毛伯敏

19 exploits Active since Mar 2025
CVE-2025-13445 WRITEUP HIGH WRITEUP
Tenda Ac21 Firmware - Memory Corruption
A flaw has been found in Tenda AC21 16.03.08.16. This affects an unknown part of the file /goform/SetIpMacBind. Executing a manipulation of the argument list can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been published and may be used.
CVSS 8.8
CVE-2025-13446 WRITEUP HIGH WRITEUP
Tenda Ac21 Firmware - Memory Corruption
A vulnerability has been found in Tenda AC21 16.03.08.16. This vulnerability affects unknown code of the file /goform/SetSysTimeCfg. The manipulation of the argument timeZone/time leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
CVSS 8.8
CVE-2025-14225 WRITEUP MEDIUM WRITEUP
D-Link DCS-930L 1.15.04 - Command Injection
A vulnerability was determined in D-Link DCS-930L 1.15.04. This affects an unknown part of the file /setSystemAdmin of the component alphapd. Executing manipulation of the argument AdminID can lead to command injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 6.3
CVE-2025-14286 WRITEUP MEDIUM WRITEUP
Tenda AC9 15.03.05.14_multi - Info Disclosure
A vulnerability was determined in Tenda AC9 15.03.05.14_multi. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/DownloadCfg.jpg of the component Configuration File Handler. This manipulation causes information disclosure. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
CVSS 5.3
CVE-2025-14528 WRITEUP MEDIUM WRITEUP
D-Link DIR-803 <1.04 - Info Disclosure
A vulnerability was detected in D-Link DIR-803 up to 1.04. Impacted is an unknown function of the file /getcfg.php of the component Configuration Handler. The manipulation of the argument AUTHORIZED_GROUP results in information disclosure. The attack may be performed from remote. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 5.3
CVE-2025-14654 WRITEUP HIGH WRITEUP
Tenda AC20 16.03.08.12 - Buffer Overflow
A vulnerability was identified in Tenda AC20 16.03.08.12. The affected element is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component httpd. Such manipulation of the argument list leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used.
CVSS 8.8
CVE-2025-14655 WRITEUP HIGH WRITEUP
Tenda AC20 16.03.08.12 - Buffer Overflow
A security flaw has been discovered in Tenda AC20 16.03.08.12. The impacted element is the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg of the component httpd. Performing a manipulation of the argument rebootTime results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.
CVSS 8.8
CVE-2025-14656 WRITEUP HIGH WRITEUP
Tenda AC20 16.03.08.12 - Buffer Overflow
A weakness has been identified in Tenda AC20 16.03.08.12. This affects the function httpd of the file /goform/openSchedWifi. Executing a manipulation of the argument schedStartTime/schedEndTime can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.
CVSS 8.8
CVE-2025-29385 WRITEUP CRITICAL WRITEUP
Tenda Ac9 Firmware - Out-of-Bounds Write
In Tenda AC9 v1.0 V15.03.05.14_multi, the cloneType parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.
CVSS 9.8
CVE-2025-29386 WRITEUP CRITICAL WRITEUP
Tenda Ac9 Firmware - Out-of-Bounds Write
In Tenda AC9 v1.0 V15.03.05.14_multi, the mac parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.
CVSS 9.8
CVE-2025-29387 WRITEUP HIGH WRITEUP
Tenda Ac9 Firmware - Out-of-Bounds Write
In Tenda AC9 v1.0 V15.03.05.14_multi, the wanSpeed parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.
CVSS 7.1
CVE-2025-45427 WRITEUP CRITICAL WRITEUP
Tenda Ac9 Firmware - Stack Buffer Overflow
In Tenda AC9 v1.0 with firmware V15.03.05.14_multi, the security parameter of /goform/WifiBasicSet has a stack overflow vulnerability, which can lead to remote arbitrary code execution.
CVSS 9.8
CVE-2025-45428 WRITEUP CRITICAL WRITEUP
Tenda Ac9 Firmware - Stack Buffer Overflow
In Tenda ac9 v1.0 with firmware V15.03.05.14_multi, the rebootTime parameter of /goform/SetSysAutoRebbotCfg has a stack overflow vulnerability, which can lead to remote arbitrary code execution.
CVSS 9.8
CVE-2025-45429 WRITEUP CRITICAL WRITEUP
Tenda Ac9 Firmware - Stack Buffer Overflow
In the Tenda ac9 v1.0 router with firmware V15.03.05.14_multi, there is a stack overflow vulnerability in /goform/WifiWpsStart, which may lead to remote arbitrary code execution.
CVSS 9.8
CVE-2025-65220 WRITEUP MEDIUM WRITEUP
Tenda Ac21 Firmware - Stack Buffer Overflow
Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow in: /goform/SetVirtualServerCfg via the list parameter.
CVSS 4.3
CVE-2025-65221 WRITEUP MEDIUM WRITEUP
Tenda Ac21 Firmware - Stack Buffer Overflow
Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the list parameter of /goform/setPptpUserList.
CVSS 4.3
CVE-2025-65222 WRITEUP MEDIUM WRITEUP
Tenda Ac21 Firmware - Stack Buffer Overflow
Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the rebootTime parameter of /goform/SetSysAutoRebbotCfg.
CVSS 4.3
CVE-2025-65223 WRITEUP MEDIUM WRITEUP
Tenda Ac21 Firmware - Stack Buffer Overflow
Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the urls parameter of /goform/saveParentControlInfo.
CVSS 4.3
CVE-2025-65226 WRITEUP MEDIUM WRITEUP
Tenda Ac21 Firmware - Buffer Overflow
Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the deviceId parameter in /goform/saveParentControlInfo.
CVSS 4.3