n0ps1ed

10 exploits Active since Aug 2025
CVE-2025-9091 WRITEUP LOW WRITEUP
Tenda AC20 16.03.08.12 - Info Disclosure
A security flaw has been discovered in Tenda AC20 16.03.08.12. Affected by this vulnerability is an unknown functionality of the file /etc_ro/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
CVSS 2.5
CVE-2025-10325 WRITEUP MEDIUM WRITEUP
Wavlink WL-WN578W2 221110 - OS Command Injection via login.cgi ipaddr Parameter
A vulnerability was identified in Wavlink WL-WN578W2 221110. This impacts the function sub_401340/sub_401BA4 of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 6.3
CVE-2025-57293 WRITEUP HIGH WRITEUP
COMFAST CF-XR11 Firmware V2.7.2 - OS Command Injection via multi_pppoe API phy_interface Parameter
A command injection vulnerability in COMFAST CF-XR11 (firmware V2.7.2) exists in the multi_pppoe API, processed by the sub_423930 function in /usr/bin/webmgnt. The phy_interface parameter is not sanitized, allowing attackers to inject arbitrary commands via a POST request to /cgi-bin/mbox-config?method=SET&section=multi_pppoe. When the action parameter is set to "one_click_redial", the unsanitized phy_interface is used in a system() call, enabling execution of malicious commands. This can lead to unauthorized access to sensitive files, execution of arbitrary code, or full device compromise.
CVSS 8.8
CVE-2025-57295 WRITEUP HIGH WRITEUP
H3C Magic NX15 Firmware NX15V100R015 - Unauthenticated Unauthorized Access via Default Credentials
H3C devices running firmware version NX15V100R015 are vulnerable to unauthorized access due to insecure default credentials. The root user account has no password set, and the H3C user account uses the default password "admin," both stored in the /etc/shadow file. Attackers with network access can exploit these credentials to gain unauthorized root-level access to the device via the administrative interface or other network services, potentially leading to privilege escalation, information disclosure, or arbitrary code execution.
CVSS 8.0
CVE-2025-57296 WRITEUP MEDIUM WRITEUP
Tenda AC6 Firmware 15.03.05.19 - Command Injection via SetIPTVCfg vlanId Parameter
Tenda AC6 router firmware 15.03.05.19 contains a command injection vulnerability in the formSetIptv function, which processes requests to the /goform/SetIPTVCfg web interface. When handling the list and vlanId parameters, the sub_ADBC0 helper function concatenates these user-supplied values into nvram set system commands using doSystemCmd, without validating or sanitizing special characters (e.g., ;, ", #). An unauthenticated or authenticated attacker can exploit this by submitting a crafted POST request, leading to arbitrary system command execution on the affected device.
CVSS 6.5
CVE-2025-9046 WRITEUP HIGH WRITEUP
Tenda AC20 16.03.08.12 - Stack-Based Buffer Overflow via setMacFilterCfg deviceList Parameter
A vulnerability was identified in Tenda AC20 16.03.08.12. This issue affects the function sub_46A2AC of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 8.8
CVE-2025-9089 WRITEUP HIGH WRITEUP
Tenda AC20 16.03.08.12 - Buffer Overflow
A vulnerability was determined in Tenda AC20 16.03.08.12. This issue affects the function sub_48E628 of the file /goform/SetIpMacBind. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 8.8
CVE-2025-9584 WRITEUP MEDIUM WRITEUP
Comfast CF-N1 2.6.0 - Command Injection
A vulnerability was found in Comfast CF-N1 2.6.0. Affected by this issue is the function update_interface_png of the file /usr/bin/webmgnt. The manipulation of the argument interface/display_name results in command injection. The attack can be executed remotely. The exploit has been made public and could be used.
CVSS 6.3
CVE-2025-9585 WRITEUP MEDIUM WRITEUP
Comfast CF-N1 2.6.0 - Command Injection
A vulnerability was determined in Comfast CF-N1 2.6.0. This affects the function wifilith_delete_pic_file of the file /usr/bin/webmgnt. This manipulation of the argument portal_delete_picname causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
CVSS 6.3
CVE-2025-9586 WRITEUP MEDIUM WRITEUP
Comfast CF-N1 2.6.0 - Command Injection
A vulnerability was identified in Comfast CF-N1 2.6.0. This vulnerability affects the function wireless_device_dissoc of the file /usr/bin/webmgnt. Such manipulation of the argument mac leads to command injection. The attack may be performed from a remote location. The exploit is publicly available and might be used.
CVSS 6.3