z1r00

59 exploits Active since Aug 2022
CVE-2022-36619 WRITEUP HIGH WRITEUP
D-Link DIR-816 A2_v1.10CNB04 - Unauthenticated Network Reset via setMAC Endpoint
In D-link DIR-816 A2_v1.10CNB04.img,the network can be reset without authentication via /goform/setMAC.
CVSS 7.5
CVE-2022-36620 WRITEUP HIGH WORKING POC
D-Link DIR-816 A2_v1.10CNB04 and DIR-878 - Buffer Overflow via addRouting Endpoint
D-link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img is vulnerable to Buffer Overflow via /goform/addRouting.
CVSS 7.5
CVE-2022-37123 WRITEUP HIGH WORKING POC
D-Link DIR-816 Firmware - OS Command Injection via form2userconfig.cgi
D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/form2userconfig.cgi.
CVSS 8.8
CVE-2022-37128 WRITEUP CRITICAL WRITEUP
D-Link DIR-816 A2_v1.10CNB04.img - Unauthenticated Network Initialization via /goform/wizard_end
In D-Link DIR-816 A2_v1.10CNB04.img the network can be initialized without authentication via /goform/wizard_end.
CVSS 9.8
CVE-2022-37129 WRITEUP HIGH WRITEUP
D-Link DIR-816 A2_v1.10CNB04 - OS Command Injection via SystemCommand Endpoint
D-Link DIR-816 A2_v1.10CNB04.img is vulnerable to Command Injection via /goform/SystemCommand. After the user passes in the command parameter, it will be spliced into byte_4836B0 by snprintf, and finally doSystem(&byte_4836B0); will be executed, resulting in a command injection.
CVSS 8.8
CVE-2022-37130 WRITEUP CRITICAL WRITEUP
D-Link DIR-816 A2_v1.10CNB04 and DIR-878 DIR_878_FW1.30B08 - OS Command Injection via Diagnosis Endpoint
In D-Link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img a command injection vulnerability occurs in /goform/Diagnosis, after the condition is met, setnum will be spliced into v10 by snprintf, and the system will be executed, resulting in a command injection vulnerability
CVSS 9.8
CVE-2022-37133 WRITEUP HIGH WRITEUP
D-Link DIR-816 A2_v1.10CNB04 - Unauthenticated Denial of Service via doReboot Endpoint
D-link DIR-816 A2_v1.10CNB04.img reboots the router without authentication via /goform/doReboot. No authentication is required, and reboot is executed when the function returns at the end.
CVSS 7.5
CVE-2022-37134 WRITEUP CRITICAL WORKING POC
D-Link DIR-816 A2_v1.10CNB04 - Buffer Overflow via form2Wan.cgi l2tp_usrname Parameter
D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Buffer Overflow via /goform/form2Wan.cgi. When wantype is 3, l2tp_usrname will be decrypted by base64, and the result will be stored in v94, which does not check the size of l2tp_usrname, resulting in stack overflow.
CVSS 9.8
CVE-2022-42163 WRITEUP CRITICAL WORKING POC
Tenda AC10 V15.03.06.23 - Stack Overflow via fromNatStaticSetting
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromNatStaticSetting.
CVSS 9.8
CVE-2022-42164 WRITEUP CRITICAL WORKING POC
Tenda AC10 V15.03.06.23 - Stack Overflow via formSetClientState Endpoint
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetClientState.
CVSS 9.8
CVE-2022-42165 WRITEUP CRITICAL WORKING POC
Tenda AC10 V15.03.06.23 - Stack Overflow via formSetDeviceName
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetDeviceName.
CVSS 9.8
CVE-2022-42166 WRITEUP CRITICAL WORKING POC
Tenda AC10 V15.03.06.23 - Stack Overflow via formSetSpeedWan Endpoint
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetSpeedWan.
CVSS 9.8
CVE-2022-42167 WRITEUP CRITICAL WORKING POC
Tenda AC10 V15.03.06.23 - Stack Overflow via formSetFirewallCfg
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetFirewallCfg.
CVSS 9.8
CVE-2022-42168 WRITEUP CRITICAL WORKING POC
Tenda AC10 V15.03.06.23 - Stack Overflow via fromSetIpMacBind Endpoint
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromSetIpMacBind.
CVSS 9.8
CVE-2022-42169 WRITEUP CRITICAL WORKING POC
Tenda AC10 V15.03.06.23 - Stack Overflow via addWifiMacFilter Endpoint
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/addWifiMacFilter.
CVSS 9.8
CVE-2022-42170 WRITEUP CRITICAL WORKING POC
Tenda AC10 V15.03.06.23 - Stack Overflow via formWifiWpsStart Endpoint
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formWifiWpsStart.
CVSS 9.8
CVE-2022-42171 WRITEUP CRITICAL WORKING POC
Tenda AC10 V15.03.06.23 - Stack Overflow via saveParentControlInfo
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/saveParentControlInfo.
CVSS 9.8
CVE-2022-44931 WRITEUP HIGH WORKING POC
Tenda A18 v15.13.07.09 - Stack Overflow via security_5g Parameter
Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the security_5g parameter at /goform/WifiBasicSet.
CVSS 7.5
CVE-2022-44932 WRITEUP HIGH WORKING POC
Tenda A18 v15.13.07.09 - Unauthenticated Telnet Service Access
An access control issue in Tenda A18 v15.13.07.09 allows unauthenticated attackers to access the Telnet service.
CVSS 7.5
CVE-2022-45497 WRITEUP CRITICAL WORKING POC
Tenda W6-S v1.0.0.4(510) - OS Command Injection via tpi_get_ping_output Function
Tenda W6-S v1.0.0.4(510) was discovered to contain a command injection vulnerability in the tpi_get_ping_output function at /goform/exeCommand.
CVSS 9.8
CVE-2022-45498 WRITEUP HIGH WORKING POC
Tenda W6-S v1.0.0.4(510) - Unauthenticated Denial of Service via SysToolReboot Endpoint
An issue in the component tpi_systool_handle(0) (/goform/SysToolReboot) of Tenda W6-S v1.0.0.4(510) allows unauthenticated attackers to arbitrarily reboot the device.
CVSS 7.5
CVE-2022-45499 WRITEUP HIGH WORKING POC
Tenda W6-S v1.0.0.4(510) - Stack Overflow via wl_radio Parameter
Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /goform/WifiMacFilterGet.
CVSS 7.5
CVE-2022-45501 WRITEUP HIGH WORKING POC
Tenda W6-S v1.0.0.4(510) - Stack Overflow via wl_radio Parameter
Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /goform/wifiSSIDset.
CVSS 7.5
CVE-2022-45503 WRITEUP HIGH WORKING POC
Tenda W6-S v1.0.0.4(510) - Stack Overflow via linkEn Parameter
Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the linkEn parameter at /goform/setAutoPing.
CVSS 7.5
CVE-2022-45504 WRITEUP HIGH WORKING POC
Tenda W6-S v1.0.0.4(510) - Unauthenticated Denial of Service via SysToolRestoreSet
An issue in the component tpi_systool_handle(0) (/goform/SysToolRestoreSet) of Tenda W6-S v1.0.0.4(510) allows unauthenticated attackers to arbitrarily reboot the device.
CVSS 7.5