Jiaqian Peng

295 exploits Active since Jun 2025
CVE-2025-5440 WRITEUP MEDIUM WRITEUP
Linksys RE6500, RE6250, RE6300, RE6350, RE7000, RE9000 - OS Command Injection via NTP Function
A vulnerability classified as critical has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function NTP of the file /goform/NTP. The manipulation of the argument manual_year_select/manual_month_select/manual_day_select/manual_hour_select/manual_min_select/manual_sec_select leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 6.3
CVE-2025-5441 WRITEUP MEDIUM WRITEUP
Linksys RE6500, RE6250, RE6300, RE6350, RE7000, RE9000 - OS Command Injection via DeviceURL Parameter
A vulnerability classified as critical was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function setDeviceURL of the file /goform/setDeviceURL. The manipulation of the argument DeviceURL leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 6.3
CVE-2025-5442 WRITEUP MEDIUM WRITEUP
Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 - OS Command Injection via RP_pingGatewayByBBS
A vulnerability, which was classified as critical, has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function RP_pingGatewayByBBS of the file /goform/RP_pingGatewayByBBS. The manipulation of the argument ip/nm/gw leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 6.3
CVE-2025-5443 WRITEUP MEDIUM WRITEUP
Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 - OS Command Injection via ExtChSelector Parameter
A vulnerability, which was classified as critical, was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected is the function wirelessAdvancedHidden of the file /goform/wirelessAdvancedHidden. The manipulation of the argument ExtChSelector/24GSelector/5GSelector leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 6.3
CVE-2025-5444 WRITEUP MEDIUM WRITEUP
Linksys RE6500-RE9000 <1.2.07.001 - Command Injection
A vulnerability has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. Affected by this vulnerability is the function RP_UpgradeFWByBBS of the file /goform/RP_UpgradeFWByBBS. The manipulation of the argument type/ch/ssidhex/security/extch/pwd/mode/ip/nm/gw leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 6.3
CVE-2025-5445 WRITEUP MEDIUM WRITEUP
Linksys RE6500-RE9000 - Command Injection
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. Affected by this issue is the function RP_checkFWByBBS of the file /goform/RP_checkFWByBBS. The manipulation of the argument type/ch/ssidhex/security/extch/pwd/mode/ip/nm/gw leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 6.3
CVE-2025-5446 WRITEUP MEDIUM WRITEUP
Linksys RE6500-RE9000 - Command Injection
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been classified as critical. This affects the function RP_checkCredentialsByBBS of the file /goform/RP_checkCredentialsByBBS. The manipulation of the argument pwd leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 6.3
CVE-2025-5447 WRITEUP MEDIUM WORKING POC
Linksys RE6500-RE9000 - Code Injection
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been declared as critical. This vulnerability affects the function ssid1MACFilter of the file /goform/ssid1MACFilter. The manipulation of the argument apselect_%d/newap_text_%d leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 6.3
CVE-2025-55599 WRITEUP HIGH WRITEUP
D-Link DIR-619L 2.06B01 - Buffer Overflow
D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formWlanSetup function via the parameter f_wds_wepKey.
CVSS 7.5
CVE-2025-55602 WRITEUP HIGH WRITEUP
D-Link DIR-619L 2.06B01 - Buffer Overflow
D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formSysCmd function via the submit-url parameter.
CVSS 7.5
CVE-2025-55603 WRITEUP HIGH WRITEUP
Tenda AX3 V16.03.12.10_CN - Buffer Overflow
Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromSetSysTime function via the ntpServer parameter.
CVSS 7.5
CVE-2025-55605 WRITEUP HIGH WRITEUP
Tenda AX3 V16.03.12.10_CN - Buffer Overflow
Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the saveParentControlInfo function via the deviceName parameter.
CVSS 7.5
CVE-2025-55606 WRITEUP HIGH WRITEUP
Tenda AX3 V16.03.12.10_CN - Buffer Overflow
Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromAdvSetMacMtuWan function via the serverName parameter.
CVSS 7.5
CVE-2025-55611 WRITEUP HIGH WRITEUP
D-Link DIR-619L <2.06B01 - Buffer Overflow
D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formLanguageChange function via the nextPage parameter.
CVSS 7.5
CVE-2025-55613 WRITEUP CRITICAL WRITEUP
Tenda O3V2 <1.0.0.12 - Buffer Overflow
Tenda O3V2 1.0.0.12(3880) is vulnerable to Buffer Overflow in the fromSafeSetMacFilter function via the mac parameter.
CVSS 9.8
CVE-2025-5571 WRITEUP MEDIUM WRITEUP
D-Link DCS-932L 2.18.01 - Code Injection
A vulnerability was found in D-Link DCS-932L 2.18.01. It has been classified as critical. Affected is the function setSystemAdmin of the file /setSystemAdmin. The manipulation of the argument AdminID leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 6.3
CVE-2025-5572 WRITEUP HIGH WRITEUP
D-Link DCS-932L 2.18.01 - Buffer Overflow
A vulnerability was found in D-Link DCS-932L 2.18.01. It has been declared as critical. Affected by this vulnerability is the function setSystemEmail of the file /setSystemEmail. The manipulation of the argument EmailSMTPPortNumber leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 8.8
CVE-2025-5573 WRITEUP MEDIUM WRITEUP
D-Link DCS-932L 2.18.01 - Code Injection
A vulnerability was found in D-Link DCS-932L 2.18.01. It has been rated as critical. Affected by this issue is the function setSystemWizard/setSystemControl of the file /setSystemWizard. The manipulation of the argument AdminID leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 6.3
CVE-2025-5620 WRITEUP HIGH WRITEUP
D-Link DIR-816 1.10CNB05 - OS Command Injection via setipsec_config localIP/remoteIP Parameters
A vulnerability, which was classified as critical, was found in D-Link DIR-816 1.10CNB05. Affected is the function setipsec_config of the file /goform/setipsec_config. The manipulation of the argument localIP/remoteIP leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 7.3
CVE-2025-5621 WRITEUP HIGH WRITEUP
D-Link DIR-816 1.10CNB05 - OS Command Injection via qosClassifier dip_address/sip_address Parameter
A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this vulnerability is the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument dip_address/sip_address leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 7.3
CVE-2025-5622 WRITEUP CRITICAL WRITEUP
D-Link DIR-816 1.10CNB05 - Stack-Based Buffer Overflow via wirelessApcli_5g Function
A vulnerability was found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this issue is the function wirelessApcli_5g of the file /goform/wirelessApcli_5g. The manipulation of the argument apcli_mode_5g/apcli_enc_5g/apcli_default_key_5g leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 9.8
CVE-2025-5623 WRITEUP CRITICAL WRITEUP
D-Link DIR-816 1.10CNB05 - Stack-Based Buffer Overflow in qosClassifier
A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been classified as critical. This affects the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument dip_address/sip_address leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 9.8
CVE-2025-5624 WRITEUP CRITICAL WRITEUP
D-Link DIR-816 1.10CNB05 - Stack-Based Buffer Overflow in QoSPortSetup
A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been declared as critical. This vulnerability affects the function QoSPortSetup of the file /goform/QoSPortSetup. The manipulation of the argument port0_group/port0_remarker/ssid0_group/ssid0_remarker leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 9.8
CVE-2025-5630 WRITEUP CRITICAL WRITEUP
D-Link DIR-816 1.10CNB05 - Stack-Based Buffer Overflow via ip Parameter in form2lansetup.cgi
A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. This vulnerability affects unknown code of the file /goform/form2lansetup.cgi. The manipulation of the argument ip leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 9.8
CVE-2025-6114 WRITEUP HIGH WRITEUP
D-Link DIR-619L 2.06B01 - Stack-Based Buffer Overflow in form_portforwarding
A vulnerability has been found in D-Link DIR-619L 2.06B01 and classified as critical. Affected by this vulnerability is the function form_portforwarding of the file /goform/form_portforwarding. The manipulation of the argument ingress_name_%d/sched_name_%d/name_%d leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 8.8