z1r00

59 exploits Active since Aug 2022
CVE-2022-36619 WRITEUP HIGH WRITEUP
Dlink Dir-816 Firmware - Missing Authentication
In D-link DIR-816 A2_v1.10CNB04.img,the network can be reset without authentication via /goform/setMAC.
CVSS 7.5
CVE-2022-36620 WRITEUP HIGH WORKING POC
Dlink Dir-816 Firmware - Buffer Overflow
D-link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img is vulnerable to Buffer Overflow via /goform/addRouting.
CVSS 7.5
CVE-2022-37123 WRITEUP HIGH WORKING POC
Dlink Dir-816 Firmware - OS Command Injection
D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/form2userconfig.cgi.
CVSS 8.8
CVE-2022-37128 WRITEUP CRITICAL WRITEUP
D-Link DIR-816 A2 - DoS
In D-Link DIR-816 A2_v1.10CNB04.img the network can be initialized without authentication via /goform/wizard_end.
CVSS 9.8
CVE-2022-37129 WRITEUP HIGH WRITEUP
Dlink Dir-816 Firmware - OS Command Injection
D-Link DIR-816 A2_v1.10CNB04.img is vulnerable to Command Injection via /goform/SystemCommand. After the user passes in the command parameter, it will be spliced into byte_4836B0 by snprintf, and finally doSystem(&byte_4836B0); will be executed, resulting in a command injection.
CVSS 8.8
CVE-2022-37130 WRITEUP CRITICAL WRITEUP
Dlink Dir-816 Firmware - OS Command Injection
In D-Link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img a command injection vulnerability occurs in /goform/Diagnosis, after the condition is met, setnum will be spliced into v10 by snprintf, and the system will be executed, resulting in a command injection vulnerability
CVSS 9.8
CVE-2022-37133 WRITEUP HIGH WRITEUP
Dlink Dir-816 Firmware - Improper Resource Release
D-link DIR-816 A2_v1.10CNB04.img reboots the router without authentication via /goform/doReboot. No authentication is required, and reboot is executed when the function returns at the end.
CVSS 7.5
CVE-2022-37134 WRITEUP CRITICAL WORKING POC
Dlink Dir-816 Firmware - Buffer Overflow
D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Buffer Overflow via /goform/form2Wan.cgi. When wantype is 3, l2tp_usrname will be decrypted by base64, and the result will be stored in v94, which does not check the size of l2tp_usrname, resulting in stack overflow.
CVSS 9.8
CVE-2022-42163 WRITEUP CRITICAL WORKING POC
Tenda Ac10 Firmware - Out-of-Bounds Write
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromNatStaticSetting.
CVSS 9.8
CVE-2022-42164 WRITEUP CRITICAL WORKING POC
Tenda Ac10 Firmware - Out-of-Bounds Write
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetClientState.
CVSS 9.8
CVE-2022-42165 WRITEUP CRITICAL WORKING POC
Tenda Ac10 Firmware - Out-of-Bounds Write
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetDeviceName.
CVSS 9.8
CVE-2022-42166 WRITEUP CRITICAL WORKING POC
Tenda Ac10 Firmware - Out-of-Bounds Write
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetSpeedWan.
CVSS 9.8
CVE-2022-42167 WRITEUP CRITICAL WORKING POC
Tenda Ac10 Firmware - Out-of-Bounds Write
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetFirewallCfg.
CVSS 9.8
CVE-2022-42168 WRITEUP CRITICAL WORKING POC
Tenda Ac10 Firmware - Out-of-Bounds Write
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromSetIpMacBind.
CVSS 9.8
CVE-2022-42169 WRITEUP CRITICAL WORKING POC
Tenda Ac10 Firmware - Out-of-Bounds Write
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/addWifiMacFilter.
CVSS 9.8
CVE-2022-42170 WRITEUP CRITICAL WORKING POC
Tenda Ac10 Firmware - Out-of-Bounds Write
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formWifiWpsStart.
CVSS 9.8
CVE-2022-42171 WRITEUP CRITICAL WORKING POC
Tenda Ac10 Firmware - Out-of-Bounds Write
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/saveParentControlInfo.
CVSS 9.8
CVE-2022-44931 WRITEUP HIGH WORKING POC
Tenda A18 Firmware - Out-of-Bounds Write
Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the security_5g parameter at /goform/WifiBasicSet.
CVSS 7.5
CVE-2022-44932 WRITEUP HIGH WORKING POC
Tenda A18 Firmware - Improper Access Control
An access control issue in Tenda A18 v15.13.07.09 allows unauthenticated attackers to access the Telnet service.
CVSS 7.5
CVE-2022-45497 WRITEUP CRITICAL WORKING POC
Tenda W6-s Firmware - OS Command Injection
Tenda W6-S v1.0.0.4(510) was discovered to contain a command injection vulnerability in the tpi_get_ping_output function at /goform/exeCommand.
CVSS 9.8
CVE-2022-45498 WRITEUP HIGH WORKING POC
Tenda W6-s Firmware - Missing Authentication
An issue in the component tpi_systool_handle(0) (/goform/SysToolReboot) of Tenda W6-S v1.0.0.4(510) allows unauthenticated attackers to arbitrarily reboot the device.
CVSS 7.5
CVE-2022-45499 WRITEUP HIGH WORKING POC
Tenda W6-s Firmware - Out-of-Bounds Write
Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /goform/WifiMacFilterGet.
CVSS 7.5
CVE-2022-45501 WRITEUP HIGH WORKING POC
Tenda W6-s Firmware - Out-of-Bounds Write
Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /goform/wifiSSIDset.
CVSS 7.5
CVE-2022-45503 WRITEUP HIGH WORKING POC
Tenda W6-s Firmware - Out-of-Bounds Write
Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the linkEn parameter at /goform/setAutoPing.
CVSS 7.5
CVE-2022-45504 WRITEUP HIGH WORKING POC
Tenda W6-s Firmware - Missing Authentication
An issue in the component tpi_systool_handle(0) (/goform/SysToolRestoreSet) of Tenda W6-S v1.0.0.4(510) allows unauthenticated attackers to arbitrarily reboot the device.
CVSS 7.5