jfkk

12 exploits Active since Sep 2024
CVE-2026-3697 WRITEUP MEDIUM WRITEUP
Planet ICG-2510 1.0_20250811 - Buffer Overflow
A vulnerability was determined in Planet ICG-2510 1.0_20250811. The impacted element is the function sub_40C8E4 of the file /usr/sbin/httpd of the component Language Package Configuration Handler. Executing a manipulation of the argument Language can lead to stack-based buffer overflow. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 6.3
CVE-2024-44844 WRITEUP HIGH WRITEUP
DrayTek Vigor3900 <1.5.1.6 - Command Injection
DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the name parameter in the run_command function.
CVSS 8.8
CVE-2024-44845 WRITEUP HIGH WRITEUP
DrayTek Vigor3900 <1.5.1.6 - Command Injection
DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the value parameter in the filter_string function.
CVSS 8.8
CVE-2025-57636 WRITEUP MEDIUM WRITEUP
Dlink Di-7100g Firmware - OS Command Injection
OS Command injection vulnerability in D-Link C1 2020-02-21. The sub_47F028 function in jhttpd contains a command injection vulnerability via the HTTP parameter "time".
CVSS 6.5
CVE-2025-57637 WRITEUP HIGH WORKING POC
Dlink Di-7100g Firmware - Heap Buffer Overflow
Buffer overflow vulnerability in D-Link DI-7100G 2020-02-21 in the sub_451754 function of the jhttpd service in the viav4 parameter allowing attackers to cause a denial of service or execute arbitrary code.
CVSS 7.5
CVE-2025-57638 WRITEUP HIGH WRITEUP
Tenda Ac9 Firmware - Heap Buffer Overflow
Buffer overflow vulnerability in Tenda AC9 1.0 via the user supplied sys.vendor configuration value.
CVSS 7.5
CVE-2025-57639 WRITEUP MEDIUM WRITEUP
Tenda Ac9 Firmware - OS Command Injection
OS Command injection vulnerability in Tenda AC9 1.0 was discovered to contain a command injection vulnerability via the usb.samba.guest.user parameter in the formSetSambaConf function of the httpd file.
CVSS 6.5
CVE-2026-2191 WRITEUP HIGH WRITEUP
Tenda Ac9 Firmware - Memory Corruption
A weakness has been identified in Tenda AC9 15.03.06.42_multi. Affected is the function formGetDdosDefenceList. This manipulation of the argument security.ddos.map causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks.
CVSS 7.2
CVE-2026-2192 WRITEUP HIGH WRITEUP
Tenda Ac9 Firmware - Memory Corruption
A security vulnerability has been detected in Tenda AC9 15.03.06.42_multi. Affected by this vulnerability is the function formGetRebootTimer. Such manipulation of the argument sys.schedulereboot.start_time/sys.schedulereboot.end_time leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
CVSS 7.2
CVE-2026-2193 WRITEUP MEDIUM WRITEUP
Dlink Di-7100g C1 Firmware - Command Injection
A vulnerability was detected in D-Link DI-7100G C1 24.04.18D1. Affected by this issue is the function set_jhttpd_info. Performing a manipulation of the argument usb_username results in command injection. Remote exploitation of the attack is possible.
CVSS 6.3
CVE-2026-2194 WRITEUP MEDIUM WRITEUP
Dlink Di-7100g C1 Firmware - Command Injection
A flaw has been found in D-Link DI-7100G C1 24.04.18D1. This affects the function start_proxy_client_email. Executing a manipulation can lead to command injection. The attack can be executed remotely. The exploit has been published and may be used.
CVSS 6.3
CVE-2026-2548 WRITEUP MEDIUM WRITEUP
WAYOS FBM-220G 24.10.19 - Command Injection
A flaw has been found in WAYOS FBM-220G 24.10.19. This affects the function sub_40F820 of the file rc. Executing a manipulation of the argument upnp_waniface/upnp_ssdp_interval/upnp_max_age can lead to command injection. The attack can be executed remotely. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 6.3