Vulnerabilities (CVE)

Filtered by CWE-119
Total 13642 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-15234 1 Tenda 2 M3, M3 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A weakness has been identified in Tenda M3 1.0.0.13(4903). Impacted is the function formSetRemoteInternetLanInfo of the file /goform/setInternetLanInfo. This manipulation of the argument portIp/portMask/portGateWay/portDns/portSecDns causes heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.
CVE-2025-15233 1 Tenda 2 M3, M3 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A security flaw has been discovered in Tenda M3 1.0.0.13(4903). This issue affects the function formSetAdInfoDetails of the file /goform/setAdInfoDetail. The manipulation of the argument adName/smsPassword/smsAccount/weixinAccount/weixinName/smsSignature/adRedirectUrl/adCopyRight/smsContent/adItemUID results in heap-based buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
CVE-2025-15232 1 Tenda 2 M3, M3 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability was identified in Tenda M3 1.0.0.13(4903). This vulnerability affects the function formSetAdPushInfo of the file /goform/setAdPushInfo. The manipulation of the argument mac/terminal leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
CVE-2025-15231 1 Tenda 2 M3, M3 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability was determined in Tenda M3 1.0.0.13(4903). This affects the function formSetRemoteVlanInfo of the file /goform/setVlanInfo. Executing a manipulation of the argument ID/vlan/port can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2025-15230 1 Tenda 2 M3, M3 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability was found in Tenda M3 1.0.0.13(4903). Affected by this issue is the function formSetVlanPolicy of the file /goform/setVlanPolicyData. Performing a manipulation of the argument qvlan_truck_port results in heap-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
CVE-2025-15218 1 Tenda 2 Ac10u, Ac10u Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A weakness has been identified in Tenda AC10U 15.03.06.48/15.03.06.49. Affected by this vulnerability is the function fromadvsetlanip of the file /goform/AdvSetLanip of the component POST Request Parameter Handler. Executing a manipulation of the argument lanMask can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
CVE-2025-15217 1 Tenda 2 Ac23, Ac23 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A security flaw has been discovered in Tenda AC23 16.03.07.52. Affected is the function formSetPPTPUserList of the component HTTP POST Request Handler. Performing a manipulation of the argument list results in buffer overflow. The attack can be initiated remotely.
CVE-2025-15216 1 Tenda 2 Ac23, Ac23 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability was identified in Tenda AC23 16.03.07.52. This impacts the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument bindnum leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
CVE-2025-15215 1 Tenda 2 Ac10u, Ac10u Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability was determined in Tenda AC10U 15.03.06.48/15.03.06.49. This affects the function formSetPPTPUserList of the file /goform/setPptpUserList of the component HTTP POST Request Handler. This manipulation of the argument list causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2025-15194 1 Dlink 2 Dir-600, Dir-600 Firmware 2026-06-17 10.0 HIGH 9.8 CRITICAL
A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. Affected by this vulnerability is an unknown functionality of the file hedwig.cgi of the component HTTP Header Handler. The manipulation of the argument Cookie results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2025-15193 1 Dlink 2 Dwr-m920, Dwr-m920 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. This affects the function sub_423848 of the file /boafrm/formParentControl. Performing manipulation of the argument submit-url results in buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used.
CVE-2025-15190 1 Dlink 2 Dwr-m920, Dwr-m920 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A security flaw has been discovered in D-Link DWR-M920 up to 1.1.50. Impacted is the function sub_42261C of the file /boafrm/formFilter. The manipulation of the argument ip6addr results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be exploited.
CVE-2025-15189 1 Dlink 2 Dwr-m920, Dwr-m920 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability was identified in D-Link DWR-M920 up to 1.1.50. This issue affects the function sub_464794 of the file /boafrm/formDefRoute. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used.
CVE-2025-15180 1 Tenda 2 Wh450, Wh450 Firmware 2026-06-17 8.3 HIGH 7.2 HIGH
A vulnerability was identified in Tenda WH450 1.0.0.18. The affected element is an unknown function of the file /goform/webExcptypemanFilte of the component HTTP Request Handler. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit is publicly available and might be used.
CVE-2025-15179 1 Tenda 2 Wh450, Wh450 Firmware 2026-06-17 8.3 HIGH 7.2 HIGH
A vulnerability was determined in Tenda WH450 1.0.0.18. Impacted is an unknown function of the file /goform/qossetting. This manipulation of the argument page causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2025-15178 1 Tenda 2 Wh450, Wh450 Firmware 2026-06-17 8.3 HIGH 7.2 HIGH
A vulnerability was found in Tenda WH450 1.0.0.18. This issue affects some unknown processing of the file /goform/VirtualSer of the component HTTP Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used.
CVE-2025-15177 1 Tenda 2 Wh450, Wh450 Firmware 2026-06-17 8.3 HIGH 7.2 HIGH
A vulnerability has been found in Tenda WH450 1.0.0.18. This vulnerability affects unknown code of the file /goform/SetIpBind of the component HTTP Request Handler. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-15164 1 Tenda 2 Wh450, Wh450 Firmware 2026-06-17 8.3 HIGH 7.2 HIGH
A security flaw has been discovered in Tenda WH450 1.0.0.18. This affects an unknown part of the file /goform/SafeMacFilter. The manipulation of the argument page results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
CVE-2025-15163 1 Tenda 2 Wh450, Wh450 Firmware 2026-06-17 8.3 HIGH 7.2 HIGH
A vulnerability was identified in Tenda WH450 1.0.0.18. Affected by this issue is some unknown functionality of the file /goform/SafeEmailFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
CVE-2025-15162 1 Tenda 2 Wh450, Wh450 Firmware 2026-06-17 8.3 HIGH 7.2 HIGH
A vulnerability was determined in Tenda WH450 1.0.0.18. Affected by this vulnerability is an unknown functionality of the file /goform/RouteStatic. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.