maximdevere/CVE2

Releases0

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-14535 ↗	Dec 11, 2025Thursday, 11 December 2025, 20:15	9.8 CRITICAL	10 HIGH
A vulnerability was identified in UTT 进取 512W up to 3.1.7.7-171114. Affected is the function strcpy of the file /goform/formConfigFastDirectionW. The manipulation of the argument ssid leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-14534 ↗	Dec 11, 2025Thursday, 11 December 2025, 19:15	9.8 CRITICAL	10 HIGH
A vulnerability was determined in UTT 进取 512W up to 3.1.7.7-171114. This impacts the function strcpy of the file /goform/formNatStaticMap of the component Endpoint. Executing manipulation of the argument NatBind can lead to buffer overflow. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-14526 ↗	Dec 11, 2025Thursday, 11 December 2025, 17:15	8.8 HIGH	9 HIGH
A security flaw has been discovered in Tenda CH22 1.0.0.1. This affects the function frmL7ImForm of the file /goform/L7Im. Performing a manipulation of the argument page results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.
CVE-2025-11305 ↗	Oct 5, 2025Sunday, 5 October 2025, 22:15	8.8 HIGH	9 HIGH
A vulnerability has been found in UTT HiPER 840G up to 3.1.1-190328. Affected by this issue is the function strcpy of the file /goform/formTaskEdit. The manipulation of the argument txtMin2 leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-11092 ↗	Sep 28, 2025Sunday, 28 September 2025, 03:15	6.3 MEDIUM	6.5 MEDIUM
A weakness has been identified in D-Link DIR-823X 250416. Affected by this issue is the function sub_412E7C of the file /goform/set_switch_settings. This manipulation of the argument port causes command injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.
CVE-2025-11091 ↗	Sep 28, 2025Sunday, 28 September 2025, 02:15	8.8 HIGH	9 HIGH
A security flaw has been discovered in Tenda AC21 up to 16.03.08.16. Affected by this vulnerability is the function sscanf of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be exploited.
CVE-2025-10774 ↗	Sep 22, 2025Monday, 22 September 2025, 01:15	4.7 MEDIUM	5.8 MEDIUM
A weakness has been identified in Ruijie 6000-E10 up to 2.4.3.6-20171117. This affects an unknown part of the file /view/vpn/autovpn/sub_commit.php. This manipulation of the argument key causes os command injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-10773 ↗	Sep 22, 2025Monday, 22 September 2025, 01:15	8.8 HIGH	9 HIGH
A security flaw has been discovered in B-Link BL-AC2100 up to 1.0.3. Affected by this issue is the function delshrpath of the file /goform/set_delshrpath_cfg of the component Web Management Interface. The manipulation of the argument Type results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.