Vulnerabilities (CVE)

Filtered by CWE-121
Total 2851 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-63835 1 Tenda 2 Ac18, Ac18 Firmware 2026-06-17 N/A 8.8 HIGH
A stack-based buffer overflow vulnerability was discovered in Tenda AC18 v15.03.05.05_multi. The vulnerability exists in the guestSsid parameter of the /goform/WifiGuestSet interface. Remote attackers can exploit this vulnerability by sending oversized data to the guestSsid parameter, leading to denial of service (device crash) or potential remote code execution.
CVE-2025-63658 1 Monkey-project 1 Monkey 2026-06-17 N/A 7.5 HIGH
A stack overflow in the mk_http_index_lookup function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.
CVE-2025-63469 1 Totolink 2 Lr350, Lr350 Firmware 2026-06-17 N/A 7.5 HIGH
Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_421BAC function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-63468 1 Totolink 2 Lr350, Lr350 Firmware 2026-06-17 N/A 7.5 HIGH
Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the http_host parameter in the sub_426EF8 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-63467 1 Totolink 2 Lr350, Lr350 Firmware 2026-06-17 N/A 7.5 HIGH
Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_425400 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-63466 1 Totolink 2 Lr350, Lr350 Firmware 2026-06-17 N/A 7.5 HIGH
Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the sub_426EF8 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-63465 1 Totolink 2 Lr350, Lr350 Firmware 2026-06-17 N/A 7.5 HIGH
Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_422880 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-63464 1 Totolink 2 Lr350, Lr350 Firmware 2026-06-17 N/A 7.5 HIGH
Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_42396C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-63463 1 Totolink 2 Lr350, Lr350 Firmware 2026-06-17 N/A 7.5 HIGH
Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the wifiOff parameter in the sub_4232EC function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-63462 1 Totolink 2 A7000r, A7000r Firmware 2026-06-17 N/A 7.5 HIGH
Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the wifiOff parameter in the sub_421A04 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-63461 1 Totolink 2 A7000r, A7000r Firmware 2026-06-17 N/A 7.5 HIGH
Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g parameter in the urldecode function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-63460 1 Totolink 2 A7000r, A7000r Firmware 2026-06-17 N/A 7.5 HIGH
Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g parameter in the sub_4222E0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-63459 1 Totolink 2 A7000r, A7000r Firmware 2026-06-17 N/A 7.5 HIGH
Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g parameter in the sub_421CF0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-63458 1 Tenda 2 Ax1803, Ax1803 Firmware 2026-06-17 N/A 7.5 HIGH
Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the timeZone parameter in the form_fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-63457 1 Tenda 2 Ax1803, Ax1803 Firmware 2026-06-17 N/A 7.5 HIGH
Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the wanMTU parameter in the sub_4F55C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-63456 1 Tenda 2 Ax1803, Ax1803 Firmware 2026-06-17 N/A 7.5 HIGH
Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the time parameter in the SetSysTimeCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-63455 1 Tenda 2 Ax3, Ax3 Firmware 2026-06-17 N/A 7.5 HIGH
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-63454 1 Tenda 2 Ax3, Ax3 Firmware 2026-06-17 N/A 7.5 HIGH
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow via the deviceId parameter in the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-63154 1 Totolink 2 A7000r, A7000r Firmware 2026-06-17 N/A 7.5 HIGH
TOTOLink A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow in the addEffect parameter of the urldecode function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2025-63153 1 Totolink 2 A7000r, A7000r Firmware 2026-06-17 N/A 7.5 HIGH
TOTOLink A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow in the ssid parameter of the urldecode function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.