Li Tengzheng

168 exploits Active since Feb 2026
CVE-2026-5610 WRITEUP HIGH WRITEUP
Belkin F9K1015 formWISP5G stack-based overflow
A vulnerability has been found in Belkin F9K1015 1.00.10. Affected by this issue is the function formWISP5G of the file /goform/formWISP5G. Such manipulation of the argument webpage leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
CVE-2026-5611 WRITEUP HIGH WRITEUP
Belkin F9K1015 formCrossBandSwitch stack-based overflow
A vulnerability was found in Belkin F9K1015 1.00.10. This affects the function formCrossBandSwitch of the file /goform/formCrossBandSwitch. Performing a manipulation of the argument webpage results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
CVE-2026-5612 WRITEUP HIGH WRITEUP
Belkin F9K1015 formWlEncrypt stack-based overflow
A vulnerability was determined in Belkin F9K1015 1.00.10. This vulnerability affects the function formWlEncrypt of the file /goform/formWlEncrypt. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
CVE-2026-5613 WRITEUP HIGH WRITEUP
Belkin F9K1015 formReboot stack-based overflow
A vulnerability was identified in Belkin F9K1015 1.00.10. This issue affects the function formReboot of the file /goform/formReboot. The manipulation of the argument webpage leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
CVE-2026-5614 WRITEUP HIGH WRITEUP
Belkin F9K1015 formSetPassword stack-based overflow
A security flaw has been discovered in Belkin F9K1015 1.00.10. Impacted is the function formSetPassword of the file /goform/formSetPassword. The manipulation of the argument webpage results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
CVE-2026-5628 WRITEUP HIGH WRITEUP
Belkin F9K1015 Setting formSetSystemSettings stack-based overflow
A security vulnerability has been detected in Belkin F9K1015 1.00.10. Impacted is the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. The manipulation of the argument webpage leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
CVE-2026-5604 WRITEUP HIGH WRITEUP
Tenda CH22 Parameter CertLocalPrecreate formCertLocalPrecreate stack-based overflow
A security flaw has been discovered in Tenda CH22 1.0.0.1. The impacted element is the function formCertLocalPrecreate of the file /goform/CertLocalPrecreate of the component Parameter Handler. Performing a manipulation of the argument standard results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.
CVSS 8.8
CVE-2026-5605 WRITEUP HIGH WRITEUP
Tenda CH22 WrlExtraSet formWrlExtraSet stack-based overflow
A weakness has been identified in Tenda CH22 1.0.0.1. This affects the function formWrlExtraSet of the file /goform/WrlExtraSet. Executing a manipulation of the argument GO can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.
CVSS 8.8
CVE-2026-5204 WRITEUP HIGH WRITEUP
Tenda CH22 Parameter webtypelibrary formWebTypeLibrary stack-based overflow
A vulnerability was determined in Tenda CH22 1.0.0.1. Affected is the function formWebTypeLibrary of the file /goform/webtypelibrary of the component Parameter Handler. This manipulation of the argument webSiteId causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
CVSS 8.8
CVE-2026-5152 WRITEUP HIGH WRITEUP
Tenda CH22 createFileName formCreateFileName stack-based overflow
A vulnerability was detected in Tenda CH22 1.0.0.1. Impacted is the function formCreateFileName of the file /goform/createFileName. Performing a manipulation of the argument fileNameMit results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.
CVSS 8.8
CVE-2026-5153 WRITEUP MEDIUM WRITEUP
Tenda CH22 WriteFacMac FormWriteFacMac command injection
A flaw has been found in Tenda CH22 1.0.0.1. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. Executing a manipulation of the argument mac can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used.
CVSS 6.3
CVE-2026-5154 WRITEUP HIGH WRITEUP
Tenda CH22 Parameter setcfm fromSetCfm stack-based overflow
A vulnerability has been found in Tenda CH22 1.0.0.1/1.If. The impacted element is the function fromSetCfm of the file /goform/setcfm of the component Parameter Handler. The manipulation of the argument funcname leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
CVSS 8.8
CVE-2026-5155 WRITEUP HIGH WRITEUP
Tenda CH22 Parameter AdvSetWan fromAdvSetWan stack-based overflow
A vulnerability was found in Tenda CH22 1.0.0.1. This affects the function fromAdvSetWan of the file /goform/AdvSetWan of the component Parameter Handler. The manipulation of the argument wanmode results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.
CVSS 8.8
CVE-2026-5156 WRITEUP HIGH WRITEUP
Tenda CH22 Parameter QuickIndex formQuickIndex stack-based overflow
A vulnerability was determined in Tenda CH22 1.0.0.1. This impacts the function formQuickIndex of the file /goform/QuickIndex of the component Parameter Handler. This manipulation of the argument mit_linktype causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
CVSS 8.8
CVE-2026-5102 WRITEUP MEDIUM WRITEUP
Totolink A3300R Parameter cstecgi.cgi setSmartQosCfg command injection
A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b20221024. This vulnerability affects the function setSmartQosCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument qos_up_bw results in command injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
CVSS 6.3
CVE-2026-5101 WRITEUP MEDIUM WRITEUP
Totolink A3300R Parameter cstecgi.cgi setLanCfg command injection
A vulnerability was identified in Totolink A3300R 17.0.0cu.557_b20221024. This affects the function setLanCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument lanIp leads to command injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
CVSS 6.3
CVE-2026-5044 WRITEUP HIGH WRITEUP
Belkin F9K1122 Setting formSetSystemSettings stack-based overflow
A security vulnerability has been detected in Belkin F9K1122 1.00.33. This affects the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. Such manipulation of the argument webpage leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
CVE-2026-5045 WRITEUP HIGH WRITEUP
Tenda FH1201 Parameter WrlclientSet stack-based overflow
A vulnerability was detected in Tenda FH1201 1.2.0.14(408). This impacts the function WrlclientSet of the file /goform/WrlclientSet of the component Parameter Handler. Performing a manipulation of the argument GO results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used.
CVSS 8.8
CVE-2026-5046 WRITEUP HIGH WRITEUP
Tenda FH1201 Parameter WrlExtraSet formWrlExtraSet stack-based overflow
A flaw has been found in Tenda FH1201 1.2.0.14(408). Affected is the function formWrlExtraSet of the file /goform/WrlExtraSet of the component Parameter Handler. Executing a manipulation of the argument GO can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used.
CVSS 8.8
CVE-2026-5042 WRITEUP HIGH WRITEUP
Belkin F9K1122 Parameter formCrossBandSwitch stack-based overflow
A security flaw has been discovered in Belkin F9K1122 1.00.33. The affected element is the function formCrossBandSwitch of the file /goform/formCrossBandSwitch of the component Parameter Handler. The manipulation of the argument webpage results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
CVE-2026-5043 WRITEUP HIGH WRITEUP
Belkin F9K1122 Parameter formSetPassword stack-based overflow
A weakness has been identified in Belkin F9K1122 1.00.33. The impacted element is the function formSetPassword of the file /goform/formSetPassword of the component Parameter Handler. This manipulation of the argument webpage causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
CVE-2026-5024 WRITEUP HIGH WRITEUP
D-Link DIR-513 formSetEmail stack-based overflow
A vulnerability was found in D-Link DIR-513 1.10. This issue affects the function formSetEmail of the file /goform/formSetEmail. Performing a manipulation of the argument curTime results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 8.8
CVE-2026-5004 WRITEUP HIGH WRITEUP
Wavlink WL-WN579X3-C UPNP firewall.cgi sub_4019FC stack-based overflow
A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This impacts the function sub_4019FC of the file /cgi-bin/firewall.cgi of the component UPNP Handler. Executing a manipulation of the argument UpnpEnabled can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
CVE-2026-5021 WRITEUP HIGH WRITEUP
Tenda F453 httpd PPTPUserSetting fromPPTPUserSetting stack-based overflow
A flaw has been found in Tenda F453 1.0.0.3. This affects the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. This manipulation of the argument delno causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.
CVSS 8.8
CVE-2026-4566 WRITEUP HIGH WRITEUP
Belkin F9K1122 formWISP5G stack-based overflow
A flaw has been found in Belkin F9K1122 1.00.33. The affected element is the function formWISP5G of the file /goform/formWISP5G. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8