panda666-888

95 exploits Active since Jul 2025
CVE-2025-11293 WRITEUP HIGH WRITEUP
Belkin F9K1015 1.00.10 - Buffer Overflow
A security vulnerability has been detected in Belkin F9K1015 1.00.10. Affected by this vulnerability is an unknown functionality of the file /goform/formConnectionSetting. The manipulation of the argument max_Conn leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
CVE-2025-11294 WRITEUP HIGH WRITEUP
Belkin F9K1015 1.00.10 - Buffer Overflow
A vulnerability was detected in Belkin F9K1015 1.00.10. Affected by this issue is some unknown functionality of the file /goform/formL2TPSetup. The manipulation of the argument L2TPUserName results in buffer overflow. The attack may be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
CVE-2025-11295 WRITEUP HIGH WRITEUP
Belkin F9K1015 1.00.10 - Buffer Overflow
A flaw has been found in Belkin F9K1015 1.00.10. This affects an unknown part of the file /goform/formPPPoESetup. This manipulation of the argument pppUserName causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
CVE-2025-11296 WRITEUP HIGH WRITEUP
Belkin F9K1015 1.00.10 - Buffer Overflow
A vulnerability has been found in Belkin F9K1015 1.00.10. This vulnerability affects unknown code of the file /goform/formPPTPSetup. Such manipulation of the argument pptpUserName leads to buffer overflow. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
CVE-2025-11297 WRITEUP HIGH WRITEUP
Belkin F9K1015 1.00.10 - Buffer Overflow
A vulnerability was found in Belkin F9K1015 1.00.10. This issue affects some unknown processing of the file /goform/formSetLanguage. Performing a manipulation of the argument webpage results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
CVE-2025-11298 WRITEUP MEDIUM WRITEUP
Belkin F9K1015 1.00.10 - Command Injection
A vulnerability was determined in Belkin F9K1015 1.00.10. Impacted is an unknown function of the file /goform/formSetWanStatic. Executing a manipulation of the argument m_wan_ipaddr can lead to command injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 6.3
CVE-2025-11299 WRITEUP HIGH WRITEUP
Belkin F9K1015 1.00.10 - Buffer Overflow
A vulnerability was identified in Belkin F9K1015 1.00.10. The affected element is an unknown function of the file /goform/formWanTcpipSetup. The manipulation of the argument pppUserName leads to buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
CVE-2025-11300 WRITEUP HIGH WRITEUP
Belkin F9K1015 1.00.10 - Buffer Overflow
A security flaw has been discovered in Belkin F9K1015 1.00.10. The impacted element is an unknown function of the file /goform/formWlanMP. The manipulation of the argument ateFunc results in buffer overflow. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
CVE-2025-11302 WRITEUP HIGH WRITEUP
Belkin F9K1015 1.00.10 - Buffer Overflow
A security vulnerability has been detected in Belkin F9K1015 1.00.10. This impacts an unknown function of the file /goform/formWpsStart. Such manipulation of the argument pinCode leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
CVE-2025-11303 WRITEUP MEDIUM WRITEUP
Belkin F9K1015 1.00.10 - Command Injection
A vulnerability was detected in Belkin F9K1015 1.00.10. Affected is an unknown function of the file /goform/mp. Performing a manipulation of the argument command results in command injection. The attack may be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 6.3
CVE-2025-14208 WRITEUP MEDIUM WRITEUP
D-Link DIR-823X - Command Injection
A security flaw has been discovered in D-Link DIR-823X up to 20250416. This affects the function sub_415028 of the file /goform/set_wan_settings. The manipulation of the argument ppp_username results in command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.
CVSS 6.3
CVE-2025-15189 WRITEUP HIGH WRITEUP
D-Link DWR-M920 < 1.1.50 - Buffer Overflow via formDefRoute submit-url Parameter
A vulnerability was identified in D-Link DWR-M920 up to 1.1.50. This issue affects the function sub_464794 of the file /boafrm/formDefRoute. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used.
CVSS 8.8
CVE-2025-15190 WRITEUP HIGH WRITEUP
D-Link DWR-M920 < 1.1.50 - Stack-Based Buffer Overflow via formFilter ip6addr Argument
A security flaw has been discovered in D-Link DWR-M920 up to 1.1.50. Impacted is the function sub_42261C of the file /boafrm/formFilter. The manipulation of the argument ip6addr results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be exploited.
CVSS 8.8
CVE-2025-15191 WRITEUP MEDIUM WRITEUP
D-Link DWR-M920 < 1.1.50 - OS Command Injection via formLtefotaUpgradeFibocom fota_url Parameter
A weakness has been identified in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_4155B4 of the file /boafrm/formLtefotaUpgradeFibocom. This manipulation of the argument fota_url causes command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.
CVSS 6.3
CVE-2025-15192 WRITEUP MEDIUM WRITEUP
D-Link DWR-M920 < 1.1.50 - Remote Command Injection via formLtefotaUpgradeQuectel fota_url Parameter
A security vulnerability has been detected in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_415328 of the file /boafrm/formLtefotaUpgradeQuectel. Such manipulation of the argument fota_url leads to command injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
CVSS 6.3
CVE-2025-15193 WRITEUP HIGH WRITEUP
D-Link DWR-M920 < 1.1.50 - Buffer Overflow via formParentControl submit-url Argument
A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. This affects the function sub_423848 of the file /boafrm/formParentControl. Performing manipulation of the argument submit-url results in buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used.
CVSS 8.8
CVE-2025-7527 WRITEUP HIGH WRITEUP
Tenda FH1202 1.2.0.14(408) - Buffer Overflow
A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects the function fromAdvSetWan of the file /goform/AdvSetWan. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 8.8
CVE-2025-7528 WRITEUP HIGH WORKING POC
Tenda FH1202 1.2.0.14(408 - Buffer Overflow
A vulnerability classified as critical has been found in Tenda FH1202 1.2.0.14(408). Affected is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer. The manipulation of the argument dips leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 8.8
CVE-2025-7529 WRITEUP HIGH WRITEUP
Tenda FH1202 1.2.0.14(408) - Buffer Overflow
A vulnerability classified as critical was found in Tenda FH1202 1.2.0.14(408). Affected by this vulnerability is the function fromNatlimit of the file /goform/Natlimit. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 8.8
CVE-2025-7530 WRITEUP HIGH WORKING POC
Tenda FH1202 1.2.0.14(408 - Buffer Overflow
A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). Affected by this issue is the function fromPptpUserAdd of the file /goform/PPTPDClient. The manipulation of the argument Username leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 8.8
CVE-2025-7531 WRITEUP HIGH WRITEUP
Tenda FH1202 1.2.0.14(408) - Buffer Overflow
A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2.0.14(408). This affects the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The manipulation of the argument delno leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 8.8
CVE-2025-7532 WRITEUP HIGH WRITEUP
Tenda FH1202 1.2.0.14(408 - Buffer Overflow
A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. This vulnerability affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 8.8
CVE-2025-7544 WRITEUP HIGH WRITEUP
Tenda AC1206 15.03.06.23 - Buffer Overflow
A vulnerability was found in Tenda AC1206 15.03.06.23. It has been rated as critical. This issue affects the function formSetMacFilterCfg of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 8.8
CVE-2025-7548 WRITEUP HIGH WRITEUP
Tenda FH1201 1.2.0.14(408) - Buffer Overflow
A vulnerability has been found in Tenda FH1201 1.2.0.14(408) and classified as critical. This vulnerability affects the function formSafeEmailFilter of the file /goform/SafeEmailFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 8.8
CVE-2025-7549 WRITEUP HIGH WRITEUP
Tenda FH1201 1.2.0.14(408) - Buffer Overflow
A vulnerability was found in Tenda FH1201 1.2.0.14(408) and classified as critical. This issue affects the function frmL7ProtForm of the file /goform/L7Prot. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 8.8