EUVD-2026-4691

A flaw has been found in Tenda AC23 16.03.07.52. This impacts an unknown function of the file /goform/WifiExtraSet. This manipulation of the argument wpapskcrypto causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used...

CVE-2026-1420

CVE-2026-1420 affects Tenda AC23 routers (Firmware 16.03.07.52). The vulnerability is a buffer overflow in the /goform/WifiExtraSet function caused by manipulation of the wpapsk_crypto argument, enabling remote exploitation. Reports indicate the exploit has been published and may be used in the w...

PT-2025-47105

Name of the Vulnerable Software and Affected Versions Tenda AC20 versions up to 16.03.08.12 Description A buffer overflow exists in the Tenda AC20 router. The issue is located in an unknown function within the /goform/WifiExtraSet file. Manipulation of the wpapsk crypto argument can trigger the...

EUVD-2025-48949

Tenda AX3 V16.03.12.10CN was discovered to contain a stack overflow in the wpapskcrypto parameter of the wlSetExternParameter function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

EUVD-2021-29844

Malicious code in bioql PyPI...

SUSE CVE-2023-52530

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix potential key use-after-free When ieee80211keylink is called by ieee80211gtkrekeyadd but returns 0 due to KRACK protection identical key reinstall, ieee80211gtkrekeyadd will still return a pointer into the key...

PT-2024-1373 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10U version 15.03.06.49 multi TDE01 Description: The issue is related to a critical vulnerability in the SetWirelessRepeat function of the Tenda AC10U router's firmware, which is associated with a stack-based buffer overflow. This can...

CVE-2023-40038

Arris DG860A and DG1670A devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. They use the first 6 characters of the SSID and the last 6 characters of the BSSID, decrementing the last digit...

PT-2023-27229 · Arris · Arris Dg860A +1

Name of the Vulnerable Software and Affected Versions: Arris DG860A affected versions not specified Arris DG1670A affected versions not specified Description: The devices have predictable default WPA2 PSKs, which could lead to unauthorized remote access. They use the first 6 characters of the SSI...

Multiple vulnerabilities in ELECOM and LOGITEC routers

Overview Multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION contain multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2023-43752 Inadequate Encryption Strength CWE-326 - CVE-2023-43757 CVE-2023-43752 Chuya Hayakawa of 00One, Inc. reported this vulnerabilit...

ARRIS TG852G Security Vulnerability

The ARRIS TG852G is a router from ARRIS. A security vulnerability exists in the ARRIS TG852G, TG862G, and TG1672G, which stems from a vulnerability that allows an attacker to obtain the default WPA2-PSK value by observing beacon frames...

PT-2023-27230 · Arris · Arris Tg862G +2

Name of the Vulnerable Software and Affected Versions: ARRIS TG852G affected versions not specified ARRIS TG862G affected versions not specified ARRIS TG1672G affected versions not specified Description: A remote attacker in proximity to a Wi-Fi network can derive the default WPA2-PSK value by...

CVE-2023-31478

An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and key...

PT-2022-22986 · Abode Systems · Iota All-In-One Security Kit

Name of the Vulnerable Software and Affected Versions: Abode Systems, Inc. iota All-In-One Security Kit versions 6.9X and 6.9Z Description: The issue arises from format string injection via the wpapsk configuration parameter within the testWifiAP XCMD handler. Specially-crafted configuration valu...

CVE-2022-30327

An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The web interface is vulnerable to CSRF. An attacker can change the pre-shared key of the Wi-Fi router if the interface's IP address is known...

CVE-2022-30327

An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The web interface is vulnerable to CSRF. An attacker can change the pre-shared key of the Wi-Fi router if the interface's IP address is known...

CVE-2021-42893

In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information wifikey, etc. without authorization through getSysStatusCfg...

TOTOLINK EX1200T 访问控制错误漏洞

TOTOLINK EX1200T is a Wi-Fi range extender from China-based Gion Electronics TOTOLINK.TOTOLINK EX1200T is vulnerable to information disclosure, which can be exploited by attackers to obtain sensitive information wifikey, etc. without authorization via getSysStatusCfg...

PT-2022-11738 · Totolink · Totolink Ex1200T

Name of the Vulnerable Software and Affected Versions: TOTOLINK EX1200T version 4.1.2cu.5215 Description: The issue allows an attacker to obtain sensitive information, such as wifikey, without authorization through the getSysStatusCfg function. Recommendations: For TOTOLINK EX1200T version...

PT-2022-11733 · Totolink · Totolink Ex1200T

Name of the Vulnerable Software and Affected Versions: TOTOLINK EX1200T version 4.1.2cu.5215 Description: The issue allows an attacker to obtain sensitive information, such as wifikey and wifiname, without authorization. Recommendations: For TOTOLINK EX1200T version 4.1.2cu.5215, at the moment,...