xxy1126

27 exploits Active since Aug 2022
CVE-2022-38555 WRITEUP CRITICAL WRITEUP
Linksys E1200 v1.0.04 - Buffer Overflow
Linksys E1200 v1.0.04 is vulnerable to Buffer Overflow via ej_get_web_page_name.
CVSS 9.8
CVE-2022-38556 WRITEUP CRITICAL WRITEUP
Trendnet TEW733GR v1.03B01 - Info Disclosure
Trendnet TEW733GR v1.03B01 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh.
CVSS 9.8
CVE-2022-38557 WRITEUP CRITICAL WRITEUP
D-Link DIR845L <1.03 - Info Disclosure
D-Link DIR845L v1.00-v1.03 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh.
CVSS 9.8
CVE-2022-38562 WRITEUP HIGH WORKING POC
Tenda M3 V1.0.0.12 - Buffer Overflow
Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability allows attackers to cause a Denial of Service (DoS) via the lan parameter.
CVSS 7.5
CVE-2022-38563 WRITEUP HIGH WRITEUP
Tenda M3 V1.0.0.12 - Buffer Overflow
Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability allows attackers to cause a Denial of Service (DoS) via the MACAddr parameter.
CVSS 7.5
CVE-2022-38564 WRITEUP HIGH WRITEUP
Tenda M3 V1.0.0.12 - Buffer Overflow
Tenda M3 V1.0.0.12(4856) was discovered to contain a buffer overflow vulnerability in the function formSetPicListItem. This vulnerability allows attackers to cause a Denial of Service (DoS) via the adItemUID parameter.
CVSS 7.5
CVE-2022-38565 WRITEUP HIGH WRITEUP
Tenda M3 V1.0.0.12 - Buffer Overflow
Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formEmailTest. This vulnerability allows attackers to cause a Denial of Service (DoS) via the mailpwd parameter.
CVSS 7.5
CVE-2022-38566 WRITEUP HIGH WRITEUP
Tenda M3 V1.0.0.12 - Buffer Overflow
Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formEmailTest. This vulnerability allows attackers to cause a Denial of Service (DoS) via the mailname parameter.
CVSS 7.5
CVE-2022-38567 WRITEUP HIGH WRITEUP
Tenda M3 V1.0.0.12 - DoS
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow vulnerability in the function formSetAdConfigInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the authIPs parameter.
CVSS 7.5
CVE-2022-38568 WRITEUP HIGH WRITEUP
Tenda M3 V1.0.0.12 - Buffer Overflow
Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability allows attackers to cause a Denial of Service (DoS) via the hostname parameter.
CVSS 7.5
CVE-2022-38569 WRITEUP HIGH WORKING POC
Tenda M3 V1.0.0.12 - Buffer Overflow
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow in the function formDelAd.
CVSS 7.5
CVE-2022-38570 WRITEUP HIGH WORKING POC
Tenda M3 V1.0.0.12 - DoS
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow in the function formDelPushedAd. This vulnerability allows attackers to cause a Denial of Service (DoS) via the adPushUID parameter.
CVSS 7.5
CVE-2022-38571 WRITEUP HIGH WORKING POC
Tenda M3 V1.0.0.12 - Buffer Overflow
Tenda M3 V1.0.0.12(4856) was discovered to contain a buffer overflow in the function formSetGuideListItem.
CVSS 7.5
CVE-2022-40067 WRITEUP HIGH WRITEUP
Tenda Ac21 Firmware - Out-of-Bounds Write
Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: formSetVirtualSer.
CVSS 7.5
CVE-2022-40068 WRITEUP HIGH WRITEUP
Tenda Ac21 Firmware - Out-of-Bounds Write
Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: formSetQosBand.
CVSS 7.5
CVE-2022-40069 WRITEUP HIGH WORKING POC
Tenda Ac21 Firmware - Out-of-Bounds Write
]Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: fromSetSysTime.
CVSS 7.5
CVE-2022-40070 WRITEUP HIGH WORKING POC
Tenda Ac21 Firmware - Out-of-Bounds Write
Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via bin/httpd, function: formSetFirewallCfg.
CVSS 7.5
CVE-2022-40071 WRITEUP HIGH WORKING POC
Tenda Ac21 Firmware - Out-of-Bounds Write
Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, formSetDeviceName.
CVSS 7.5
CVE-2022-40072 WRITEUP HIGH WORKING POC
Tenda Ac21 Firmware - Out-of-Bounds Write
Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: setSmartPowerManagement.
CVSS 7.5
CVE-2022-40073 WRITEUP HIGH WRITEUP
Tenda Ac21 Firmware - Out-of-Bounds Write
Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, saveParentControlInfo.
CVSS 7.5
CVE-2022-40074 WRITEUP HIGH WORKING POC
Tenda Ac21 Firmware - Out-of-Bounds Write
Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, setSchedWifi.
CVSS 7.5
CVE-2022-40075 WRITEUP HIGH WRITEUP
Tenda Ac21 Firmware - Out-of-Bounds Write
Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, form_fast_setting_wifi_set.
CVSS 7.5
CVE-2022-40076 WRITEUP HIGH WORKING POC
Tenda Ac21 Firmware - Out-of-Bounds Write
Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: fromSetWifiGusetBasic.
CVSS 7.5
CVE-2023-1009 WRITEUP MEDIUM WRITEUP
Draytek Vigor2960 Firmware - Path Traversal
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. Affected is the function sub_1DF14 of the file /cgi-bin/mainfunction.cgi of the component Web Management Interface. The manipulation of the argument option with the input /../etc/passwd- leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221742 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 6.5
CVE-2023-1162 WRITEUP HIGH WRITEUP
Draytek Vigor 2960 Firmware - Command Injection
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. Affected is an unknown function of the file mainfunction.cgi of the component Web Management Interface. The manipulation of the argument password leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222258 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 7.2