panda666-888

95 exploits Active since Jul 2025

CVE-2025-7550 WRITEUP HIGH WORKING POC

Tenda FH1201 1.2.0.14 - Buffer Overflow

A vulnerability was found in Tenda FH1201 1.2.0.14(408). It has been classified as critical. Affected is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer. The manipulation of the argument dips leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS 8.8

View Code

CVE-2025-7551 WRITEUP HIGH WRITEUP

Tenda FH1201 1.2.0.14(408 - Buffer Overflow

A vulnerability was found in Tenda FH1201 1.2.0.14(408). It has been declared as critical. Affected by this vulnerability is the function fromPptpUserAdd of the file /goform/PPTPDClient. The manipulation of the argument modino/username leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS 8.8

View Code

CVE-2025-7586 WRITEUP HIGH WRITEUP

Tenda AC500 2.0.1.9(1307 - Buffer Overflow

A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been declared as critical. Affected by this vulnerability is the function formSetAPCfg of the file /goform/setWtpData. The manipulation of the argument radio_2g_1 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS 8.8

View Code

CVE-2025-7597 WRITEUP HIGH WRITEUP

Tenda AX1803 1.0.0.1 - Buffer Overflow

A vulnerability classified as critical has been found in Tenda AX1803 1.0.0.1. Affected is the function formSetMacFilterCfg of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS 8.8

View Code

CVE-2025-7598 WRITEUP HIGH WRITEUP

Tenda AX1803 1.0.0.1 - Buffer Overflow

A vulnerability classified as critical was found in Tenda AX1803 1.0.0.1. Affected by this vulnerability is the function formSetWifiMacFilterCfg of the file /goform/setWifiFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS 8.8

View Code

CVE-2025-7792 WRITEUP HIGH WRITEUP

Tenda FH451 1.0.0.9 - Buffer Overflow

A vulnerability was found in Tenda FH451 1.0.0.9. It has been rated as critical. This issue affects the function formSafeEmailFilter of the file /goform/SafeEmailFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS 8.8

View Code

CVE-2025-7793 WRITEUP HIGH WRITEUP

Tenda FH451 1.0.0.9 - Buffer Overflow

A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. Affected is the function formWebTypeLibrary of the file /goform/webtypelibrary. The manipulation of the argument webSiteId leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS 8.8

View Code

CVE-2025-7794 WRITEUP HIGH WRITEUP

Tenda FH451 1.0.0.9 - Buffer Overflow

A vulnerability classified as critical was found in Tenda FH451 1.0.0.9. Affected by this vulnerability is the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS 8.8

View Code

CVE-2025-7807 WRITEUP HIGH WRITEUP

Tenda FH451 1.0.0.9 - Buffer Overflow

A vulnerability, which was classified as critical, has been found in Tenda FH451 1.0.0.9. This issue affects the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. The manipulation of the argument Go/page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS 8.8

View Code

CVE-2025-7853 WRITEUP HIGH WRITEUP

Tenda FH451 1.0.0.9 - Buffer Overflow

A vulnerability was found in Tenda FH451 1.0.0.9. It has been rated as critical. This issue affects the function fromSetIpBind of the file /goform/SetIpBind. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS 8.8

View Code

CVE-2025-7854 WRITEUP HIGH WRITEUP

Tenda FH451 1.0.0.9 - Buffer Overflow

A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. Affected is the function fromVirtualSer of the file /goform/VirtualSer. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS 8.8

View Code

CVE-2025-7855 WRITEUP HIGH WRITEUP

Tenda FH451 1.0.0.9 - Buffer Overflow

A vulnerability classified as critical was found in Tenda FH451 1.0.0.9. Affected by this vulnerability is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be launched remotely.

CVSS 8.8

View Code

CVE-2025-8137 WRITEUP HIGH WRITEUP

TOTOLINK A702R 4.0.0-B20230721.1521 - Buffer Overflow via HTTP POST Request Handler

A vulnerability has been found in TOTOLINK A702R 4.0.0-B20230721.1521 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formIpQoS of the component HTTP POST Request Handler. The manipulation of the argument mac leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS 8.8

View Code

CVE-2025-8138 WRITEUP HIGH WORKING POC

TOTOLINK A702R 4.0.0-B20230721.1521 - Buffer Overflow via formOneKeyAccessButton submit-url Parameter

A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formOneKeyAccessButton of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS 8.8

View Code

CVE-2025-8139 WRITEUP HIGH WORKING POC

TOTOLINK A702R 4.0.0-B20230721.1521 - Buffer Overflow via formPortFw service_type Parameter

A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521. It has been classified as critical. This affects an unknown part of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_type leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS 8.8

View Code

CVE-2025-8140 WRITEUP HIGH WRITEUP

TOTOLINK A702R 4.0.0-B20230721.1521 - Buffer Overflow via formWlanMultipleAP HTTP POST Request Handler

A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521. It has been declared as critical. This vulnerability affects unknown code of the file /boafrm/formWlanMultipleAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS 8.8

View Code

CVE-2025-8242 WRITEUP HIGH WRITEUP

TOTOLINK X15 1.0.0-B20230714.1105 - Buffer Overflow via HTTP POST Request Handler

A vulnerability has been found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation of the argument ip6addr/url/vpnPassword/vpnUser leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS 8.8

View Code

CVE-2025-8243 WRITEUP HIGH WRITEUP

TOTOLINK X15 1.0.0-B20230714.1105 - Buffer Overflow via devicemac1 Parameter

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This issue affects some unknown processing of the file /boafrm/formMapDel of the component HTTP POST Request Handler. The manipulation of the argument devicemac1 leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS 8.8

View Code

CVE-2025-8244 WRITEUP HIGH WORKING POC

TOTOLINK X15 1.0.0-B20230714.1105 - Buffer Overflow via formMapDelDevice macstr Parameter

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. Affected is an unknown function of the file /boafrm/formMapDelDevice of the component HTTP POST Request Handler. The manipulation of the argument macstr leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS 8.8

View Code

CVE-2025-8245 WRITEUP HIGH WRITEUP

TOTOLINK X15 1.0.0-B20230714.1105 - Buffer Overflow via formMultiAPVLAN submit-url Parameter

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMultiAPVLAN of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS 8.8

View Code