xubeining - Security Researcher - Exploit Intelligence Platform

CVE-2025-44175 WRITEUP MEDIUM WRITEUP

Tenda Ac10 Firmware - Buffer Overflow

Tenda AC10 v4 V16.03.10.13 is vulnerable to Buffer Overflow in the GetParentControlInfo function.

CVSS 5.4

View Code

CVE-2025-44176 WRITEUP MEDIUM WORKING POC

Tenda Fh451 Firmware - Command Injection

Tenda FH451 V1.0.0.9 is vulnerable to Remote Code Execution in the formSafeEmailFilter function.

CVSS 6.5

View Code

CVE-2025-4867 WRITEUP MEDIUM WORKING POC

Tenda A15 Firmware - Improper Resource Release

A vulnerability was found in Tenda A15 15.13.07.13. It has been declared as problematic. Affected by this vulnerability is the function formArpNerworkSet of the file /goform/ArpNerworkSet. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS 6.5

View Code

CVE-2025-5080 WRITEUP HIGH WORKING POC

Tenda FH451 1.0.0.9 - Buffer Overflow

A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. Affected is the function webExcptypemanFilter of the file /goform/webExcptypemanFilter. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS 8.8

View Code

CVE-2025-5228 WRITEUP HIGH WORKING POC

Dlink Di-8100 Firmware < 20250523 - Memory Corruption

A vulnerability was found in D-Link DI-8100 up to 20250523. It has been classified as critical. Affected is the function httpd_get_parm of the file /login.cgi of the component jhttpd. The manipulation of the argument notify leads to stack-based buffer overflow. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used.

CVSS 8.8

View Code

CVE-2025-5619 WRITEUP HIGH WORKING POC

Tenda Ch22 Firmware - Out-of-Bounds Write

A vulnerability, which was classified as critical, has been found in Tenda CH22 1.0.0.1. This issue affects the function formaddUserName of the file /goform/addUserName. The manipulation of the argument Password leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS 8.8

View Code

CVE-2025-5685 WRITEUP HIGH WORKING POC

Tenda Ch22 Firmware - Out-of-Bounds Write

A vulnerability, which was classified as critical, was found in Tenda CH22 1.0.0.1. This affects the function formNatlimit of the file /goform/Natlimit. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS 8.8

View Code