physicszq

5 exploits Active since Oct 2024
CVE-2025-9745 WRITEUP MEDIUM WORKING POC
D-Link DI-500WF 14.04.10A1T - Code Injection
A security vulnerability has been detected in D-Link DI-500WF 14.04.10A1T. The impacted element is an unknown function of the file /version_upgrade.asp of the component jhttpd. The manipulation of the argument path leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
CVSS 4.7
CVE-2024-10434 WRITEUP HIGH WORKING POC
Tenda AC1206 Firmware < 2024-10-27 - Stack-based Buffer Overflow via ate_Tenda_mfg_check_usb Argument
A vulnerability was found in Tenda AC1206 up to 20241027. It has been classified as critical. This affects the function ate_Tenda_mfg_check_usb/ate_Tenda_mfg_check_usb3 of the file /goform/ate. The manipulation of the argument arg leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 8.8
CVE-2024-12988 WRITEUP HIGH WORKING POC
Netgear R6900P and R7000P 1.3.3.154 - Buffer Overflow in HTTP Header Handler
A vulnerability has been found in Netgear R6900P and R7000P 1.3.3.154 and classified as critical. Affected by this vulnerability is the function sub_16C4C of the component HTTP Header Handler. The manipulation of the argument Host leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 7.3
CVE-2025-9748 WRITEUP HIGH WORKING POC
Tenda CH22 1.0.0.1 - Stack-based Buffer Overflow via IPSECsave ipsecno Parameter
A vulnerability was determined in Tenda CH22 1.0.0.1. Affected by this issue is the function fromIpsecitem of the file /goform/IPSECsave of the component httpd. Executing manipulation of the argument ipsecno can lead to stack-based buffer overflow. The attack may be performed from remote.
CVSS 8.8
CVE-2026-2000 WRITEUP MEDIUM WORKING POC
DCN DCME-320 <20260121 - Command Injection
A vulnerability was found in DCN DCME-320 up to 20260121. Impacted is the function apply_config of the file /function/system/basic/bridge_cfg.php of the component Web Management Backend. Performing a manipulation of the argument ip_list results in command injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 4.7