ZhangChangqing

2 exploits Active since Apr 2026
CVE-2026-31255 WRITEUP CRITICAL WRITEUP
Tenda AC18 V15.03.05.05 - Command Injection
A command injection vulnerability exists in Tenda AC18 V15.03.05.05_multi. The vulnerability is located in the /goform/SetSambaCfg interface, where improper handling of the guestuser parameter allows attackers to execute arbitrary system commands.
CVSS 9.8
CVE-2026-31256 WRITEUP HIGH WORKING POC
MERCURY MIPC252W 1.0.5 Build 230306 Rel.79931n - Denial of Service via RTSP SETUP Transport Header
A null pointer dereference vulnerability exists in the RTSP service of the MERCURY MIPC252W 1.0.5 Build 230306 Rel.79931n. During the processing of a SETUP request for the path rtsp://<IP>:554/stream1/track2, the device fails to properly validate the Transport header field. When this header is improperly constructed, the RTSP service can dereference a NULL pointer during request parsing. Successful exploitation causes the device to crash and automatically reboot.
CVSS 7.5