PT-2025-52249

WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 is vulnerable to Broken Access Control in initial configuration wizard.cgi endpoint. Malicious attacker can change admin panel password without authorization. The vulnerability can also be exploited after the initial configuration has...

EUVD-2008-7060

Malware in sbrugna...

CVE-2025-10323

A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is the function sub409184 of the file /wizardrep.shtml. The manipulation of the argument selEncrypTyp results in command injection. The attack may be performed from remote. The exploit has been made public and could be...

CVE-2025-10323

CVE-2025-10323 affects Wavlink WL-WN578W2 (firmware 221110). A command injection exists in the function sub_409184 of the file wizard_rep.shtml, exploitable via the sel_EncrypTyp parameter. Public exploit evidence and remote execution potential are stated across CNVD/CNNVD/PT-2025-37342 entries; ...

CVE-2024-7154

A vulnerability, which was classified as problematic, was found in TOTOLINK A3700R 9.1.2u.5822B20200513. Affected is an unknown function of the file /wizard.html of the component Password Reset Handler. The manipulation leads to improper access controls. It is possible to launch the attack...

TOTOLINK A3700R 访问控制错误漏洞

The TOTOLINK A3700R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A3700R suffers from an Access Control Error vulnerability that originates from the /wizard.html function of the Password Reset Handler component containing an improper access control issue. An attacker...

D-Link DIR-619 安全漏洞

The D-Link DIR-619L is a wireless router designed for home and small office environments, utilizing the IEEE 802.11n standard with a maximum transmission rate of 300Mbps. The D-Link DIR-619L suffers from a buffer overflow vulnerability that originates from the parameter webpage of...

PT-2023-9693 · Totolink · Totolink A3300R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3300R version 17.0.0cu.557 B20221024 Description: The issue is related to incorrect access control, allowing attackers to reset critical passwords without authentication by visiting specific pages, such as /wizard.html or...

多款WAVLINK产品安全漏洞

WAVLINK AC1200 and so on are products of China RuiYin Technology WAVLINK company.WAVLINK AC1200 is a dual-band high-power wireless router.WAVLINK WL-WN531P3 is a wireless router.WAVLINK WN533A8 is a wireless router. A security vulnerability exists in WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3,...

CVE-2021-21735

A ZTE product has an information leak vulnerability. Due to improper permission settings, an attacker with ordinary user permissions could exploit this vulnerability to obtain some sensitive user information through the wizard page without authentication. This affects ZXHN H168N all versions up t...

Design/Logic Flaw

A ZTE product has an information leak vulnerability. Due to improper permission settings, an attacker with ordinary user permissions could exploit this vulnerability to obtain some sensitive user information through the wizard page without authentication. This affects ZXHN H168N all versions up t...

ZTE ZXHN H168N 信息泄露漏洞

The ZTE ZXHN H168N is a router from China's ZTE Corporation ZTE. The ZTE ZXHN H168N 3.5.0EG1T4TE suffers from an information disclosure vulnerability that originates from improper privilege settings, which can be exploited by an attacker with normal user privileges to obtain some sensitive user...

PT-2021-14746

Name of the Vulnerable Software and Affected Versions ZXHN H168N versions prior to V3.5.0 EG1T4 TE Description An information leak exists due to improper permission settings. An attacker with ordinary user permissions can obtain sensitive user information, including PPPoE and WLAN secrets, withou...

RICOH MP C6003 Cross-Site Scripting Vulnerability

The RICOH MP C6003 is a multifunction printer device from Ricoh Japan. A cross-site scripting vulnerability exists in the address addition area of the RICOH MP C6003. A remote attacker can exploit this vulnerability by sending the 'entryNameIn' parameter to the...

2Wire Password Reset

require 'msf/core' class Metasploit3 '2Wire Password Reset', 'Version' = '$Revision: 1 $', 'Description' = %Q This module will reset the admin password on a 2wire wireless router. This works by using a setup wizard page that fails to check if a user is authenicated and doesn't remove or block aft...