panda666-888

62 exploits Active since Jul 2025
CVE-2025-11302 WRITEUP HIGH WRITEUP
Belkin F9K1015 1.00.10 - Buffer Overflow
A security vulnerability has been detected in Belkin F9K1015 1.00.10. This impacts an unknown function of the file /goform/formWpsStart. Such manipulation of the argument pinCode leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
CVE-2025-11303 WRITEUP MEDIUM WRITEUP
Belkin F9K1015 1.00.10 - Command Injection
A vulnerability was detected in Belkin F9K1015 1.00.10. Affected is an unknown function of the file /goform/mp. Performing a manipulation of the argument command results in command injection. The attack may be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 6.3
CVE-2025-14208 WRITEUP MEDIUM WRITEUP
D-Link DIR-823X - Command Injection
A security flaw has been discovered in D-Link DIR-823X up to 20250416. This affects the function sub_415028 of the file /goform/set_wan_settings. The manipulation of the argument ppp_username results in command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.
CVSS 6.3
CVE-2025-15189 WRITEUP HIGH WRITEUP
Dlink Dwr-m920 Firmware < 1.1.50 - Memory Corruption
A vulnerability was identified in D-Link DWR-M920 up to 1.1.50. This issue affects the function sub_464794 of the file /boafrm/formDefRoute. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used.
CVSS 8.8
CVE-2025-15190 WRITEUP HIGH WRITEUP
Dlink Dwr-m920 Firmware < 1.1.50 - Memory Corruption
A security flaw has been discovered in D-Link DWR-M920 up to 1.1.50. Impacted is the function sub_42261C of the file /boafrm/formFilter. The manipulation of the argument ip6addr results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be exploited.
CVSS 8.8
CVE-2025-15191 WRITEUP MEDIUM WRITEUP
Dlink Dwr-m920 Firmware < 1.1.50 - Command Injection
A weakness has been identified in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_4155B4 of the file /boafrm/formLtefotaUpgradeFibocom. This manipulation of the argument fota_url causes command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.
CVSS 6.3
CVE-2025-15192 WRITEUP MEDIUM WRITEUP
Dlink Dwr-m920 Firmware < 1.1.50 - Command Injection
A security vulnerability has been detected in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_415328 of the file /boafrm/formLtefotaUpgradeQuectel. Such manipulation of the argument fota_url leads to command injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
CVSS 6.3
CVE-2025-15193 WRITEUP HIGH WRITEUP
Dlink Dwr-m920 Firmware < 1.1.50 - Memory Corruption
A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. This affects the function sub_423848 of the file /boafrm/formParentControl. Performing manipulation of the argument submit-url results in buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used.
CVSS 8.8
CVE-2025-7527 WRITEUP HIGH WRITEUP
Tenda FH1202 1.2.0.14(408) - Buffer Overflow
A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects the function fromAdvSetWan of the file /goform/AdvSetWan. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 8.8
CVE-2025-7528 WRITEUP HIGH WORKING POC
Tenda FH1202 1.2.0.14(408 - Buffer Overflow
A vulnerability classified as critical has been found in Tenda FH1202 1.2.0.14(408). Affected is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer. The manipulation of the argument dips leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 8.8
CVE-2025-7529 WRITEUP HIGH WRITEUP
Tenda FH1202 1.2.0.14(408) - Buffer Overflow
A vulnerability classified as critical was found in Tenda FH1202 1.2.0.14(408). Affected by this vulnerability is the function fromNatlimit of the file /goform/Natlimit. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 8.8
CVE-2025-7530 WRITEUP HIGH WORKING POC
Tenda FH1202 1.2.0.14(408 - Buffer Overflow
A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). Affected by this issue is the function fromPptpUserAdd of the file /goform/PPTPDClient. The manipulation of the argument Username leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 8.8
CVE-2025-7531 WRITEUP HIGH WRITEUP
Tenda FH1202 1.2.0.14(408) - Buffer Overflow
A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2.0.14(408). This affects the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The manipulation of the argument delno leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 8.8
CVE-2025-7532 WRITEUP HIGH WRITEUP
Tenda FH1202 1.2.0.14(408 - Buffer Overflow
A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. This vulnerability affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 8.8
CVE-2025-7544 WRITEUP HIGH WRITEUP
Tenda AC1206 15.03.06.23 - Buffer Overflow
A vulnerability was found in Tenda AC1206 15.03.06.23. It has been rated as critical. This issue affects the function formSetMacFilterCfg of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 8.8
CVE-2025-7548 WRITEUP HIGH WRITEUP
Tenda FH1201 1.2.0.14(408) - Buffer Overflow
A vulnerability has been found in Tenda FH1201 1.2.0.14(408) and classified as critical. This vulnerability affects the function formSafeEmailFilter of the file /goform/SafeEmailFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 8.8
CVE-2025-7549 WRITEUP HIGH WRITEUP
Tenda FH1201 1.2.0.14(408) - Buffer Overflow
A vulnerability was found in Tenda FH1201 1.2.0.14(408) and classified as critical. This issue affects the function frmL7ProtForm of the file /goform/L7Prot. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 8.8
CVE-2025-7550 WRITEUP HIGH WORKING POC
Tenda FH1201 1.2.0.14 - Buffer Overflow
A vulnerability was found in Tenda FH1201 1.2.0.14(408). It has been classified as critical. Affected is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer. The manipulation of the argument dips leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 8.8
CVE-2025-7551 WRITEUP HIGH WRITEUP
Tenda FH1201 1.2.0.14(408 - Buffer Overflow
A vulnerability was found in Tenda FH1201 1.2.0.14(408). It has been declared as critical. Affected by this vulnerability is the function fromPptpUserAdd of the file /goform/PPTPDClient. The manipulation of the argument modino/username leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 8.8
CVE-2025-7586 WRITEUP HIGH WRITEUP
Tenda AC500 2.0.1.9(1307 - Buffer Overflow
A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been declared as critical. Affected by this vulnerability is the function formSetAPCfg of the file /goform/setWtpData. The manipulation of the argument radio_2g_1 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 8.8
CVE-2025-7597 WRITEUP HIGH WRITEUP
Tenda AX1803 1.0.0.1 - Buffer Overflow
A vulnerability classified as critical has been found in Tenda AX1803 1.0.0.1. Affected is the function formSetMacFilterCfg of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 8.8
CVE-2025-7598 WRITEUP HIGH WRITEUP
Tenda AX1803 1.0.0.1 - Buffer Overflow
A vulnerability classified as critical was found in Tenda AX1803 1.0.0.1. Affected by this vulnerability is the function formSetWifiMacFilterCfg of the file /goform/setWifiFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 8.8
CVE-2025-7792 WRITEUP HIGH WRITEUP
Tenda FH451 1.0.0.9 - Buffer Overflow
A vulnerability was found in Tenda FH451 1.0.0.9. It has been rated as critical. This issue affects the function formSafeEmailFilter of the file /goform/SafeEmailFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 8.8
CVE-2025-7793 WRITEUP HIGH WRITEUP
Tenda FH451 1.0.0.9 - Buffer Overflow
A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. Affected is the function formWebTypeLibrary of the file /goform/webtypelibrary. The manipulation of the argument webSiteId leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 8.8
CVE-2025-7794 WRITEUP HIGH WRITEUP
Tenda FH451 1.0.0.9 - Buffer Overflow
A vulnerability classified as critical was found in Tenda FH451 1.0.0.9. Affected by this vulnerability is the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 8.8