CVE-2026-45255

CVE-2026-45255 affects the BSD installer/config tooling (bsdinstall/bsdconfig). During Wi‑Fi network scans, code builds a list of network names and prompts the user with bsddialog(1). The shell script handling network names does not sanitize shell expansion, allowing a crafted SSID to execute com...

PT-2026-24903

A vulnerability has been found in Tenda i3 1.0.0.62204. Affected by this vulnerability is the function formwrlSSIDset of the file /goform/wifiSSIDset. The manipulation of the argument index/GO leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has bee...

CVE-2026-25196

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the Wi-Fi SSID and/or password fields can lead to remote code execution when the configuration is...

PT-2026-22277

Name of the Vulnerable Software and Affected Versions XWEB Pro versions prior to 1.12.1 Description A flaw exists that allows a logged-in attacker to execute code on the system remotely. This is achieved by injecting malicious input into the Wi-Fi SSID and/or password fields. Processing the...

CVE-2026-2905

CVE-2026-2905 affects Tenda HG9 (model/version 300001138) with a stack-based buffer overflow in the Wireless Configuration Endpoint, specifically in /boaform/formWlanSetup when the ssid argument is manipulated. The vulnerability can be triggered remotely over the network with low attack complexit...

CVE-2020-37150

Affected software: Edimax EW-7438RPn-v3 Mini, version 1.27. The vulnerability allows unauthenticated attackers to access the /wizard_reboot.asp endpoint in unsetup mode, disclosing the Wi-Fi SSID and security key. Attackers can retrieve the wireless password by issuing a GET request to this endpo...

PT-2026-6590

Name of the Vulnerable Software and Affected Versions Edimax EW-7438RPn-v3 Mini version 1.27 Description The Edimax EW-7438RPn-v3 Mini version 1.27 allows unauthenticated attackers to access the /wizard reboot.asp API endpoint in unsetup mode. This access discloses the Wi-Fi SSID and security key...

CVE-2020-37097 Edimax EW-7438RPn 1.13 - Information Disclosure (WiFi Password)

Edimax EW-7438RPn 1.13 contains an information disclosure vulnerability that exposes WiFi network configuration details through the wlencryptwiz.asp file. Attackers can access the script to retrieve sensitive information including WiFi network name and plaintext password stored in device...

Tenda AC6 安全漏洞

Tenda AC6 is a dual-band wireless router from Tenda, designed for 100 Gigabit fiber optic home users. The Tenda AC6 suffers from a stack buffer overflow vulnerability, which originates from the ssid parameter in the fastsettingwifiset function failing to properly validate the length of the input...

EUVD-2021-26529

Malware in sbrugna...

EUVD-2021-29844

Malicious code in bioql PyPI...

CVE-2025-60017

Unitree Go2, G1, H1, and B2 devices through 2025-09-20 allow root OS command injection via the hostapdrestart.sh wifissid or wifipass parameter within restartwifiap and restartwifista...

CVE-2021-3186

A Stored Cross-site scripting XSS vulnerability in /main.html Wifi Settings in Tenda AC5 AC1200 version V15.03.06.47multi allows remote attackers to inject arbitrary web script or HTML via the Wifi Name parameter...

PT-2024-12514 · Solax · Solax Pocket Wifi

Name of the Vulnerable Software and Affected Versions: SolaX Pocket WiFi versions 3 through 3.001.02 Description: An issue was discovered where authentication for the web interface is completed via an unauthenticated WiFi AP. The administrative password for the web interface has a default passwor...

CVE-2023-49044

Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the ssid parameter in the function formfastsettingwifiset...

CVE-2023-36499

Netgear XR300 v1.0.3.78 was discovered to contain multiple buffer overflows via the wlassid and wlgssid parameters at genieapwifichange.cgi...

CVE-2023-31478

An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and key...

CVE-2022-20327

In Wi-Fi, there is a possible way to retrieve the WiFi SSID without location permissions due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Androi...

CVE-2022-30729

Implicit Intent hijacking vulnerability in Settings prior to SMR Jun-2022 Release 1 allows attackers to get Wi-Fi SSID and password via a malicious QR code scanner...

PT-2022-11733 · Totolink · Totolink Ex1200T

Name of the Vulnerable Software and Affected Versions: TOTOLINK EX1200T version 4.1.2cu.5215 Description: The issue allows an attacker to obtain sensitive information, such as wifikey and wifiname, without authorization. Recommendations: For TOTOLINK EX1200T version 4.1.2cu.5215, at the moment,...