Jiaqian Peng

295 exploits Active since Jun 2025
CVE-2025-6115 WRITEUP HIGH WRITEUP
D-Link DIR-619L 2.06B01 - Stack-Based Buffer Overflow in form_macfilter
A vulnerability was found in D-Link DIR-619L 2.06B01 and classified as critical. Affected by this issue is the function form_macfilter. The manipulation of the argument mac_hostname_%d/sched_name_%d leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 8.8
CVE-2025-6367 WRITEUP HIGH WRITEUP
D-Link DIR-619L 2.06B01 - Stack-Based Buffer Overflow via curTime/sched_name_%d/url_%d Parameters
A vulnerability was found in D-Link DIR-619L 2.06B01. It has been declared as critical. This vulnerability affects unknown code of the file /goform/formSetDomainFilter. The manipulation of the argument curTime/sched_name_%d/url_%d leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 8.8
CVE-2025-6368 WRITEUP HIGH WRITEUP
D-Link DIR-619L 2.06B01 - Stack-Based Buffer Overflow via formSetEmail curTime Parameter
A vulnerability was found in D-Link DIR-619L 2.06B01. It has been rated as critical. This issue affects the function formSetEmail of the file /goform/formSetEmail. The manipulation of the argument curTime/config.smtp_email_subject leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 8.8
CVE-2025-6369 WRITEUP HIGH WRITEUP
D-Link DIR-619L 2.06B01 - Stack-Based Buffer Overflow via curTime/config.save_network_enabled
A vulnerability classified as critical has been found in D-Link DIR-619L 2.06B01. Affected is the function formdumpeasysetup of the file /goform/formdumpeasysetup. The manipulation of the argument curTime/config.save_network_enabled leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 8.8
CVE-2025-6370 WRITEUP HIGH WRITEUP
D-Link DIR-619L 2.06B01 - Stack-Based Buffer Overflow in formWlanGuestSetup
A vulnerability classified as critical was found in D-Link DIR-619L 2.06B01. Affected by this vulnerability is the function formWlanGuestSetup of the file /goform/formWlanGuestSetup. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 8.8
CVE-2025-6371 WRITEUP HIGH WRITEUP
D-Link DIR-619L 2.06B01 - Stack-Based Buffer Overflow via curTime Parameter in formSetEnableWizard
A vulnerability, which was classified as critical, has been found in D-Link DIR-619L 2.06B01. Affected by this issue is the function formSetEnableWizard of the file /goform/formSetEnableWizard. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 8.8
CVE-2025-6372 WRITEUP HIGH WRITEUP
D-Link DIR-619L 2.06B01 - Stack-Based Buffer Overflow via curTime Parameter in formSetWizard1
A vulnerability, which was classified as critical, was found in D-Link DIR-619L 2.06B01. This affects the function formSetWizard1 of the file /goform/formSetWizard1. The manipulation of the argument curTime leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 8.8
CVE-2025-6373 WRITEUP HIGH WRITEUP
D-Link DIR-619L 2.06B01 - Stack-Based Buffer Overflow via curTime Parameter in formSetWizard1
A vulnerability has been found in D-Link DIR-619L 2.06B01 and classified as critical. This vulnerability affects the function formSetWizard1 of the file /goform/formWlSiteSurvey. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 8.8
CVE-2025-6374 WRITEUP HIGH WRITEUP
D-Link DIR-619L 2.06B01 - Stack-Based Buffer Overflow in formSetACLFilter
A vulnerability was found in D-Link DIR-619L 2.06B01 and classified as critical. This issue affects the function formSetACLFilter of the file /goform/formSetACLFilter. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 8.8
CVE-2025-6485 WRITEUP MEDIUM WRITEUP
TOTOLINK A3002R 1.1.1-B20200824.0128 - OS Command Injection via wlanif Parameter
A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been classified as critical. This affects the function formWlSiteSurvey of the file /boafrm/formWlSiteSurvey. The manipulation of the argument wlanif leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2025-6486 WRITEUP HIGH WRITEUP
TOTOLINK A3002R 1.1.1-B20200824.0128 - Stack-Based Buffer Overflow in formWlanMultipleAP
A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been declared as critical. This vulnerability affects the function formWlanMultipleAP of the file /boafrm/formWlanMultipleAP. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 8.8
CVE-2025-6487 WRITEUP HIGH WRITEUP
TOTOLINK A3002R 1.1.1-B20200824.0128 - Stack-Based Buffer Overflow in formRoute
A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been rated as critical. This issue affects the function formRoute of the file /boafrm/formRoute. The manipulation of the argument subnet leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 8.8
CVE-2025-6614 WRITEUP HIGH WRITEUP
D-Link DIR-619L 2.06B01 - Stack-Based Buffer Overflow in formSetWANType_Wizard5
A vulnerability, which was classified as critical, has been found in D-Link DIR-619L 2.06B01. Affected by this issue is the function formSetWANType_Wizard5 of the file /goform/formSetWANType_Wizard5. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 8.8
CVE-2025-6615 WRITEUP HIGH WRITEUP
D-Link DIR-619L 2.06B01 - Stack-Based Buffer Overflow via curTime Parameter
A vulnerability, which was classified as critical, was found in D-Link DIR-619L 2.06B01. This affects the function formAutoDetecWAN_wizard4 of the file /goform/formAutoDetecWAN_wizard4. The manipulation of the argument curTime leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 8.8
CVE-2025-6616 WRITEUP HIGH WRITEUP
D-Link DIR-619L 2.06B01 - Stack-Based Buffer Overflow in formSetWAN_Wizard51
A vulnerability has been found in D-Link DIR-619L 2.06B01 and classified as critical. This vulnerability affects the function formSetWAN_Wizard51 of the file /goform/formSetWAN_Wizard51. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 8.8
CVE-2025-6617 WRITEUP HIGH WRITEUP
D-Link DIR-619L 2.06B01 - Stack-Based Buffer Overflow via formAdvanceSetup Webpage Parameter
A vulnerability was found in D-Link DIR-619L 2.06B01 and classified as critical. This issue affects the function formAdvanceSetup of the file /goform/formAdvanceSetup. The manipulation of the argument webpage leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 8.8
CVE-2025-6618 WRITEUP MEDIUM WRITEUP
TOTOLINK CA300-PoE 6.2c.884 - OS Command Injection via SetWLanApcliSettings PIN Parameter
A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been classified as critical. Affected is the function SetWLanApcliSettings of the file wps.so. The manipulation of the argument PIN leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2025-6619 WRITEUP MEDIUM WRITEUP
TOTOLINK CA300-PoE 6.2c.884 - OS Command Injection via setUpgradeFW FileName Parameter
A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been declared as critical. Affected by this vulnerability is the function setUpgradeFW of the file upgrade.so. The manipulation of the argument FileName leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2025-6620 WRITEUP MEDIUM WRITEUP
TOTOLINK CA300-PoE 6.2c.884 - OS Command Injection via setUpgradeUboot FileName Parameter
A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been rated as critical. Affected by this issue is the function setUpgradeUboot of the file upgrade.so. The manipulation of the argument FileName leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2025-6621 WRITEUP MEDIUM WRITEUP
TOTOLINK CA300-PoE 6.2c.884 - OS Command Injection via QuickSetting hour/minute Parameter
A vulnerability classified as critical has been found in TOTOLINK CA300-PoE 6.2c.884. This affects the function QuickSetting of the file ap.so. The manipulation of the argument hour/minute leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2025-7081 WRITEUP MEDIUM WRITEUP
Belkin F9K1122 1.00.33 - OS Command Injection via formSetWanStatic Parameters
A vulnerability has been found in Belkin F9K1122 1.00.33 and classified as critical. Affected by this vulnerability is the function formSetWanStatic of the file /goform/formSetWanStatic of the component webs. The manipulation of the argument m_wan_ipaddr/m_wan_netmask/m_wan_gateway/m_wan_staticdns1/m_wan_staticdns2 is directly passed by the attacker/so we can control the m_wan_ipaddr/m_wan_netmask/m_wan_gateway/m_wan_staticdns1/m_wan_staticdns2 leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 6.3
CVE-2025-7082 WRITEUP MEDIUM WRITEUP
Belkin F9K1122 1.00.33 - OS Command Injection via wan_ipaddr/wan_netmask/wan_gateway/wl_ssid Parameters
A vulnerability was found in Belkin F9K1122 1.00.33 and classified as critical. Affected by this issue is the function formBSSetSitesurvey of the file /goform/formBSSetSitesurvey of the component webs. The manipulation of the argument wan_ipaddr/wan_netmask/wan_gateway/wl_ssid is directly passed by the attacker/so we can control the wan_ipaddr/wan_netmask/wan_gateway/wl_ssid leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 6.3
CVE-2025-7083 WRITEUP MEDIUM WRITEUP
Belkin F9K1122 1.00.33 - OS Command Injection via mp Function
A vulnerability was found in Belkin F9K1122 1.00.33. It has been classified as critical. This affects the function mp of the file /goform/mp of the component webs. The manipulation of the argument command leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 6.3
CVE-2025-7084 WRITEUP HIGH WRITEUP
Belkin F9K1122 1.00.33 - Stack-Based Buffer Overflow via formWpsStart pinCode Parameter
A vulnerability was found in Belkin F9K1122 1.00.33. It has been declared as critical. This vulnerability affects the function formWpsStart of the file /goform/formWpsStart of the component webs. The manipulation of the argument pinCode leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
CVE-2025-7085 WRITEUP HIGH WRITEUP
Belkin F9K1122 1.00.33 - Stack-Based Buffer Overflow in formiNICWpsStart via pinCode
A vulnerability was found in Belkin F9K1122 1.00.33. It has been rated as critical. This issue affects the function formiNICWpsStart of the file /goform/formiNICWpsStart of the component webs. The manipulation of the argument pinCode leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8