Acexy Wireless-N WiFi Repeater REV 1.0 - Repeater Password Disclosure

Acexy Wireless-N WiFi Repeater REV 1.0 is vulnerable to password disclosure because the password.html page of the web management interface contains the administrator account password in plaintext. id: CVE-2021-28937 info: name: Acexy Wireless-N WiFi Repeater REV 1.0 - Repeater Password Disclosure...

Netis Wifi Router - Information Disclosure

An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi 11AC Router NC63 3.0.0.3327 and 3.0.0.3503 and Netis Wifi 11AC Router NC21 3.0.0.3800, 3.0.0.3500 and 3.0.0.3329 and Netis Wifi Router MW5360 1.0.1.3442 and 1.0.1.3031 allows a...

EUVD-2026-39853

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925txcheckaggr Move the NULL check for 'sta' before dereferencing it to prevent a possible crash...

CVE-2026-53318

CVE-2026-53318 describes a fix in the Linux kernel’s wireless stack: for mt76/mt7925, a NULL pointer dereference in mt7925_tx_check_aggr() was mitigated by moving the NULL check for the 'sta' pointer before its dereference, preventing a possible crash. The vulnerability affects the mt7925 compone...

CVE-2026-53317

In CVE-2026-53317, a Linux kernel wifi mt76 mt7921 issue allowed a firmware crash when an AID exceeded 20 on IFTYPE_AP. Tests showed stock hostapd starts AIDs at 1, but a modified hostapd allocated at 65, triggering the crash. The fix enforces an upper limit on associated stations so AIDs above 2...

CVE-2026-53101

A flaw was found in the Linux kernel's mt7921 Wi-Fi driver. A potential deadlock can occur when the rocabortsync function attempts to cancel a work item while rocwork is still running and holding a mutex. This situation, which can arise during Wi-Fi station removal, causes both sides to block,...

VelotiSmart Wifi - Directory Traversal

VelotiSmart WiFi B-380 camera devices allow directory traversal via the uc-http service 1.0.0, as demonstrated by /../../etc/passwd on TCP port 80. id: CVE-2018-14064 info: name: VelotiSmart Wifi - Directory Traversal author: 0xAkoko severity: critical description: VelotiSmart WiFi B-380 camera...

CVE-2026-38571

The CVE-2026-38571 entry concerns the Tenda N300 F3 (V603) router. It describes an unauthenticated UART debug console where cleartext WPA2 credentials can be exposed and rr/wr memory read/write commands lack authentication, enabling a physically proximate attacker to obtain credentials in clearte...

CVE-2026-53102

A flaw was found in the Linux kernel's mt76 Wi-Fi driver. This vulnerability, a memory leak, occurs when the mt76connacmcuallocstareq function allocates a socket buffer skb that is not properly freed if subsequent operations, such as mt76connacmcustawedupdate or mt76connacmcustakeytlv, fail. This...

EUVD-2026-39208

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: enforce HE/EHT cap/oper consistency Xiang Mei reports that mac80211 could crash if ehtcap is set but ehtoper isn't. Rather than fixing that for the individual users, enforce that both HE/EHT have consistent elemen...

CVE-2026-53257

The CVE-2026-53257 entry concerns the Linux kernel’s wifi stack (mac80211/cfg80211) where HE/EHT capability elements (HE/EHT cap and oper) must be consistent. The bug allowed a crash in mac80211 when eht_cap is set but eht_oper isn’t; the fix enforces that both HE and EHT elements are aligned to ...

CVE-2026-53257

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: enforce HE/EHT cap/oper consistency Xiang Mei reports that mac80211 could crash if ehtcap is set but ehtoper isn't. Rather than fixing that for the individual users, enforce that both HE/EHT have consistent elemen...

CVE-2026-53258

The CVE describes a memory leak in the Linux kernel wlan 6 GHz scanning path. Root cause: rdev->int_scan_req is leaked when cfg80211_scan() fails, because the expected release at ___cfg80211_scan_done() doesn’t occur since rdev->scan_req is NULL at that point, causing the freeing function t...

CVE-2026-53258

In the Linux kernel, the following vulnerability has been resolved: wifi: fix leak if split 6 GHz scanning fails rdev-intscanreq is leaked if cfg80211scan fails. Note that it's supposed to be released at cfg80211scandone but this doesn't happen as rdev-scanreq is NULL at that point, too, leading ...

CVE-2026-53182

The CVE-2026-53182 entry describes a Linux kernel wifi issue in nl80211: the parser for EMA RNR elements stores the parsed count in a u8 cfg80211_rnr_elems::cnt and uses that to size the flexible array. The fix rejects nested NL80211_ATTR_EMA_RNR_ELEMS input once the count reaches 255, before inc...

EUVD-2026-39273

In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: reject oversized EMA RNR lists nl80211parsernrelems stores the parsed element count in a u8-backed cfg80211rnrelems::cnt field and uses that count to size the flexible array allocation. Reject nested...

CVE-2026-53182

In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: reject oversized EMA RNR lists nl80211parsernrelems stores the parsed element count in a u8-backed cfg80211rnrelems::cnt field and uses that count to size the flexible array allocation. Reject nested...

CVE-2026-53178

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: rtwmlme: add bounds checks before ielength subtraction Add guards to ensure ielength is large enough before subtracting fixed IE offsets to prevent unsigned integer underflow...

CVE-2026-53097

A flaw was found in the Linux kernel's mt7996 Wi-Fi driver. A use-after-free vulnerability exists in the mt7996macdumpwork function due to a race condition during the detachment of the mt7996 PCI chip. This can occur when mt7996crashdata is released while a related work item is still active,...

RockyLinux 9 : kernel (RLSA-2026:27789)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:27789 advisory. kernel: can: isotp: fix tx.buf use-after-free in isotpsendmsg CVE-2026-31474 kernel: mptcp: fix slab-use-after-free in inetlookupestablished...