罗熙 (Luoxi)

11 exploits Active since Aug 2025
CVE-2025-10123 WRITEUP HIGH WRITEUP
Dlink Dir-823x Firmware < 250416 - Command Injection
A vulnerability was determined in D-Link DIR-823X up to 250416. Affected by this vulnerability is the function sub_415028 of the file /goform/set_static_leases. Executing manipulation of the argument Hostname can lead to command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
CVSS 7.3
CVE-2025-10169 WRITEUP HIGH WRITEUP
UTT 1200gw Firmware < 3.0.0-170831 - Memory Corruption
A weakness has been identified in UTT 1200GW up to 3.0.0-170831. Affected by this issue is some unknown functionality of the file /goform/ConfigWirelessBase. This manipulation of the argument ssid causes buffer overflow. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
CVE-2025-10170 WRITEUP HIGH WRITEUP
UTT 1200gw Firmware < 3.0.0-170831 - Memory Corruption
A security vulnerability has been detected in UTT 1200GW up to 3.0.0-170831. This affects the function sub_4B48F8 of the file /goform/formApLbConfig. Such manipulation of the argument loadBalanceNameOld leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
CVE-2025-10803 WRITEUP HIGH WRITEUP
Tenda Ac23 Firmware < 16.03.07.52 - Memory Corruption
A vulnerability has been found in Tenda AC23 up to 16.03.07.52. Affected by this vulnerability is the function sscanf of the file /goform/SetPptpServerCfg of the component HTTP POST Request Handler. Such manipulation of the argument startIp leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 8.8
CVE-2025-10838 WRITEUP HIGH WRITEUP
Tenda Ac21 Firmware < 16.03.08.16 - Memory Corruption
A vulnerability was identified in Tenda AC21 16.03.08.16. The affected element is the function sub_45BB10 of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
CVSS 8.8
CVE-2025-10942 WRITEUP HIGH WRITEUP
H3C Magic B3 <100R002 - Buffer Overflow
A vulnerability was identified in H3C Magic B3 up to 100R002. This affects the function AddMacList/EditMacList of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
CVE-2025-8939 WRITEUP HIGH WRITEUP
Tenda Ac20 Firmware < 16.03.08.12 - Memory Corruption
A vulnerability was determined in Tenda AC20 up to 16.03.08.12. Affected is an unknown function of the file /goform/WifiGuestSet. The manipulation of the argument shareSpeed leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 8.8
CVE-2025-8940 WRITEUP HIGH WRITEUP
Tenda Ac20 Firmware < 16.03.08.12 - Memory Corruption
A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Affected by this vulnerability is the function strcpy of the file /goform/saveParentControlInfo. The manipulation of the argument Time leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 8.8
CVE-2025-9579 WRITEUP MEDIUM WRITEUP
LB-LINK BL-X26 1.2.8 - Code Injection
A weakness has been identified in LB-LINK BL-X26 1.2.8. The impacted element is an unknown function of the file /goform/set_hidessid_cfg of the component HTTP Handler. This manipulation of the argument enable causes os command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 6.3
CVE-2025-9580 WRITEUP MEDIUM WRITEUP
LB-LINK BL-X26 1.2.8 - Command Injection
A security vulnerability has been detected in LB-LINK BL-X26 1.2.8. This affects an unknown function of the file /goform/set_blacklist of the component HTTP Handler. Such manipulation of the argument mac leads to os command injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 6.3
CVE-2025-9603 WRITEUP MEDIUM WRITEUP
Telesquare TLR-2005KSH 1.2.4 - Command Injection
A vulnerability was determined in Telesquare TLR-2005KSH 1.2.4. The affected element is an unknown function of the file /cgi-bin/internet.cgi?Command=lanCfg. Executing manipulation of the argument Hostname can lead to command injection. The attack may be performed from a remote location. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 6.3