SunnyYANGyaya

15 exploits Active since Feb 2025
CVE-2026-31027 WRITEUP CRITICAL WRITEUP
TOTOlink A3600R v5.9c.4959 - Buffer Overflow
TOTOlink A3600R v5.9c.4959 contains a buffer overflow vulnerability in the setAppEasyWizardConfig interface of /lib/cste_modules/app.so. The vulnerability occurs because the rootSsid parameter is not properly validated for length, allowing remote attackers to trigger a buffer overflow, potentially leading to arbitrary code execution or denial of service.
CVSS 9.8
CVE-2025-25635 WRITEUP HIGH WRITEUP
Totolink A3002r Firmware - Buffer Overflow
TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the pppoe_dns1 parameter in the formIpv6Setup interface of /bin/boa.
CVSS 8.0
CVE-2025-45797 WRITEUP CRITICAL WRITEUP
Totolink A950rg Firmware - Out-of-Bounds Write
TOTOlink A950RG V4.1.2cu.5204_B20210112 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the NoticeUrl parameter in the setNoticeCfg interface of /lib/cste_modules/system.so.
CVSS 9.8
CVE-2025-45798 WRITEUP CRITICAL WRITEUP
Totolink A950rg Firmware - Command Injection
A command execution vulnerability exists in the TOTOLINK A950RG V4.1.2cu.5204_B20210112. The vulnerability is located in the setNoticeCfg interface within the /lib/cste_modules/system.so library, specifically in the processing of the IpTo parameter.
CVSS 9.8
CVE-2025-45800 WRITEUP CRITICAL WRITEUP
Totolink A950rg Firmware - Command Injection
TOTOLINK A950RG V4.1.2cu.5204_B20210112 contains a command execution vulnerability in the setDeviceName interface of the /lib/cste_modules/global.so library, specifically in the processing of the deviceMac parameter.
CVSS 9.8
CVE-2025-67186 WRITEUP CRITICAL WRITEUP
Totolink A950rg Firmware - Buffer Overflow
TOTOLINK A950RG V4.1.2cu.5204_B20210112 contains a buffer overflow vulnerability in the setUrlFilterRules interface of /lib/cste_modules/firewall.so. The vulnerability occurs because the `url` parameter is not properly validated for length, allowing remote attackers to trigger a buffer overflow, potentially leading to arbitrary code execution or denial of service.
CVSS 9.8
CVE-2025-67187 WRITEUP CRITICAL WORKING POC
Totolink A950rg Firmware - Stack Buffer Overflow
A stack-based buffer overflow vulnerability was identified in TOTOLINK A950RG V4.1.2cu.5204_B20210112. The flaw exists in the setIpQosRules interface of /lib/cste_modules/firewall.so where the comment parameter is not properly validated for length.
CVSS 9.8
CVE-2025-67188 WRITEUP CRITICAL WRITEUP
Totolink A950rg Firmware - Buffer Overflow
A buffer overflow vulnerability exists in TOTOLINK A950RG V4.1.2cu.5204_B20210112. The issue resides in the setRadvdCfg interface of the /lib/cste_modules/ipv6.so module. The function fails to properly validate the length of the user-controlled radvdinterfacename parameter, allowing remote attackers to trigger a stack buffer overflow.
CVSS 9.8
CVE-2025-67189 WRITEUP MEDIUM WRITEUP
Totolink A950rg Firmware - Buffer Overflow
A buffer overflow vulnerability exists in the setParentalRules interface of TOTOLINK A950RG V4.1.2cu.5204_B20210112. The urlKeyword parameter is not properly validated, and the function concatenates multiple user-controlled fields into a fixed-size stack buffer without performing boundary checks. A remote attacker can exploit this flaw to cause denial of service or potentially achieve arbitrary code execution.
CVSS 6.5
CVE-2026-1686 WRITEUP HIGH WRITEUP
Totolink A3600r Firmware - Memory Corruption
A security flaw has been discovered in Totolink A3600R 5.9c.4959. This issue affects the function setAppEasyWizardConfig in the library /lib/cste_modules/app.so. Performing a manipulation of the argument apcliSsid results in buffer overflow. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.
CVSS 8.8
CVE-2026-1687 WRITEUP HIGH WRITEUP
Tenda Hg10 Firmware - Command Injection
A weakness has been identified in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon. Impacted is an unknown function of the file /boaform/formSamba of the component Boa Webserver. Executing a manipulation of the argument serverString can lead to command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
CVSS 7.3
CVE-2026-1689 WRITEUP HIGH WRITEUP
Tenda Hg10 Firmware - Command Injection
A vulnerability was detected in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon. The impacted element is the function checkUserFromLanOrWan of the file /boaform/admin/formLogin of the component Login Interface. The manipulation of the argument Host results in command injection. The attack can be launched remotely. The exploit is now public and may be used.
CVSS 7.3
CVE-2026-1690 WRITEUP MEDIUM WRITEUP
Tenda Hg10 Firmware - Command Injection
A flaw has been found in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon. This affects the function system of the file /boaform/formSysCmd. This manipulation of the argument sysCmd causes command injection. The attack may be initiated remotely. The exploit has been published and may be used.
CVSS 4.7
CVE-2026-2202 WRITEUP HIGH WORKING POC
Tenda Ac8 Firmware - Memory Corruption
A vulnerability was detected in Tenda AC8 16.03.33.05. Affected is the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet of the component httpd. The manipulation of the argument shareSpeed results in buffer overflow. The attack may be launched remotely. The exploit is now public and may be used.
CVSS 8.8
CVE-2026-2203 WRITEUP HIGH WRITEUP
Tenda Ac8 Firmware - Memory Corruption
A flaw has been found in Tenda AC8 16.03.33.05. Affected by this vulnerability is an unknown functionality of the file /goform/fast_setting_wifi_set of the component Embedded Httpd Service. This manipulation of the argument timeZone causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.
CVSS 8.8