Total
2932 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-44183 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-04-29 | N/A | 9.8 CRITICAL |
| Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetWifiGuestBasic. | |||||
| CVE-2022-44180 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-04-29 | N/A | 9.8 CRITICAL |
| Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function addWifiMacFilter. | |||||
| CVE-2022-44178 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-04-29 | N/A | 9.8 CRITICAL |
| Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow. via function formWifiWpsOOB. | |||||
| CVE-2022-44177 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-04-29 | N/A | 9.8 CRITICAL |
| Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formWifiWpsStart. | |||||
| CVE-2022-44176 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-04-29 | N/A | 9.8 CRITICAL |
| Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function fromSetRouteStatic. | |||||
| CVE-2022-44175 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-04-29 | N/A | 9.8 CRITICAL |
| Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetMacFilterCfg. | |||||
| CVE-2022-44174 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-04-29 | N/A | 9.8 CRITICAL |
| Tenda AC18 V15.03.05.05 is vulnerable to Buffer Overflow via function formSetDeviceName. | |||||
| CVE-2025-28022 | 2025-04-29 | N/A | 7.3 HIGH | ||
| TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v25 parameter. | |||||
| CVE-2025-28025 | 2025-04-29 | N/A | 7.3 HIGH | ||
| TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in downloadFile.cgi through the v14 parameter. | |||||
| CVE-2025-28019 | 2025-04-29 | N/A | 7.3 HIGH | ||
| TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in the downloadFile.cgi component | |||||
| CVE-2025-28021 | 2025-04-29 | N/A | 7.3 HIGH | ||
| TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in the downloadFile.cgi through the v14 and v3 parameters | |||||
| CVE-2025-28028 | 2025-04-29 | N/A | 7.3 HIGH | ||
| TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in downloadFile.cgi through the v5 parameter. | |||||
| CVE-2025-28020 | 2025-04-29 | N/A | 7.3 HIGH | ||
| TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v25 parameter. | |||||
| CVE-2025-28018 | 2025-04-29 | N/A | 7.3 HIGH | ||
| TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v14 parameter. | |||||
| CVE-2024-6198 | 2025-04-29 | N/A | N/A | ||
| The device exposes a web interface on ports TCP/3030 and TCP/9882. This web service runs lighttpd, which implements the “SNORE” interface. This interface is affected by a stack buffer overflow vulnerability due to insecure path parsing. An attacker with access to the LAN network interface could use a specially crafted HTTP request to exploit a buffer overflow on the modem. | |||||
| CVE-2024-6199 | 2025-04-29 | N/A | N/A | ||
| An unauthenticated attacker on the WAN interface, with the ability to intercept Dynamic DNS (DDNS) traffic between DDNS services and the modem, could manipulate specific responses to include code that forces a buffer overflow on the modem. Customers that have not enabled Dynamic DNS on their modem are not vulnerable. | |||||
| CVE-2025-3993 | 2025-04-29 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525 and classified as critical. This issue affects some unknown processing of the file /boafrm/formWsc. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-2851 | 2025-04-29 | 7.7 HIGH | 8.0 HIGH | ||
| A vulnerability classified as critical has been found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x. Affected is an unknown function of the file plugins.so of the component RPC Handler. The manipulation leads to buffer overflow. It is recommended to upgrade the affected component. | |||||
| CVE-2025-3989 | 2025-04-29 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability classified as critical was found in TOTOLINK N150RT 3.4.0-B20190525. Affected by this vulnerability is an unknown functionality of the file /boafrm/formStaticDHCP. The manipulation of the argument Hostname leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3991 | 2025-04-29 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability, which was classified as critical, was found in TOTOLINK N150RT 3.4.0-B20190525. This affects an unknown part of the file /boafrm/formWdsEncrypt. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||