Lucene search
+L

172 matches found

NVD
NVD
added 2026/07/01 5:16 p.m.10 views

CVE-2026-58454

JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a remote code execution vulnerability that allows authenticated attackers to execute arbitrary shell scripts by writing to the writable persistent JFFS2 storage path and triggering execution through the authenticated HTT...

7.7CVSS0.00523EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/01 3:36 p.m.36 views

CVE-2026-58454 JAIOTlink C492A-W6 4.8.30.57701411 RCE via /Anyka/config Endpoint

JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a remote code execution vulnerability that allows authenticated attackers to execute arbitrary shell scripts by writing to the writable persistent JFFS2 storage path and triggering execution through the authenticated HTT...

7.7CVSS0.00523EPSS
Exploits0References3
CVE
CVE
added 2026/07/01 3:33 p.m.21 views

CVE-2026-58453

JAIOTlink C492A-W6 Wi‑Fi IP cameras (firmware 4.8.30.57701411) are affected by CVE-2026-58453 due to hard-coded credentials. An attacker on the network can authenticate to the anyka_ipc HTTP service (port 80) using the default admin username with an empty password, gaining unauthorized access to ...

9.8CVSS5.8AI score0.0169EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 3:33 p.m.6 views

EUVD-2026-41049

JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a hard-coded credentials vulnerability that allows network-adjacent attackers to gain unauthorized access by using the default admin username with an empty password accepted by the anykaipc HTTP service on port 80...

9.8CVSS5.8AI score0.0169EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/01 3:31 p.m.35 views

CVE-2026-58452 JAIOTlink C492A-W6 4.8.30.57701411 OS Command Injection via SetMAC Endpoint

JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain an OS command injection vulnerability that allows authenticated attackers to achieve remote code execution by supplying a malicious Wireless parameter to the HTTP PUT NetSDK/Factory SetMAC endpoint. Attackers can craft a...

8.8CVSS0.02422EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 10:41 a.m.10 views

CVE-2022-35555

A command injection vulnerability exists in /goform/exeCommand in Tenda W6 V1.0.0.94122, which allows attackers to construct cmdinput parameters for arbitrary command execution...

9.8CVSS7.5AI score0.24952EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:40 a.m.9 views

CVE-2022-35560

A stack overflow vulnerability exists in /goform/wifiSSIDset in Tenda W6 V1.0.0.94122 version, which can be exploited by attackers to cause a denial of service DoS via the index parameter...

7.5CVSS7.1AI score0.00889EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:40 a.m.8 views

CVE-2022-35559

A stack overflow vulnerability exists in /goform/setAutoPing in Tenda W6 V1.0.0.94122, which allows an attacker to construct ping1 parameters and ping2 parameters for a stack overflow attack. An attacker can use this vulnerability to execute arbitrary code execution...

9.8CVSS8.1AI score0.10886EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:39 a.m.9 views

CVE-2022-35561

A stack overflow vulnerability exists in /goform/WifiMacFilterSet in Tenda W6 V1.0.0.94122 version, which can be exploited by attackers to cause a denial of service DoS via the index parameter...

7.5CVSS7.1AI score0.00889EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/31 4:9 p.m.9 views

CVE-2025-15254

A vulnerability was found in Tenda W6-S 1.0.0.4510. This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing a manipulation results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used...

8.8CVSS6.3AI score0.0326EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/30 6:30 p.m.5 views

EUVD-2025-205784

A vulnerability was found in Tenda W6-S 1.0.0.4510. This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing manipulation results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used...

6.5CVSS6.6AI score0.0326EPSS
Exploits1References6
OSV
OSV
added 2025/12/30 4:15 p.m.5 views

CVE-2025-15254

A vulnerability was found in Tenda W6-S 1.0.0.4510. This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing a manipulation results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used...

8.8CVSS5.6AI score0.0326EPSS
Exploits1References5
NVD
NVD
added 2025/12/30 4:15 p.m.5 views

CVE-2025-15254

A vulnerability was found in Tenda W6-S 1.0.0.4510. This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing a manipulation results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used...

8.8CVSS0.0326EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2025/12/30 4:2 p.m.7 views

CVE-2025-15255

A vulnerability was determined in Tenda W6-S 1.0.0.4510. This impacts an unknown function of the file /bin/httpd of the component R7websSsecurityHandler. Executing a manipulation of the argument Cookie can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has...

10CVSS6.2AI score0.03923EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2025/12/30 4:2 p.m.36 views

CVE-2025-15255 Tenda W6-S R7websSsecurityHandler httpd stack-based overflow

A vulnerability was determined in Tenda W6-S 1.0.0.4510. This impacts an unknown function of the file /bin/httpd of the component R7websSsecurityHandler. Executing a manipulation of the argument Cookie can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has...

10CVSS0.03923EPSS
Exploits1References5
EUVD
EUVD
added 2025/12/30 4:2 p.m.5 views

EUVD-2025-205819

A vulnerability was determined in Tenda W6-S 1.0.0.4510. This impacts an unknown function of the file /bin/httpd of the component R7websSsecurityHandler. Executing manipulation of the argument Cookie can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has bee...

10CVSS6.8AI score0.03923EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/12/30 4:2 p.m.5 views

CVE-2025-15255 Tenda W6-S R7websSsecurityHandler httpd stack-based overflow

A vulnerability was determined in Tenda W6-S 1.0.0.4510. This impacts an unknown function of the file /bin/httpd of the component R7websSsecurityHandler. Executing a manipulation of the argument Cookie can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has...

10CVSS9.4AI score0.03923EPSS
Exploits1References5
CVE
CVE
added 2025/12/30 4:2 p.m.34 views

CVE-2025-15255

Tenda W6-S is affected by CVE-2025-15255. The vulnerability exists in the R7websSsecurityHandler component of /bin/httpd and is triggered by manipulating the Cookie argument, causing a stack-based buffer overflow. The issue can be exploited remotely and a public exploit is available. Affected ver...

10CVSS9.4AI score0.03923EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2025/12/30 3:32 p.m.36 views

CVE-2025-15254 Tenda W6-S ATE Service ate TendaAte os command injection

A vulnerability was found in Tenda W6-S 1.0.0.4510. This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing a manipulation results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used...

6.5CVSS0.0326EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/12/30 3:32 p.m.6 views

CVE-2025-15254 Tenda W6-S ATE Service ate TendaAte os command injection

A vulnerability was found in Tenda W6-S 1.0.0.4510. This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing a manipulation results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used...

6.5CVSS6.3AI score0.0326EPSS
Exploits1References5
Rows per page
Query Builder