Total
2764 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-2873 | 1 Tenda | 2 A21, A21 Firmware | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was detected in Tenda A21 1.0.0.0. This issue affects the function setSchedWifi of the file /goform/openSchedWifi. Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is now public and may be used. | |||||
| CVE-2026-2872 | 1 Tenda | 2 A21, A21 Firmware | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| A security vulnerability has been detected in Tenda A21 1.0.0.0. This vulnerability affects the function set_device_name of the file /goform/setBlackRule of the component MAC Filtering Configuration Endpoint. Such manipulation of the argument devName/mac leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2026-2871 | 1 Tenda | 2 A21, A21 Firmware | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| A weakness has been identified in Tenda A21 1.0.0.0. This affects the function fromSetIpMacBind of the file /goform/SetIpMacBind. This manipulation of the argument list causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2026-2870 | 1 Tenda | 2 A21, A21 Firmware | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| A security flaw has been discovered in Tenda A21 1.0.0.0. Affected by this issue is the function set_qosMib_list of the file /goform/formSetQosBand. The manipulation of the argument list results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. | |||||
| CVE-2026-2857 | 1 Dlink | 2 Dwr-m960, Dwr-m960 Firmware | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was determined in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub_423E00 of the file /boafrm/formPortFw of the component Port Forwarding Configuration Endpoint. This manipulation of the argument submit-url causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2026-2856 | 1 Dlink | 2 Dwr-m960, Dwr-m960 Firmware | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in D-Link DWR-M960 1.01.07. Affected by this vulnerability is the function sub_424AFC of the file /boafrm/formFilter of the component Filter Configuration Endpoint. The manipulation of the argument submit-url results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used. | |||||
| CVE-2026-2855 | 1 Dlink | 2 Dwr-m960, Dwr-m960 Firmware | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in D-Link DWR-M960 1.01.07. Affected is the function sub_4648F0 of the file /boafrm/formDdns of the component DDNS Settings Handler. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2026-2854 | 1 Dlink | 2 Dwr-m960, Dwr-m960 Firmware | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| A flaw has been found in D-Link DWR-M960 1.01.07. This impacts the function sub_4611CC of the file /boafrm/formNtp of the component NTP Configuration Endpoint. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used. | |||||
| CVE-2026-2853 | 1 Dlink | 2 Dwr-m960, Dwr-m960 Firmware | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was detected in D-Link DWR-M960 1.01.07. This affects the function sub_462E14 of the file /boafrm/formSysLog of the component System Log Configuration Endpoint. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used. | |||||
| CVE-2026-2657 | 1 Wren | 1 Wren | 2026-06-17 | 1.7 LOW | 3.3 LOW |
| A vulnerability has been found in wren-lang wren up to 0.4.0. This impacts the function printError of the file src/vm/wren_compiler.c of the component Error Message Handler. Such manipulation leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet. | |||||
| CVE-2026-2567 | 1 Wavlink | 2 Wl-nu516u1, Wl-nu516u1 Firmware | 2026-06-17 | 8.3 HIGH | 7.2 HIGH |
| A vulnerability was detected in Wavlink WL-NU516U1 20251208. This vulnerability affects the function sub_401218 of the file /cgi-bin/nas.cgi. Performing a manipulation of the argument User1Passwd results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used. | |||||
| CVE-2026-2566 | 2026-06-17 | 8.3 HIGH | 7.2 HIGH | ||
| A security vulnerability has been detected in Wavlink WL-NU516U1 up to 130/260. This affects the function sub_406194 of the file /cgi-bin/adm.cgi. Such manipulation of the argument firmware_url leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-2565 | 1 Wavlink | 2 Wl-nu516u1, Wl-nu516u1 Firmware | 2026-06-17 | 6.8 MEDIUM | 6.6 MEDIUM |
| A weakness has been identified in Wavlink WL-NU516U1 20251208. Affected by this issue is the function sub_40785C of the file /cgi-bin/adm.cgi. This manipulation of the argument time_zone causes stack-based buffer overflow. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitation is known to be difficult. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-2329 | 1 Grandstream | 12 Gxp1610, Gxp1610 Firmware, Gxp1615 and 9 more | 2026-06-17 | N/A | 9.8 CRITICAL |
| An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution (RCE) with root privileges on a target device. The vulnerability affects all six device models in the series: GXP1610, GXP1615, GXP1620, GXP1625, GXP1628, and GXP1630. | |||||
| CVE-2026-2192 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2026-06-17 | 8.3 HIGH | 7.2 HIGH |
| A security vulnerability has been detected in Tenda AC9 15.03.06.42_multi. Affected by this vulnerability is the function formGetRebootTimer. Such manipulation of the argument sys.schedulereboot.start_time/sys.schedulereboot.end_time leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2026-2191 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2026-06-17 | 8.3 HIGH | 7.2 HIGH |
| A weakness has been identified in Tenda AC9 15.03.06.42_multi. Affected is the function formGetDdosDefenceList. This manipulation of the argument security.ddos.map causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2026-2187 | 1 Tenda | 2 Rx3, Rx3 Firmware | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in Tenda RX3 16.03.13.11. The affected element is the function set_qosMib_list of the file /goform/formSetQosBand. Performing a manipulation of the argument list results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made public and could be used. | |||||
| CVE-2026-2186 | 1 Tenda | 2 Rx3, Rx3 Firmware | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in Tenda RX3 16.03.13.11. Impacted is the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument list leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2026-2185 | 1 Tenda | 2 Rx3, Rx3 Firmware | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| A flaw has been found in Tenda RX3 16.03.13.11. This issue affects the function set_device_name of the file /goform/setBlackRule of the component MAC Filtering Configuration Endpoint. This manipulation of the argument devName/mac causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. | |||||
| CVE-2026-2181 | 1 Tenda | 2 Rx3, Rx3 Firmware | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| A security flaw has been discovered in Tenda RX3 16.03.13.11. Affected by this vulnerability is an unknown functionality of the file /goform/openSchedWifi. Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. | |||||