BeaCox

15 exploits Active since Aug 2024
CVE-2024-7357 WRITEUP MEDIUM WRITEUP
D-Link DIR-600 Firmware < 2.18 - OS Command Injection via soapcgi_main Service Parameter
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-600 up to 2.18. It has been rated as critical. This issue affects the function soapcgi_main of the file /soap.cgi. The manipulation of the argument service leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273329 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
CVSS 6.3
CVE-2024-7581 WRITEUP HIGH WRITEUP
Tenda A301 15.13.08.12 - Stack-based Buffer Overflow via WifiBasicSet Security Parameter
A vulnerability classified as critical has been found in Tenda A301 15.13.08.12. This affects the function formWifiBasicSet of the file /goform/WifiBasicSet. The manipulation of the argument security leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
CVE-2024-7582 WRITEUP HIGH WRITEUP
Tenda i22 1.0.0.3(4687) - Buffer Overflow in apPortalAccessCodeAuth Function
A vulnerability classified as critical was found in Tenda i22 1.0.0.3(4687). This vulnerability affects the function formApPortalAccessCodeAuth of the file /goform/apPortalAccessCodeAuth. The manipulation of the argument accessCode/data/acceInfo leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
CVE-2024-7583 WRITEUP HIGH WRITEUP
Tenda i22 1.0.0.3(4687) - Buffer Overflow in apPortalOneKeyAuth
A vulnerability, which was classified as critical, has been found in Tenda i22 1.0.0.3(4687). This issue affects the function formApPortalOneKeyAuth of the file /goform/apPortalOneKeyAuth. The manipulation of the argument data leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
CVE-2024-7584 WRITEUP HIGH WRITEUP
Tenda i22 1.0.0.3(4687) - Buffer Overflow in apPortalPhoneAuth
A vulnerability, which was classified as critical, was found in Tenda i22 1.0.0.3(4687). Affected is the function formApPortalPhoneAuth of the file /goform/apPortalPhoneAuth. The manipulation of the argument data leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
CVE-2024-7585 WRITEUP HIGH WRITEUP
Tenda i22 1.0.0.3(4687) - Buffer Overflow in formApPortalWebAuth via webUserName/webUserPassword
A vulnerability has been found in Tenda i22 1.0.0.3(4687) and classified as critical. Affected by this vulnerability is the function formApPortalWebAuth of the file /goform/apPortalAuth. The manipulation of the argument webUserName/webUserPassword leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
CVE-2024-7613 WRITEUP HIGH WRITEUP
Tenda FH1206 1.2.0.8(8155) - Buffer Overflow via GstDhcpSetSer dips Argument
A vulnerability was found in Tenda FH1206 1.2.0.8(8155) and classified as critical. This issue affects the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer. The manipulation of the argument dips leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
CVE-2024-7614 WRITEUP HIGH WRITEUP
Tenda FH1206 1.2.0.8(8155) - Stack-based Buffer Overflow via qossetting Page Parameter
A vulnerability was found in Tenda FH1206 1.2.0.8(8155). It has been classified as critical. Affected is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
CVE-2024-7615 WRITEUP HIGH WORKING POC
Tenda FH1206 1.2.0.8 - Stack-based Buffer Overflow in fromSafeClientFilter/fromSafeMacFilter/fromSafeUrlFilter
A vulnerability was found in Tenda FH1206 1.2.0.8. It has been declared as critical. Affected by this vulnerability is the function fromSafeClientFilter/fromSafeMacFilter/fromSafeUrlFilter. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
CVE-2024-7907 WRITEUP MEDIUM WORKING POC
TOTOLINK X6000R 9.4.0cu.852_20230719 - OS Command Injection via rtLogServer Parameter
A vulnerability, which was classified as critical, has been found in TOTOLINK X6000R 9.4.0cu.852_20230719. This issue affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument rtLogServer leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 6.3
CVE-2024-7908 WRITEUP HIGH WRITEUP
TOTOLINK EX1200L 9.3.5u.6146_B20201023 - Stack-based Buffer Overflow via IpAddress Parameter
A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. Affected is the function setDefResponse of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument IpAddress leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
CVE-2024-7909 WRITEUP HIGH WRITEUP
TOTOLINK EX1200L 9.3.5u.6146_B20201023 - Stack-based Buffer Overflow in setLanguageCfg Function
A vulnerability has been found in TOTOLINK EX1200L 9.3.5u.6146_B20201023 and classified as critical. Affected by this vulnerability is the function setLanguageCfg of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
CVE-2025-4841 WRITEUP HIGH WRITEUP
D-Link DCS-932L 2.18.01 - Stack-Based Buffer Overflow in /bin/gpio
A vulnerability was found in D-Link DCS-932L 2.18.01 and classified as critical. Affected by this issue is the function sub_404780 of the file /bin/gpio. The manipulation of the argument CameraName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 8.8
CVE-2025-4842 WRITEUP HIGH WRITEUP
D-Link DCS-932L 2.18.01 - Stack-Based Buffer Overflow in isUCPCameraNameChanged
A vulnerability was found in D-Link DCS-932L 2.18.01. It has been declared as critical. This vulnerability affects the function isUCPCameraNameChanged of the file /sbin/ucp. The manipulation of the argument CameraName leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 8.8
CVE-2025-4843 WRITEUP HIGH WRITEUP
D-Link DCS-932L 2.18.01 - Stack-Based Buffer Overflow in udev SubUPnPCSInit
A vulnerability was found in D-Link DCS-932L 2.18.01. It has been classified as critical. This affects the function SubUPnPCSInit of the file /sbin/udev. The manipulation of the argument CameraName leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 8.8