faqiadegege/IoTVuln

Releases0

Stars5

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-52221 ↗	Apr 8, 2026Wednesday, 8 April 2026, 18:24	9.8 CRITICAL	—
Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetCfm function via the funcname, funcpara1, and funcpara2 parameters.
CVE-2025-57528 ↗	Sep 19, 2025Friday, 19 September 2025, 15:15	7.7 HIGH	—
An issue was discovered in Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01 allowing attackers to cause a denial of service via the funcname, funcpara1, funcpara2 parameters to the formSetCfm function (uri path: SetCfm).
CVE-2025-50263 ↗	Jul 3, 2025Thursday, 3 July 2025, 14:15	8.1 HIGH	—
Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the fromSetRouteStatic function via the list parameter.
CVE-2025-50262 ↗	Jul 3, 2025Thursday, 3 July 2025, 14:15	7.5 HIGH	—
Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetQosBand function via the list parameter.
CVE-2025-50260 ↗	Jul 3, 2025Thursday, 3 July 2025, 14:15	7.5 HIGH	—
Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetFirewallCfg function via the firewallEn parameter.
CVE-2025-50258 ↗	Jul 3, 2025Thursday, 3 July 2025, 14:15	8.1 HIGH	—
Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the SetSysTimeCfg function via the time parameter.
CVE-2025-50641 ↗	Jul 1, 2025Tuesday, 1 July 2025, 16:15	6.5 MEDIUM	—
Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the addWifiMacFilter function via the parameter deviceId.
CVE-2025-44899 ↗	May 6, 2025Tuesday, 6 May 2025, 21:16	9.8 CRITICAL	—
There is a stack overflow vulnerability in Tenda RX3 V1.0br_V16.03.13.11 In the fromSetWifiGusetBasic function of the web url /goform/ WifiGuestSet, the manipulation of the parameter shareSpeed leads to stack overflow.
CVE-2025-44900 ↗	May 6, 2025Tuesday, 6 May 2025, 18:15	6.5 MEDIUM	—
In Tenda RX3 V1.0br_V16.03.13.11 in the GetParentControlInfo function of the web url /goform/GetParentControlInfo, the manipulation of the parameter mac leads to stack overflow.
CVE-2024-52755 ↗	Nov 21, 2024Thursday, 21 November 2024, 09:46	4.9 MEDIUM	—
D-LINK DI-8003 v16.07.26A1 was discovered to contain a buffer overflow via the host_ip parameter in the ipsec_road_asp function.
CVE-2024-51151 ↗	Nov 21, 2024Thursday, 21 November 2024, 09:45	9.8 CRITICAL	—
D-Link DI-8200 16.07.26A1 is vulnerable to remote command execution in the msp_info_htm function via the flag parameter and cmd parameter.
CVE-2024-52757 ↗	Nov 20, 2024Wednesday, 20 November 2024, 20:15	4.9 MEDIUM	—
D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the notify parameter in the arp_sys_asp function.
CVE-2024-52754 ↗	Nov 20, 2024Wednesday, 20 November 2024, 20:15	4.9 MEDIUM	—
D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the fn parameter in the tgfile_htm function.
CVE-2024-52739 ↗	Nov 20, 2024Wednesday, 20 November 2024, 18:15	8 HIGH	—
D-LINK DI-8400 v16.07.26A1 was discovered to contain multiple remote command execution (RCE) vulnerabilities in the msp_info_htm function via the flag and cmd parameters.
CVE-2024-52759 ↗	Nov 19, 2024Tuesday, 19 November 2024, 19:15	9.8 CRITICAL	—
D-LINK DI-8003 v16.07.26A1 was discovered to contain a buffer overflow via the ip parameter in the ip_position_asp function.