CVE & Exploit Intelligence Database

CVE-2026-3815 8.8 HIGH 1 Writeup EPSS 0.00

A weakness has been identified in UTT HiPER 810G up to 1.7.7-1711. This affects the function strcpy of the file /goform/formApMail. Executing a manipulation can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.

CWE-119 Mar 09, 2026

CVE-2026-3814 8.8 HIGH 1 Writeup EPSS 0.00

A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-1711. Affected by this issue is the function strcpy of the file /goform/getOneApConfTempEntry. Performing a manipulation results in buffer overflow. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.

CWE-119 Mar 09, 2026

CVE-2026-3701 8.8 HIGH 1 Writeup EPSS 0.00

A security vulnerability has been detected in H3C Magic B1 up to 100R004. Affected by this vulnerability is the function Edit_BasicSSID_5G of the file /goform/aspForm. Such manipulation of the argument param leads to buffer overflow. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE-119 Mar 08, 2026

CVE-2026-3700 8.8 HIGH 1 Writeup EPSS 0.00

A weakness has been identified in UTT HiPER 810G up to 1.7.7-171114. Affected is the function strcpy of the file /goform/formConfigDnsFilterGlobal. This manipulation causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.

CWE-119 Mar 08, 2026

CVE-2026-3699 8.8 HIGH 1 Writeup EPSS 0.00

A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-171114. This impacts the function strcpy of the file /goform/formRemoteControl. The manipulation results in buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.

CWE-119 Mar 08, 2026

CVE-2026-3698 8.8 HIGH 1 Writeup EPSS 0.00

A vulnerability was identified in UTT HiPER 810G up to 1.7.7-171114. This affects the function strcpy of the file /goform/NTP. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used.

CWE-119 Mar 08, 2026

CVE-2025-46108 9.8 CRITICAL 1 Writeup EPSS 0.00

D-link Dir-513 A1FW110 is vulnerable to Buffer Overflow in the function formTcpipSetup.

CWE-120 Mar 04, 2026

CVE-2026-20100 7.7 HIGH EPSS 0.00

A vulnerability in the LUA interperter of the Remote Access SSL VPN feature of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker with a valid VPN connection to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This does not affect the management or MUS interfaces. This vulnerability is due to trusting user input without validation in the LUA interprerter. An attacker could exploit this vulnerability by sending crafted HTTP packets to the Remote Access SSL VPN server. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

CWE-120 Mar 04, 2026

CVE-2026-24103 9.8 CRITICAL 1 Writeup EPSS 0.00

A buffer overflow vulnerability was discovered in goform/formSetMacFilterCfg in Tenda AC15V1.0 V15.03.05.18_multi.

CWE-120 Mar 03, 2026

CVE-2025-12345 8.8 HIGH EPSS 0.00

A security vulnerability has been detected in LLM-Claw 0.1.0/0.1.1/0.1.1a/0.1.1a-p1. The affected element is the function agent_deploy_init of the file /agents/deploy/initiate.c of the component Agent Deployment. Such manipulation leads to buffer overflow. It is possible to launch the attack remotely. A patch should be applied to remediate this issue.

CWE-119 Mar 03, 2026

CVE-2026-24112 9.8 CRITICAL 1 Writeup EPSS 0.00

An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value of `userInfo`. When `userInfo` is passed into the `addWewifiWhiteUser` function and processed by `sscanf` without size validation, it could lead to a buffer overflow vulnerability.

CWE-120 Mar 02, 2026

CVE-2026-24110 9.8 CRITICAL 1 Writeup EPSS 0.00

An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may send overly long `addDhcpRules` data. When these rules enter the `addDhcpRule` function and are processed by `ret = sscanf(pRule, " %d\t%[^\t]\t%[^\n\r\t]", &dhcpsIndex, dhcpsIP, dhcpsMac);`, the lack of size validation for the rules could lead to buffer overflows in `dhcpsIndex`, `dhcpsIP`, and `dhcpsMac`.

CWE-120 Mar 02, 2026

CVE-2026-24115 9.8 CRITICAL 1 Writeup EPSS 0.00

An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the sizes of `gstup` and `gstdwn` before concatenating them into `gstruleQos` may lead to buffer overflow.

CWE-120 Mar 02, 2026

CVE-2026-24114 9.8 CRITICAL 1 Writeup EPSS 0.00

An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate `pPortMapIndex` may lead to buffer overflows when using `strcpy`.

CWE-120 Mar 02, 2026

CVE-2026-24113 9.8 CRITICAL 1 Writeup EPSS 0.00

An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `nptr`. When this value is passed into the `getMibPrefix` function and concatenated using `sprintf` without proper size validation, it could lead to a buffer overflow vulnerability.

CWE-120 Mar 02, 2026

CVE-2026-24111 9.8 CRITICAL 1 Writeup EPSS 0.00

An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value of `userInfo`. When `userInfo` is passed into the `addAuthUser` function and processed by `sscanf` without size validation, it could lead to buffer overflow.

CWE-120 Mar 02, 2026

CVE-2026-24109 9.8 CRITICAL 1 Writeup EPSS 0.00

An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `picName`. When this value is used in `sprintf` without validating variable sizes, it could lead to a buffer overflow vulnerability.

CWE-120 Mar 02, 2026

CVE-2026-24108 9.8 CRITICAL 1 Writeup EPSS 0.00

An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `nptr`. When this value is passed into the `getMibPrefix` function and concatenated using `sprintf` without proper size validation, it could lead to a buffer overflow vulnerability.

CWE-120 Mar 02, 2026

CVE-2026-20436 6.7 MEDIUM EPSS 0.00

In wlan STA driver, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00473802; Issue ID: MSV-5970.

CWE-120 Mar 02, 2026

CVE-2026-3399 8.8 HIGH 1 Writeup EPSS 0.00

A vulnerability was identified in Tenda F453 1.0.0.3. Affected by this vulnerability is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. The manipulation of the argument dips leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used.

CWE-119 Mar 01, 2026