9.1 have a flaw where authentication can be bypassed during session validation. When a user is logged in, certain API endpoints, such as...

CVE-2025-68717

KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 are affected by an authentication bypass during session validation. When any user is logged in, endpoints like /cgi-bin/system-tool accept unauthenticated requests with empty/invalid session values, enabling an attacker to piggyback on an active se...

SAMSUNG Blockchain Keystore 安全漏洞

SAMSUNG Blockchain Keystore is a system tool for creating, storing, managing and backing up private keys from Samsung South Korea. A code execution vulnerability exists in SAMSUNG Blockchain Keystore, which can be exploited by an attacker to execute arbitrary code on the system...

CVE-2022-41596

The system tool has inconsistent serialization and deserialization. Successful exploitation of this vulnerability will cause unauthorized startup of components...

CVE-2024-48419

Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 suffers from Command Injection issues in /bin/goahead. Specifically, these issues can be triggered through /goform/tracerouteDiagnosis, /goform/pingDiagnosis, and /goform/fromSysToolPingCmd Each of these issues allows an attacker with access t...

CVE-2024-10750

A vulnerability has been found in Tenda i22 1.0.0.34687 and classified as problematic. Affected by this vulnerability is the function websReadEvent of the file /goform/GetIPTV?fgHPOST/goform/SysToo. The manipulation of the argument Content-Length leads to null pointer dereference. The attack can ...

Tenda AC15 Cross-Site Request Forgery Vulnerability

Tenda AC15 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in October 2015, which supports 802.11ac protocol with a theoretical transmission rate of 1900Mbps 600Mbps in 2.4GHz band and 1300Mbps in 5GHz band. The Tenda AC15 suffers from a cross-site request forgery...

CVE-2023-36903

Windows System Assessment Tool Elevation of Privilege Vulnerability...

Tenda AC23 Out-of-Bounds Write Vulnerability

Tenda AC23 is a home dual-band wireless router launched by Tenda, focusing on large home coverage and high-speed transmission, supporting 802.11acWave2 technology, dual-band concurrent rate up to 2033Mbps. Tenda AC23 suffers from an out-of-bounds write vulnerability, which originates from the...

CVE-2022-41596

The system tool has inconsistent serialization and deserialization. Successful exploitation of this vulnerability will cause unauthorized startup of components...

CVE-2022-41596

The system tool has inconsistent serialization and deserialization. Successful exploitation of this vulnerability will cause unauthorized startup of components...

CVE-2022-41596

CVE-2022-41596 affects Huawei HarmonyOS (System Tools) with a serialization/deserialization inconsistency in the System Tools class. The vulnerability enables unauthorized startup of components due to improper handling of serialized data, as described across multiple sources. Public details in th...

CVE-2022-45498

An issue in the component tpisystoolhandle0 /goform/SysToolReboot of Tenda W6-S v1.0.0.4510 allows unauthenticated attackers to arbitrarily reboot the device...

CVE-2022-45667

Tenda i22 V1.0.0.34687 is vulnerable to Cross Site Request Forgery CSRF via function fromSysToolRestoreSet...

CVE-2022-42077

Tenda AC1206 USAC1206V1.0RTLV15.03.06.23multiTD01 is vulnerable to Cross Site Request Forgery CSRF via function fromSysToolReboot...

BusyBox 资源管理错误漏洞

BusyBox is a suite of applications containing several linux commands and tools by Denis Vlasenko, a Ukrainian individual developer. A security vulnerability exists in BusyBox version 1.35.x, which stems from a post-release reuse vulnerability in the copyvar function in the system awk gadget. An...

ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however it is shipped by some Linux distributions.

...

DCN Firewall DCME-520 安全漏洞

DCN Firewall DCME-520 is a new generation of high-performance security gateway with multi-core high performance from China Cloud Technology DCN. It has excellent performance and powerful data processing capabilities. A security vulnerability exists in the DCN Firewall DCME-520, which originates...