CVE-2026-5155

A vulnerability was found in Tenda CH22 1.0.0.1. This affects the function fromAdvSetWan of the file /goform/AdvSetWan of the component Parameter Handler. The manipulation of the argument wanmode results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been mad...

CVE-2026-3678

A vulnerability was determined in Tenda FH451 1.0.0.9. Affected is the function sub3C434 of the file /goform/AdvSetWan. This manipulation of the argument wanmode/PPPOEPassword causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclos...

CVE-2023-43892

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the Hostname parameter within the WAN settings. This vulnerability is exploited via a crafted payload...

CVE-2025-68715

An issue was discovered in Panda Wireless PWRU0 devices with firmware 2.2.9 that exposes multiple HTTP endpoints /goform/setWan, /goform/setLan, /goform/wirelessBasic that do not enforce authentication. A remote unauthenticated attacker can modify WAN, LAN, and wireless settings directly, leading...

CVE-2025-68715

An issue was discovered in Panda Wireless PWRU0 devices with firmware 2.2.9 that exposes multiple HTTP endpoints /goform/setWan, /goform/setLan, /goform/wirelessBasic that do not enforce authentication. A remote unauthenticated attacker can modify WAN, LAN, and wireless settings directly, leading...

PT-2026-1917

Name of the Vulnerable Software and Affected Versions Panda Wireless PWRU0 version 2.2.9 Description An issue exists in Panda Wireless PWRU0 devices that exposes multiple HTTP endpoints without authentication. These endpoints include '/goform/setWan', '/goform/setLan', and '/goform/wirelessBasic'...

CVE-2025-14208

A security flaw has been discovered in D-Link DIR-823X up to 20250416. This affects the function sub415028 of the file /goform/setwansettings. The manipulation of the argument pppusername results in command injection. It is possible to launch the attack remotely. The exploit has been released to...

CVE-2025-14208

A security flaw has been discovered in D-Link DIR-823X up to 20250416. This affects the function sub415028 of the file /goform/setwansettings. The manipulation of the argument pppusername results in command injection. It is possible to launch the attack remotely. The exploit has been released to...

CVE-2025-14208 D-Link DIR-823X set_wan_settings sub_415028 command injection

A security flaw has been discovered in D-Link DIR-823X up to 20250416. This affects the function sub415028 of the file /goform/setwansettings. The manipulation of the argument pppusername results in command injection. It is possible to launch the attack remotely. The exploit has been released to...

CVE-2025-14208 D-Link DIR-823X set_wan_settings sub_415028 command injection

A security flaw has been discovered in D-Link DIR-823X up to 20250416. This affects the function sub415028 of the file /goform/setwansettings. The manipulation of the argument pppusername results in command injection. It is possible to launch the attack remotely. The exploit has been released to...

EUVD-2025-201619

A security flaw has been discovered in D-Link DIR-823X up to 20250416. This affects the function sub415028 of the file /goform/setwansettings. The manipulation of the argument pppusername results in command injection. It is possible to launch the attack remotely. The exploit has been released to...

CVE-2025-14208

CVE-2025-14208 affects D-Link DIR-823X devices up to 20250416. The vulnerability resides in the function sub_415028 of /goform/set_wan_settings, where manipulating the argument ppp_username leads to command injection. Exploitation can be performed remotely, and public proof-of-concept/exploit mat...

D-Link DIR-823X 命令注入漏洞

The D-Link DIR-823X is a wireless router from China-based AUO D-Link. A command injection vulnerability exists in the D-Link DIR-823X 20250416 and earlier versions, which stems from incorrect manipulation of the parameter pppusername in the file /goform/setwansettings, which can lead to command...

CVE-2025-11298

A vulnerability was determined in Belkin F9K1015 1.00.10. Impacted is an unknown function of the file /goform/formSetWanStatic. Executing a manipulation of the argument mwanipaddr can lead to command injection. The attack may be performed from remote. The exploit has been publicly disclosed and m...

EUVD-2023-48252

Malicious code in bioql PyPI...

CVE-2019-13101

An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify the data fields of the page...

D-Link DIR-853 安全漏洞

The D-Link DIR-853 is a router from China-based AUO D-Link. The D-Link DIR-853 suffers from a buffer overflow vulnerability that stems from the Password parameter in the SetWanSettings module not properly handling user input. No details of the vulnerability are provided at this time...

CVE-2023-41219

D-Link DIR-3040 prog.cgi SetWanSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this vulnerability. T...

D-Link DIR-X3260 安全漏洞

The D-Link DIR-X3260 is a Wi-Fi 6 router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-X3260 that stems from a stack-based buffer overflow remote code execution vulnerability in prog.cgi SetWanSettings...

CVE-2023-44837

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Password parameter in the SetWanSettings function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...