akuma-QAQ

44 exploits Active since Mar 2026
CVE-2025-70234 WRITEUP CRITICAL WORKING POC
D-Link DIR-513 v1.10 - Buffer Overflow
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetQoS.
CVSS 9.8
CVE-2025-70236 WRITEUP CRITICAL WORKING POC
D-Link DIR-513 v1.10 - Buffer Overflow
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetDomainFilter.
CVSS 9.8
CVE-2025-70237 WRITEUP CRITICAL WORKING POC
D-Link DIR-513 v1.10 - Buffer Overflow
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetPortTr.
CVSS 9.8
CVE-2025-70239 WRITEUP CRITICAL WORKING POC
D-Link DIR-513 v1.10 - Buffer Overflow
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard55.
CVSS 9.8
CVE-2025-70240 WRITEUP CRITICAL WORKING POC
D-Link DIR-513 v1.10 - Buffer Overflow
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard51.
CVSS 9.8
CVE-2025-70241 WRITEUP CRITICAL WORKING POC
D-Link DIR-513 v1.10 - Buffer Overflow
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWANType_Wizard5.
CVSS 9.8
CVE-2026-24103 WRITEUP CRITICAL WORKING POC
Tenda AC15V1.0 V15.03.05.18 - Buffer Overflow
A buffer overflow vulnerability was discovered in goform/formSetMacFilterCfg in Tenda AC15V1.0 V15.03.05.18_multi.
CVSS 9.8
CVE-2025-70252 WRITEUP HIGH WORKING POC
Tenda AC6V2.0 V15.03.06.23 - Buffer Overflow
An issue was discovered in /goform/WifiWpsStart in Tenda AC6V2.0 V15.03.06.23_multi. The index and mode are controllable. If the conditions are met to sprintf, they will be spliced into tmp. It is worth noting that there is no size check,which leads to a stack overflow vulnerability.
CVSS 7.5
CVE-2026-24105 WRITEUP CRITICAL WORKING POC
Tenda AC15V1.0 V15.03.05.18 - Command Injection
An issue was discovered in goform/formsetUsbUnload in Tenda AC15V1.0 V15.03.05.18_multi. The value of `v1` was not checked, potentially leading to a command injection vulnerability if injected into doSystemCmd.
CVSS 9.8
CVE-2026-24101 WRITEUP CRITICAL WORKING POC
Tenda AC15V1.0 V15.03.05.18 - Command Injection
An issue was discovered in goform/formSetIptv in Tenda AC15V1.0 V15.03.05.18_multi. When the condition is met, `s1_1` will be passed into sub_B0488, concatenated into `doSystemCmd`. The value of s1_1 is not validated, potentially leading to a command injection vulnerability.
CVSS 9.8
CVE-2026-24107 WRITEUP CRITICAL WORKING POC
Tenda W20E V4.0br_V15.11.0.6 - Command Injection
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the value of `usbPartitionName`, which is directly used in `doSystemCmd`, may lead to critical command injection vulnerabilities.
CVSS 9.8
CVE-2026-24108 WRITEUP CRITICAL WORKING POC
Tenda W20E V4.0br_V15.11.0.6 - Buffer Overflow
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `nptr`. When this value is passed into the `getMibPrefix` function and concatenated using `sprintf` without proper size validation, it could lead to a buffer overflow vulnerability.
CVSS 9.8
CVE-2026-24109 WRITEUP CRITICAL WORKING POC
Tenda W20E V4.0br_V15.11.0.6 - Buffer Overflow
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `picName`. When this value is used in `sprintf` without validating variable sizes, it could lead to a buffer overflow vulnerability.
CVSS 9.8
CVE-2026-24110 WRITEUP CRITICAL WORKING POC
Tenda W20E V4.0br_V15.11.0.6 - Buffer Overflow
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may send overly long `addDhcpRules` data. When these rules enter the `addDhcpRule` function and are processed by `ret = sscanf(pRule, " %d\t%[^\t]\t%[^\n\r\t]", &dhcpsIndex, dhcpsIP, dhcpsMac);`, the lack of size validation for the rules could lead to buffer overflows in `dhcpsIndex`, `dhcpsIP`, and `dhcpsMac`.
CVSS 9.8
CVE-2026-24111 WRITEUP CRITICAL WORKING POC
Tenda W20E V4.0br_V15.11.0.6 - Buffer Overflow
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value of `userInfo`. When `userInfo` is passed into the `addAuthUser` function and processed by `sscanf` without size validation, it could lead to buffer overflow.
CVSS 9.8
CVE-2026-24112 WRITEUP CRITICAL WORKING POC
Tenda W20E V4.0br_V15.11.0.6 - Buffer Overflow
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value of `userInfo`. When `userInfo` is passed into the `addWewifiWhiteUser` function and processed by `sscanf` without size validation, it could lead to a buffer overflow vulnerability.
CVSS 9.8
CVE-2026-24113 WRITEUP CRITICAL WORKING POC
Tenda W20E V4.0br_V15.11.0.6 - Buffer Overflow
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `nptr`. When this value is passed into the `getMibPrefix` function and concatenated using `sprintf` without proper size validation, it could lead to a buffer overflow vulnerability.
CVSS 9.8
CVE-2026-24114 WRITEUP CRITICAL WORKING POC
Tenda W20E V4.0br_V15.11.0.6 - Buffer Overflow
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate `pPortMapIndex` may lead to buffer overflows when using `strcpy`.
CVSS 9.8
CVE-2026-24115 WRITEUP CRITICAL WORKING POC
Tenda W20E V4.0br_V15.11.0.6 - Buffer Overflow
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the sizes of `gstup` and `gstdwn` before concatenating them into `gstruleQos` may lead to buffer overflow.
CVSS 9.8