Li Tengzheng

205 exploits Active since Feb 2026
CVE-2026-5854 WRITEUP CRITICAL WRITEUP
Totolink A7100RU CGI cstecgi.cgi setWiFiEasyCfg os command injection
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument merge results in os command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.
CVSS 9.8
CVE-2026-5849 WRITEUP HIGH WRITEUP
Tenda i12 HTTP path traversal
A vulnerability was determined in Tenda i12 1.0.0.11(3862). The impacted element is an unknown function of the component HTTP Handler. Executing a manipulation can lead to path traversal. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
CVSS 7.3
CVE-2026-5677 WRITEUP HIGH WRITEUP
Totolink A7100RU cstecgi.cgi CsteSystem os command injection
A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function CsteSystem of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument resetFlags results in os command injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.
CVSS 7.3
CVE-2026-5678 WRITEUP HIGH WRITEUP
Totolink A7100RU cstecgi.cgi setScheduleCfg os command injection
A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument mode can lead to os command injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.
CVSS 7.3
CVE-2026-5688 WRITEUP HIGH WRITEUP
Totolink A7100RU cstecgi.cgi setDdnsCfg os command injection
A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument provider leads to os command injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
CVSS 7.3
CVE-2026-5689 WRITEUP HIGH WRITEUP
Totolink A7100RU cstecgi.cgi setNtpCfg os command injection
A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setNtpCfg of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument tz results in os command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.
CVSS 7.3
CVE-2026-5690 WRITEUP HIGH WRITEUP
Totolink A7100RU cstecgi.cgi setRemoteCfg os command injection
A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setRemoteCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument enable can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used.
CVSS 7.3
CVE-2026-5691 WRITEUP HIGH WRITEUP
Totolink A7100RU cstecgi.cgi setFirewallType os command injection
A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setFirewallType of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument firewallType leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
CVSS 7.3
CVE-2026-5692 WRITEUP HIGH WRITEUP
Totolink A7100RU cstecgi.cgi setGameSpeedCfg os command injection
A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setGameSpeedCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results in os command injection. The attack may be performed from remote. The exploit has been made public and could be used.
CVSS 7.3
CVE-2026-5629 WRITEUP HIGH WRITEUP
Belkin F9K1015 formSetFirewall stack-based overflow
A vulnerability was detected in Belkin F9K1015 1.00.10. The affected element is the function formSetFirewall of the file /goform/formSetFirewall. The manipulation of the argument webpage results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
CVE-2026-5608 WRITEUP HIGH WRITEUP
Belkin F9K1122 formWlanSetup stack-based overflow
A vulnerability was detected in Belkin F9K1122 1.00.33. Affected is the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument webpage results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
CVE-2026-5609 WRITEUP HIGH WORKING POC
Tenda i12 Parameter wifiSSIDset formwrlSSIDset stack-based overflow
A flaw has been found in Tenda i12 1.0.0.11(3862). Affected by this vulnerability is the function formwrlSSIDset of the file /goform/wifiSSIDset of the component Parameter Handler. This manipulation of the argument index/wl_radio causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used.
CVSS 8.8
CVE-2026-5610 WRITEUP HIGH WRITEUP
Belkin F9K1015 formWISP5G stack-based overflow
A vulnerability has been found in Belkin F9K1015 1.00.10. Affected by this issue is the function formWISP5G of the file /goform/formWISP5G. Such manipulation of the argument webpage leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
CVE-2026-5611 WRITEUP HIGH WRITEUP
Belkin F9K1015 formCrossBandSwitch stack-based overflow
A vulnerability was found in Belkin F9K1015 1.00.10. This affects the function formCrossBandSwitch of the file /goform/formCrossBandSwitch. Performing a manipulation of the argument webpage results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
CVE-2026-5612 WRITEUP HIGH WRITEUP
Belkin F9K1015 formWlEncrypt stack-based overflow
A vulnerability was determined in Belkin F9K1015 1.00.10. This vulnerability affects the function formWlEncrypt of the file /goform/formWlEncrypt. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
CVE-2026-5613 WRITEUP HIGH WRITEUP
Belkin F9K1015 formReboot stack-based overflow
A vulnerability was identified in Belkin F9K1015 1.00.10. This issue affects the function formReboot of the file /goform/formReboot. The manipulation of the argument webpage leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
CVE-2026-5614 WRITEUP HIGH WRITEUP
Belkin F9K1015 formSetPassword stack-based overflow
A security flaw has been discovered in Belkin F9K1015 1.00.10. Impacted is the function formSetPassword of the file /goform/formSetPassword. The manipulation of the argument webpage results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
CVE-2026-5628 WRITEUP HIGH WRITEUP
Belkin F9K1015 Setting formSetSystemSettings stack-based overflow
A security vulnerability has been detected in Belkin F9K1015 1.00.10. Impacted is the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. The manipulation of the argument webpage leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
CVE-2026-5604 WRITEUP HIGH WRITEUP
Tenda CH22 Parameter CertLocalPrecreate formCertLocalPrecreate stack-based overflow
A security flaw has been discovered in Tenda CH22 1.0.0.1. The impacted element is the function formCertLocalPrecreate of the file /goform/CertLocalPrecreate of the component Parameter Handler. Performing a manipulation of the argument standard results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.
CVSS 8.8
CVE-2026-5605 WRITEUP HIGH WRITEUP
Tenda CH22 WrlExtraSet formWrlExtraSet stack-based overflow
A weakness has been identified in Tenda CH22 1.0.0.1. This affects the function formWrlExtraSet of the file /goform/WrlExtraSet. Executing a manipulation of the argument GO can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.
CVSS 8.8
CVE-2026-5204 WRITEUP HIGH WRITEUP
Tenda CH22 Parameter webtypelibrary formWebTypeLibrary stack-based overflow
A vulnerability was determined in Tenda CH22 1.0.0.1. Affected is the function formWebTypeLibrary of the file /goform/webtypelibrary of the component Parameter Handler. This manipulation of the argument webSiteId causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
CVSS 8.8
CVE-2026-5152 WRITEUP HIGH WRITEUP
Tenda CH22 createFileName formCreateFileName stack-based overflow
A vulnerability was detected in Tenda CH22 1.0.0.1. Impacted is the function formCreateFileName of the file /goform/createFileName. Performing a manipulation of the argument fileNameMit results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.
CVSS 8.8
CVE-2026-5153 WRITEUP MEDIUM WRITEUP
Tenda CH22 WriteFacMac FormWriteFacMac command injection
A flaw has been found in Tenda CH22 1.0.0.1. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. Executing a manipulation of the argument mac can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used.
CVSS 6.3
CVE-2026-5154 WRITEUP HIGH WRITEUP
Tenda CH22 Parameter setcfm fromSetCfm stack-based overflow
A vulnerability has been found in Tenda CH22 1.0.0.1/1.If. The impacted element is the function fromSetCfm of the file /goform/setcfm of the component Parameter Handler. The manipulation of the argument funcname leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
CVSS 8.8
CVE-2026-5155 WRITEUP HIGH WRITEUP
Tenda CH22 Parameter AdvSetWan fromAdvSetWan stack-based overflow
A vulnerability was found in Tenda CH22 1.0.0.1. This affects the function fromAdvSetWan of the file /goform/AdvSetWan of the component Parameter Handler. The manipulation of the argument wanmode results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.
CVSS 8.8