PT-2026-46000

Mercusys AC12G EU V1 with firmware AC12GEU V1 200909 enables WPS 2.0 by default with a weak lockout policy 60-second lockout after 10 attempts...

CVE-2026-36612

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 enables WPS 2.0 by default with a weak lockout policy 60-second lockout after 10 attempts...

EUVD-2026-34151

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 enables WPS 2.0 by default with a weak lockout policy 60-second lockout after 10 attempts...

CVE-2026-36616

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 contains hardcoded WiFi driver credentials including a RADIUS shared secret, WPS test key, and default PSK embedded in the production firmware binary...

CVE-2026-36612

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 enables WPS 2.0 by default with a weak lockout policy 60-second lockout after 10 attempts...

TRENDnet TEW-432BRP 命令注入漏洞

TRENDnet TEW-432BRP is a dual-band wireless router produced by TRENDnet Corporation. The TRENDnet TEW-432BRP 3.10B20 version has a command injection vulnerability. This vulnerability stems from the peerPin parameter in the goform/formWPS file, which allows for command execution by remote attacker...

PT-2026-28668

Name of the Vulnerable Software and Affected Versions Tenda AC5 version 15.03.06.47 Description A stack-based buffer overflow exists in the POST Request Handler component of Tenda AC5 version 15.03.06.47. The issue is located in the formWifiWpsOOB function within the /goform/WifiWpsOOB file...

CVE-2026-25532

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, a vulnerability exists in the WPS Wi-Fi Protected Setup Enrollee implementation where malformed EAP-WSC packets with truncated payloads can cause integer underflow during...

CVE-2026-25532 ESF-IDF is Vulnerable to WPS Enrollee Fragment Integer Underflow

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, a vulnerability exists in the WPS Wi-Fi Protected Setup Enrollee implementation where malformed EAP-WSC packets with truncated payloads can cause integer underflow during...

CVE-2026-25532

CVE-2026-25532 affects Espressif ESP-IDF WPS Enrollee in versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6. A malformed EAP-WSC packet with truncated payload can trigger an integer underflow during fragment length calculation, when processing EAP-Expanded (WSC) messages. The frag_len calculation sub...

EUVD-2026-5376

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, a vulnerability exists in the WPS Wi-Fi Protected Setup Enrollee implementation where malformed EAP-WSC packets with truncated payloads can cause integer underflow during...

CVE-2026-25532 ESF-IDF is Vulnerable to WPS Enrollee Fragment Integer Underflow

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, a vulnerability exists in the WPS Wi-Fi Protected Setup Enrollee implementation where malformed EAP-WSC packets with truncated payloads can cause integer underflow during...

CVE-2025-46413

Use of password hash with insufficient computational effort issue exists in BUFFALO Wi-Fi router 'WSR-1800AX4 series'. When WPS is enabled, PIN code and/or Wi-Fi password may be obtained by an attacker...

CVE-2025-46413

Use of password hash with insufficient computational effort issue exists in BUFFALO Wi-Fi router 'WSR-1800AX4 series'. When WPS is enabled, PIN code and/or Wi-Fi password may be obtained by an attacker...

EUVD-2025-38245

Use of password hash with insufficient computational effort issue exists in BUFFALO Wi-Fi router 'WSR-1800AX4 series'. When WPS is enabled, PIN code and/or Wi-Fi password may be obtained by an attacker...

Belkin F9K1015 安全漏洞

Belkin F9K1015 is a WiFi signal extender from Belkin Canada. A security vulnerability exists in the Belkin F9K1015 version 1.00.10, which stems from incorrect manipulation of the parameter webpage in the file /goform/formWlanSetupWPS, which could result in a buffer overflow...

EUVD-2025-24610

Malicious code in bioql PyPI...

EUVD-2025-25395

Malicious code in bioql PyPI...

PT-2025-34154

Name of the Vulnerable Software and Affected Versions: Linksys RE6250 versions 1.0.013.001 through 1.2.07.001 Linksys RE6300 versions 1.0.013.001 through 1.2.07.001 Linksys RE6350 versions 1.0.013.001 through 1.2.07.001 Linksys RE6500 versions 1.0.013.001 through 1.2.07.001 Linksys RE7000 version...

CVE-2025-50617

A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN0046ed68 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wpsset in the payload, which can cause the program to crash and potentially lead to a Denial of...