罗熙 (Luoxi) - Security Researcher - Exploit Intelligence Platform

CVE-2025-10123 WRITEUP HIGH WRITEUP

D-Link DIR-823X < 250416 - Unauthenticated Command Injection via Hostname Parameter

A vulnerability was determined in D-Link DIR-823X up to 250416. Affected by this vulnerability is the function sub_415028 of the file /goform/set_static_leases. Executing manipulation of the argument Hostname can lead to command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.

CVSS 7.3

View Code

CVE-2025-10838 WRITEUP HIGH WRITEUP

Tenda AC21 Firmware < 16.03.08.16 - Buffer Overflow via WifiExtraSet wpapsk_crypto Argument

A vulnerability was identified in Tenda AC21 16.03.08.16. The affected element is the function sub_45BB10 of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

CVSS 8.8

View Code

CVE-2025-8939 WRITEUP HIGH WRITEUP

Tenda AC20 Firmware < 16.03.08.12 - Buffer Overflow via WifiGuestSet shareSpeed Parameter

A vulnerability was determined in Tenda AC20 up to 16.03.08.12. Affected is an unknown function of the file /goform/WifiGuestSet. The manipulation of the argument shareSpeed leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS 8.8

View Code

CVE-2025-8940 WRITEUP HIGH WRITEUP

Tenda AC20 Firmware < 16.03.08.12 - Buffer Overflow via Time Parameter in saveParentControlInfo

A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Affected by this vulnerability is the function strcpy of the file /goform/saveParentControlInfo. The manipulation of the argument Time leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS 8.8

View Code

CVE-2025-9303 WRITEUP HIGH WRITEUP

TOTOLINK A720R 4.1.5cu.630_B20250509 - Buffer Overflow

A security flaw has been discovered in TOTOLINK A720R 4.1.5cu.630_B20250509. This issue affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument desc results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited.

CVSS 8.8

View Code

CVE-2025-9579 WRITEUP MEDIUM WRITEUP

LB-LINK BL-X26 1.2.8 - Code Injection

A weakness has been identified in LB-LINK BL-X26 1.2.8. The impacted element is an unknown function of the file /goform/set_hidessid_cfg of the component HTTP Handler. This manipulation of the argument enable causes os command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 6.3

View Code

CVE-2025-9580 WRITEUP MEDIUM WRITEUP

LB-LINK BL-X26 1.2.8 - Command Injection

A security vulnerability has been detected in LB-LINK BL-X26 1.2.8. This affects an unknown function of the file /goform/set_blacklist of the component HTTP Handler. Such manipulation of the argument mac leads to os command injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 6.3

View Code

CVE-2025-9603 WRITEUP MEDIUM WRITEUP

Telesquare TLR-2005KSH 1.2.4 - Command Injection

A vulnerability was determined in Telesquare TLR-2005KSH 1.2.4. The affected element is an unknown function of the file /cgi-bin/internet.cgi?Command=lanCfg. Executing manipulation of the argument Hostname can lead to command injection. The attack may be performed from a remote location. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 6.3

View Code

CVE-2025-10123 WRITEUP HIGH WRITEUP

D-Link DIR-823X < 250416 - Unauthenticated Command Injection via Hostname Parameter

A vulnerability was determined in D-Link DIR-823X up to 250416. Affected by this vulnerability is the function sub_415028 of the file /goform/set_static_leases. Executing manipulation of the argument Hostname can lead to command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.

CVSS 7.3

View Code

CVE-2025-10169 WRITEUP HIGH WRITEUP

UTT 1200GW Firmware < 3.0.0-170831 - Buffer Overflow via ConfigWirelessBase SSID Parameter

A weakness has been identified in UTT 1200GW up to 3.0.0-170831. Affected by this issue is some unknown functionality of the file /goform/ConfigWirelessBase. This manipulation of the argument ssid causes buffer overflow. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 8.8

View Code

CVE-2025-10170 WRITEUP HIGH WRITEUP

UTT 1200GW Firmware < 3.0.0-170831 - Buffer Overflow via loadBalanceNameOld Argument

A security vulnerability has been detected in UTT 1200GW up to 3.0.0-170831. This affects the function sub_4B48F8 of the file /goform/formApLbConfig. Such manipulation of the argument loadBalanceNameOld leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 8.8

View Code

CVE-2025-10803 WRITEUP HIGH WRITEUP

Tenda AC23 Firmware < 16.03.07.52 - Buffer Overflow via SetPptpServerCfg startIp Parameter

A vulnerability has been found in Tenda AC23 up to 16.03.07.52. Affected by this vulnerability is the function sscanf of the file /goform/SetPptpServerCfg of the component HTTP POST Request Handler. Such manipulation of the argument startIp leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS 8.8

View Code

CVE-2025-10838 WRITEUP HIGH WRITEUP

Tenda AC21 Firmware < 16.03.08.16 - Buffer Overflow via WifiExtraSet wpapsk_crypto Argument

A vulnerability was identified in Tenda AC21 16.03.08.16. The affected element is the function sub_45BB10 of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

CVSS 8.8

View Code

CVE-2025-10942 WRITEUP HIGH WRITEUP

H3C Magic B3 <100R002 - Buffer Overflow

A vulnerability was identified in H3C Magic B3 up to 100R002. This affects the function AddMacList/EditMacList of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 8.8

View Code

CVE-2025-8939 WRITEUP HIGH WRITEUP

Tenda AC20 Firmware < 16.03.08.12 - Buffer Overflow via WifiGuestSet shareSpeed Parameter

A vulnerability was determined in Tenda AC20 up to 16.03.08.12. Affected is an unknown function of the file /goform/WifiGuestSet. The manipulation of the argument shareSpeed leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS 8.8

View Code

CVE-2025-8940 WRITEUP HIGH WRITEUP

Tenda AC20 Firmware < 16.03.08.12 - Buffer Overflow via Time Parameter in saveParentControlInfo

A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Affected by this vulnerability is the function strcpy of the file /goform/saveParentControlInfo. The manipulation of the argument Time leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS 8.8

View Code

CVE-2025-9579 WRITEUP MEDIUM WRITEUP

LB-LINK BL-X26 1.2.8 - Code Injection

A weakness has been identified in LB-LINK BL-X26 1.2.8. The impacted element is an unknown function of the file /goform/set_hidessid_cfg of the component HTTP Handler. This manipulation of the argument enable causes os command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 6.3

View Code

CVE-2025-9580 WRITEUP MEDIUM WRITEUP

LB-LINK BL-X26 1.2.8 - Command Injection

A security vulnerability has been detected in LB-LINK BL-X26 1.2.8. This affects an unknown function of the file /goform/set_blacklist of the component HTTP Handler. Such manipulation of the argument mac leads to os command injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 6.3

View Code

CVE-2025-9603 WRITEUP MEDIUM WRITEUP

Telesquare TLR-2005KSH 1.2.4 - Command Injection

A vulnerability was determined in Telesquare TLR-2005KSH 1.2.4. The affected element is an unknown function of the file /cgi-bin/internet.cgi?Command=lanCfg. Executing manipulation of the argument Hostname can lead to command injection. The attack may be performed from a remote location. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 6.3

View Code