xxricardoxkk

10 exploits Active since Aug 2025
CVE-2025-9605 WRITEUP CRITICAL WRITEUP
Tenda AC21-AC23 16.03.08.16 - Buffer Overflow
A security vulnerability has been detected in Tenda AC21 and AC23 16.03.08.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. Such manipulation of the argument mac leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
CVSS 9.8
CVE-2025-57577 WRITEUP HIGH WRITEUP
H3C Device R365V300R004 - Remote Code Execution via Default Password
An issue in H3C Device R365V300R004 allows a remote attacker to execute arbitrary code via the default password. NOTE: the Supplier's position is that their "product lines enforce or clearly prompt users to change any initial credentials upon first use. At most, this would be a case of misconfiguration if an administrator deliberately ignored the prompts, which is outside the scope of CVE definitions."
CVSS 8.0
CVE-2025-57578 WRITEUP HIGH WRITEUP
H3C Magic M Device M2V100R006 - Remote Code Execution via Default Password
An issue in H3C Magic M Device M2V100R006 allows a remote attacker to execute arbitrary code via the default password
CVSS 8.0
CVE-2025-57579 WRITEUP HIGH WRITEUP
TOTOLINK X2000R-Gh-V2.0.0 - Remote Code Execution via Default Password
An issue in TOTOLINK Wi-Fi 6 Router Series Device X2000R-Gh-V2.0.0 allows a remote attacker to execute arbitrary code via the default password
CVSS 8.0
CVE-2025-9309 WRITEUP LOW WRITEUP
Tenda AC10 16.03.10.13 - Info Disclosure
A vulnerability was found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /etc_ro/shadow of the component MD5 Hash Handler. Performing manipulation results in hard-coded credentials. The attack needs to be approached locally. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The exploit has been made public and could be used.
CVSS 2.5
CVE-2025-9523 WRITEUP CRITICAL WRITEUP
Tenda AC1206 15.03.06.23 - Buffer Overflow
A vulnerability was detected in Tenda AC1206 15.03.06.23. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used.
CVSS 9.8
CVE-2025-9576 WRITEUP LOW WRITEUP
seeedstudio ReSpeaker LinkIt7688 - Default Credentials
A vulnerability was identified in seeedstudio ReSpeaker LinkIt7688. Impacted is an unknown function of the file /etc/shadow of the component Administrative Interface. The manipulation leads to use of default credentials. An attack has to be approached locally. A high degree of complexity is needed for the attack. The exploitability is considered difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 2.5
CVE-2025-9577 WRITEUP LOW WRITEUP
TOTOLINK X2000R <2.0.0 - Use After Free
A security flaw has been discovered in TOTOLINK X2000R up to 2.0.0. The affected element is an unknown function of the file /etc/shadow.sample of the component Administrative Interface. The manipulation results in use of default credentials. Attacking locally is a requirement. Attacks of this nature are highly complex. The exploitability is described as difficult. The exploit has been released to the public and may be exploited.
CVSS 2.5
CVE-2025-9605 WRITEUP CRITICAL WRITEUP
Tenda AC21-AC23 16.03.08.16 - Buffer Overflow
A security vulnerability has been detected in Tenda AC21 and AC23 16.03.08.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. Such manipulation of the argument mac leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
CVSS 9.8
CVE-2025-9725 WRITEUP LOW WRITEUP
Cudy LT500E <2.3.12 - Use of Hard-Coded Password
A vulnerability was identified in Cudy LT500E up to 2.3.12. Affected is an unknown function of the file /squashfs-root/etc/shadow of the component Web Interface. The manipulation leads to use of hard-coded password. The attack must be carried out locally. The attack's complexity is rated as high. The exploitability is told to be difficult. The exploit is publicly available and might be used. Upgrading to version 2.3.13 is able to address this issue. It is recommended to upgrade the affected component. The vendor explains: "[T]he firmware does store a default password of 'admin'. This password has been deprecated since LT500E firmware version 2.3.13 and is no longer used. The LT500E does not have an administrator password set by default; a new password (at least 8 characters ) must be manually created upon first login the web management page."
CVSS 2.5