physicszq

4 exploits Active since Oct 2024
CVE-2024-10434 WRITEUP HIGH WORKING POC
Tenda Ac1206 Firmware < 2024-10-27 - Out-of-Bounds Write
A vulnerability was found in Tenda AC1206 up to 20241027. It has been classified as critical. This affects the function ate_Tenda_mfg_check_usb/ate_Tenda_mfg_check_usb3 of the file /goform/ate. The manipulation of the argument arg leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 8.8
CVE-2024-12988 WRITEUP HIGH WORKING POC
Netgear R6900p Firmware - Out-of-Bounds Write
A vulnerability has been found in Netgear R6900P and R7000P 1.3.3.154 and classified as critical. Affected by this vulnerability is the function sub_16C4C of the component HTTP Header Handler. The manipulation of the argument Host leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 7.3
CVE-2025-9748 WRITEUP HIGH WORKING POC
Tenda Ch22 Firmware - Out-of-Bounds Write
A vulnerability was determined in Tenda CH22 1.0.0.1. Affected by this issue is the function fromIpsecitem of the file /goform/IPSECsave of the component httpd. Executing manipulation of the argument ipsecno can lead to stack-based buffer overflow. The attack may be performed from remote.
CVSS 8.8
CVE-2026-2000 WRITEUP MEDIUM WORKING POC
DCN DCME-320 <20260121 - Command Injection
A vulnerability was found in DCN DCME-320 up to 20260121. Impacted is the function apply_config of the file /function/system/basic/bridge_cfg.php of the component Web Management Backend. Performing a manipulation of the argument ip_list results in command injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 4.7