CVE-2025-69763

Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formSetIptv via the vlanId parameter, which can cause memory corruption and enable remote code execution...

CVE-2022-25441

Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution RCE vulnerability via the vlanid parameter in the SetIPTVCfg function...

CVE-2018-20503

Allied Telesis 8100L/8 devices allow XSS via the edit-ipv4interface.php vlanid or subnetmask parameter...

CVE-2024-48637

D-Link DIR882FW130B06 and DIR878 DIR878FW130B08 were discovered to contain a command injection vulnerability via the VLANID:1/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request...

CVE-2024-48635

D-Link DIR882FW130B06 and DIR878 DIR878FW130B08 were discovered to contain a command injection vulnerability via the VLANID:2/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request...

CVE-2024-48636

D-Link DIR882FW130B06 and DIR878 DIR878FW130B08 were discovered to contain a command injection vulnerability via the VLANID:0/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request...

PT-2024-7031 · D Link · D-Link Dir-878 +1

Name of the Vulnerable Software and Affected Versions: D-Link DIR-878 version DIR 878 FW130B08 D-Link DIR-882 version DIR 882 FW130B06 Description: The issue exists due to the lack of neutralization of special elements used in the operating system command in the SetVLANSettings function of the...

CVE-2023-40839

Tenda AC6 USAC6V1.0BRV15.03.05.16multiTD01.bin function 'subADF3C' contains a command execution vulnerability. In the "formSetIptv" function, obtaining the "list" and "vlanId" fields, unfiltered passing these two fields as parameters to the "subADF3C" function to execute commands...

CVE-2022-25441

Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution RCE vulnerability via the vlanid parameter in the SetIPTVCfg function...

CVE-2022-25441

Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution RCE vulnerability via the vlanid parameter in the SetIPTVCfg function...

CVE-2022-25441

Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution RCE vulnerability via the vlanid parameter in the SetIPTVCfg function...

Command injection

Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution RCE vulnerability via the vlanid parameter in the SetIPTVCfg function...

CVE-2022-25441

Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution RCE vulnerability via the vlanid parameter in the SetIPTVCfg function...

Tenda AC9 操作系统命令注入漏洞

Tenda AC9 is a wireless router from Tenda, China.A command injection vulnerability exists in Tenda AC9 version 15.03.2.21, which stems from the failure of the vlanid parameter in the SetIPTVCfg function to properly filter the special elements of the construction snippet, which can be exploited to...

PT-2022-17296 · Tenda · Tenda Ac9

Name of the Vulnerable Software and Affected Versions: Tenda AC9 version 15.03.2.21 Description: A remote command execution issue was discovered, allowing for potential exploitation via the vlanid parameter in the SetIPTVCfg function. This could lead to unauthorized access and control...