Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2011-10005

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-16 Jan, 2024 | 08:00
Updated At-02 Jun, 2025 | 15:11
Rejected At-
Credits

EasyFTP MKD Command buffer overflow

A vulnerability, which was classified as critical, was found in EasyFTP 1.7.0.2. Affected is an unknown function of the component MKD Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250716.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:16 Jan, 2024 | 08:00
Updated At:02 Jun, 2025 | 15:11
Rejected At:
▼CVE Numbering Authority (CNA)
EasyFTP MKD Command buffer overflow

A vulnerability, which was classified as critical, was found in EasyFTP 1.7.0.2. Affected is an unknown function of the component MKD Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250716.

Affected Products
Vendor
n/a
Product
EasyFTP
Modules
  • MKD Command Handler
Versions
Affected
  • 1.7.0.2
Problem Types
TypeCWE IDDescription
CWECWE-120CWE-120 Buffer Overflow
Type: CWE
CWE ID: CWE-120
Description: CWE-120 Buffer Overflow
Metrics
VersionBase scoreBase severityVector
3.16.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3.06.3MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2.06.5N/A
AV:N/AC:L/Au:S/C:P/I:P/A:P
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Version: 3.0
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Version: 2.0
Base score: 6.5
Base severity: N/A
Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Advisory disclosed2011-06-01 00:00:00
VulDB entry created2024-01-14 01:00:00
VulDB entry last update2024-01-14 20:10:58
Event: Advisory disclosed
Date: 2011-06-01 00:00:00
Event: VulDB entry created
Date: 2024-01-14 01:00:00
Event: VulDB entry last update
Date: 2024-01-14 20:10:58
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.250716
vdb-entry
https://vuldb.com/?ctiid.250716
signature
permissions-required
https://www.exploit-db.com/exploits/17354
exploit
Hyperlink: https://vuldb.com/?id.250716
Resource:
vdb-entry
Hyperlink: https://vuldb.com/?ctiid.250716
Resource:
signature
permissions-required
Hyperlink: https://www.exploit-db.com/exploits/17354
Resource:
exploit
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.250716
vdb-entry
x_transferred
https://vuldb.com/?ctiid.250716
signature
permissions-required
x_transferred
https://www.exploit-db.com/exploits/17354
exploit
x_transferred
Hyperlink: https://vuldb.com/?id.250716
Resource:
vdb-entry
x_transferred
Hyperlink: https://vuldb.com/?ctiid.250716
Resource:
signature
permissions-required
x_transferred
Hyperlink: https://www.exploit-db.com/exploits/17354
Resource:
exploit
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:16 Jan, 2024 | 08:15
Updated At:17 May, 2024 | 00:49

A vulnerability, which was classified as critical, was found in EasyFTP 1.7.0.2. Affected is an unknown function of the component MKD Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250716.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.16.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Secondary2.06.5MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Type: Secondary
Version: 2.0
Base score: 6.5
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P
CPE Matches
easyftp_server_project
easyftp_server_project
>>easyftp_server>>1.7.0.2
cpe:2.3:a:easyftp_server_project:easyftp_server:1.7.0.2:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-120Primarycna@vuldb.com
CWE ID: CWE-120
Type: Primary
Source: cna@vuldb.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://vuldb.com/?ctiid.250716cna@vuldb.com
Permissions Required
Third Party Advisory
https://vuldb.com/?id.250716cna@vuldb.com
Permissions Required
Third Party Advisory
https://www.exploit-db.com/exploits/17354cna@vuldb.com
Exploit
Third Party Advisory
VDB Entry
Hyperlink: https://vuldb.com/?ctiid.250716
Source: cna@vuldb.com
Resource:
Permissions Required
Third Party Advisory
Hyperlink: https://vuldb.com/?id.250716
Source: cna@vuldb.com
Resource:
Permissions Required
Third Party Advisory
Hyperlink: https://www.exploit-db.com/exploits/17354
Source: cna@vuldb.com
Resource:
Exploit
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

521Records found
CVE-2025-5901
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.43% / 61.76%
||
7 Day CHG~0.00%
Published-09 Jun, 2025 | 22:31
Updated-16 Jun, 2025 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK T10 POST Request cstecgi.cgi UploadCustomModule buffer overflow

A vulnerability has been found in TOTOLINK T10 4.1.8cu.5207 and classified as critical. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument File leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-t10t10_firmwareT10
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-42273
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-8.1||HIGH
EPSS-0.57% / 68.10%
||
7 Day CHG~0.00%
Published-12 Jan, 2023 | 22:17
Updated-07 Apr, 2025 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA BMC contains a vulnerability in libwebsocket, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_a100_firmwaredgx_a100NVIDIA DGX servers
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5910
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.28% / 51.43%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 02:00
Updated-16 Jun, 2025 | 17:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK EX1200T HTTP POST Request formWsc buffer overflow

A vulnerability has been found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formWsc of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-ex1200tex1200t_firmwareEX1200T
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-4116
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.24% / 47.44%
||
7 Day CHG+0.02%
Published-30 Apr, 2025 | 12:31
Updated-16 May, 2025 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netgear JWNR2000v2 get_cur_lang_ver buffer overflow

A vulnerability, which was classified as critical, has been found in Netgear JWNR2000v2 1.0.0.11. Affected by this issue is the function get_cur_lang_ver. The manipulation of the argument host leads to buffer overflow. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-jwnr2000jwnr2000_firmwareJWNR2000v2
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5905
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.43% / 62.02%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 00:00
Updated-16 Jun, 2025 | 14:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK T10 POST Request cstecgi.cgi setWiFiRepeaterCfg buffer overflow

A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been rated as critical. Affected by this issue is the function setWiFiRepeaterCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument Password leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-t10t10_firmwareT10
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5862
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.20% / 41.89%
||
7 Day CHG~0.00%
Published-09 Jun, 2025 | 05:00
Updated-09 Jun, 2025 | 19:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC7 setPptpUserList formSetPPTPUserList buffer overflow

A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. This issue affects the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac7ac7_firmwareAC7
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5911
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.28% / 51.43%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 02:31
Updated-16 Jun, 2025 | 17:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK EX1200T HTTP POST Request formDMZ buffer overflow

A vulnerability was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formDMZ of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-ex1200tex1200t_firmwareEX1200T
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5902
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.43% / 62.02%
||
7 Day CHG~0.00%
Published-09 Jun, 2025 | 23:00
Updated-16 Jun, 2025 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK T10 POST Request cstecgi.cgi setUpgradeFW buffer overflow

A vulnerability was found in TOTOLINK T10 4.1.8cu.5207 and classified as critical. This issue affects the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument slaveIpList leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-t10t10_firmwareT10
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5850
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.21% / 43.09%
||
7 Day CHG~0.00%
Published-08 Jun, 2025 | 23:00
Updated-09 Jun, 2025 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC15 HTTP POST Request SetLEDCf formsetschedled buffer overflow

A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been declared as critical. This vulnerability affects the function formsetschedled of the file /goform/SetLEDCf of the component HTTP POST Request Handler. The manipulation of the argument Time leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac15_firmwareac15AC15
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5848
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.14% / 34.01%
||
7 Day CHG~0.00%
Published-08 Jun, 2025 | 22:00
Updated-09 Jun, 2025 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC15 HTTP POST Request setPptpUserList formSetPPTPUserList buffer overflow

A vulnerability was found in Tenda AC15 15.03.05.19_multi and classified as critical. Affected by this issue is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component HTTP POST Request Handler. The manipulation of the argument list leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac15_firmwareac15AC15
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5861
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.26% / 48.88%
||
7 Day CHG~0.00%
Published-09 Jun, 2025 | 04:31
Updated-09 Jun, 2025 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC7 AdvSetLanip fromadvsetlanip buffer overflow

A vulnerability has been found in Tenda AC7 15.03.06.44 and classified as critical. This vulnerability affects the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac7ac7_firmwareAC7
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5907
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.43% / 62.02%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 00:31
Updated-16 Jun, 2025 | 17:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK EX1200T HTTP POST Request formFilter buffer overflow

A vulnerability classified as critical was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713. This vulnerability affects unknown code of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-ex1200tex1200t_firmwareEX1200T
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5839
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.14% / 34.01%
||
7 Day CHG~0.00%
Published-07 Jun, 2025 | 17:31
Updated-09 Jun, 2025 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC9 POST Request AdvSetLanip fromadvsetlanip buffer overflow

A vulnerability, which was classified as critical, has been found in Tenda AC9 15.03.02.13. Affected by this issue is the function fromadvsetlanip of the file /goform/AdvSetLanip of the component POST Request Handler. The manipulation of the argument lanMask leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac9_firmwareac9AC9
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5854
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.14% / 34.01%
||
7 Day CHG~0.00%
Published-09 Jun, 2025 | 01:00
Updated-09 Jun, 2025 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC6 AdvSetLanip fromadvsetlanip buffer overflow

A vulnerability, which was classified as critical, has been found in Tenda AC6 15.03.05.16. Affected by this issue is the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac6ac6_firmwareAC6
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5908
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.28% / 51.43%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 01:00
Updated-16 Jun, 2025 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK EX1200T HTTP POST Request formIpQoS buffer overflow

A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713. This issue affects some unknown processing of the file /boafrm/formIpQoS of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-ex1200tex1200t_firmwareEX1200T
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5909
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.28% / 51.43%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 01:31
Updated-16 Jun, 2025 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK EX1200T HTTP POST Request formReflashClientTbl buffer overflow

A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formReflashClientTbl of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-ex1200tex1200t_firmwareEX1200T
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5903
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.43% / 62.02%
||
7 Day CHG~0.00%
Published-09 Jun, 2025 | 23:31
Updated-16 Jun, 2025 | 14:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK T10 POST Request cstecgi.cgi setWiFiAclRules buffer overflow

A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been classified as critical. Affected is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument desc leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-t10t10_firmwareT10
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-9499
Matching Score-4
Assigner-Dahua Technologies
ShareView Details
Matching Score-4
Assigner-Dahua Technologies
CVSS Score-7.2||HIGH
EPSS-0.53% / 66.95%
||
7 Day CHG~0.00%
Published-09 Apr, 2020 | 13:19
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Dahua products have buffer overflow vulnerabilities. After the successful login of the legal account, the attacker sends a specific DDNS test command, which may cause the device to go down.

Action-Not Available
Vendor-n/aDahua Technology Co., Ltd
Product-sd50_firmwaresd5a_firmwareipc-hxxx5x4x_firmwaresd1a_firmwareipc-hx2xxx_firmwaren52b5p_firmwaren54a4p_firmwaren52b2p_firmwaren42b1psd6alipc-hx5842hptz1a_firmwaresd52c_firmwareipc-hx7842hsd6al_firmwaresd52cn52b2pn42b1p_firmwaren54b2p_firmwaren52a4p_firmwaren52b3pipc-hx5842h_firmwaren54b2psd5aipc-hx7842h_firmwareptz1an42b3pn54a4pn52b3p_firmwaresd1an52a4pipc-hxxx5x4xn42b2p_firmwaren52b5pn42b2psd50ipc-hx2xxxn42b3p_firmwareIPC-HX2XXX Series,IPC-HXXX5X4X Series,IPC-HX5842H,IPC-HX7842H,NVR 5x Series,NVR 4x Series,SD6AL Series,SD5A Series,SD1A Series,PTZ1A Series,SD50/52C Series
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-30024
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-12.30% / 93.70%
||
7 Day CHG~0.00%
Published-14 Jul, 2022 | 13:41
Updated-03 Aug, 2024 | 06:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow in the httpd daemon on TP-Link TL-WR841N V12 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the System Tools of the Wi-Fi network. This affects TL-WR841 V12 TL-WR841N(EU)_V12_160624 and TL-WR841 V11 TL-WR841N(EU)_V11_160325 , TL-WR841N_V11_150616 and TL-WR841 V10 TL-WR841N_V10_150310 are also affected.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wr841n\(eu\)_firmwaretl-wr841_firmwaretl-wr841n\(eu\)tl-wr841ntl-wr841n_firmwaretl-wr841n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5875
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.25% / 47.81%
||
7 Day CHG~0.00%
Published-09 Jun, 2025 | 11:31
Updated-23 Jun, 2025 | 14:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TP-LINK Technologies TL-IPC544EP-W4 main sub_69064 buffer overflow

A vulnerability classified as critical has been found in TP-LINK Technologies TL-IPC544EP-W4 1.0.9 Build 240428 Rel 69493n. Affected is the function sub_69064 of the file /bin/main. The manipulation of the argument text leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TP-LINK TechnologiesTP-Link Systems Inc.
Product-tl-ipc544ep-w4_firmwaretl-ipc544ep-w4TL-IPC544EP-W4
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5904
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.43% / 62.02%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 00:00
Updated-16 Jun, 2025 | 14:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK T10 POST Request cstecgi.cgi setWiFiMeshName buffer overflow

A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been declared as critical. Affected by this vulnerability is the function setWiFiMeshName of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument device_name leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-t10t10_firmwareT10
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5851
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.14% / 34.01%
||
7 Day CHG~0.00%
Published-08 Jun, 2025 | 23:31
Updated-09 Jun, 2025 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC15 HTTP POST Request AdvSetLanip fromadvsetlanip buffer overflow

A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been rated as critical. This issue affects the function fromadvsetlanip of the file /goform/AdvSetLanip of the component HTTP POST Request Handler. The manipulation of the argument lanMask leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac15_firmwareac15AC15
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5786
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.66% / 70.69%
||
7 Day CHG+0.16%
Published-06 Jun, 2025 | 16:31
Updated-10 Jun, 2025 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK X15 HTTP POST Request formDMZ buffer overflow

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. Affected is an unknown function of the file /boafrm/formDMZ of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-x15x15_firmwareX15
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5734
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.39% / 59.28%
||
7 Day CHG+0.09%
Published-06 Jun, 2025 | 07:31
Updated-09 Jun, 2025 | 13:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK X15 HTTP POST Request formWlanRedirect buffer overflow

A vulnerability has been found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formWlanRedirect of the component HTTP POST Request Handler. The manipulation of the argument redirect-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-X15
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5787
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.66% / 70.69%
||
7 Day CHG+0.16%
Published-06 Jun, 2025 | 16:31
Updated-09 Jun, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK X15 HTTP POST Request formWsc buffer overflow

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formWsc of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-x15x15_firmwareX15
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-7877
Matching Score-4
Assigner-KrCERT/CC
ShareView Details
Matching Score-4
Assigner-KrCERT/CC
CVSS Score-8||HIGH
EPSS-0.53% / 66.75%
||
7 Day CHG~0.00%
Published-07 Sep, 2021 | 11:43
Updated-04 Aug, 2024 | 09:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZOOK solution(remote administration tool) buffer overflow vulnerability

A buffer overflow issue was discovered in ZOOK solution(remote administration tool) through processing 'ConnectMe' command while parsing a crafted OUTERIP value because of missing boundary check. This vulnerability allows the attacker to execute remote arbitrary command.

Action-Not Available
Vendor-mastersoftmastersoftMicrosoft Corporation
Product-zook_viewerwindowszook_agentZOOKAgentSetup.exeZOOKViewer_Setup.exe
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5671
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.22% / 44.04%
||
7 Day CHG+0.05%
Published-05 Jun, 2025 | 17:31
Updated-05 Jun, 2025 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK N302R Plus HTTP POST Request formPortFw buffer overflow

A vulnerability, which was classified as critical, was found in TOTOLINK N302R Plus up to 3.4.0-B20201028. Affected is an unknown function of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_type leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-N302R Plus
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-7862
Matching Score-4
Assigner-KrCERT/CC
ShareView Details
Matching Score-4
Assigner-KrCERT/CC
CVSS Score-7||HIGH
EPSS-0.63% / 69.77%
||
7 Day CHG~0.00%
Published-24 Jun, 2021 | 10:15
Updated-16 Sep, 2024 | 23:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HelpU Overflow Vulnerability

A vulnerability in agent program of HelpU remote control solution could allow an authenticated remote attacker to execute arbitrary commands This vulnerability is due to insufficient input santization when communicating customer process.

Action-Not Available
Vendor-helpuHelpu,inc
Product-helpuftclienthelpuviewerhelpuftserverhelpuserverHelpuFTClient.dllHelpuViewer.exeHelpuFTServer.dllHelpuServer.exe
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5672
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.22% / 44.04%
||
7 Day CHG+0.05%
Published-05 Jun, 2025 | 17:31
Updated-05 Jun, 2025 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK N302R Plus HTTP POST Request formFilter buffer overflow

A vulnerability has been found in TOTOLINK N302R Plus up to 3.4.0-B20201028 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation of the argument url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-N302R Plus
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5736
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.39% / 59.28%
||
7 Day CHG+0.09%
Published-06 Jun, 2025 | 08:00
Updated-06 Jun, 2025 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK X15 HTTP POST Request formNtp buffer overflow

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. Affected is an unknown function of the file /boafrm/formNtp of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-X15
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5789
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.39% / 59.28%
||
7 Day CHG+0.09%
Published-06 Jun, 2025 | 17:31
Updated-09 Jun, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK X15 HTTP POST Request formPortFw buffer overflow

A vulnerability classified as critical has been found in TOTOLINK X15 1.0.0-B20230714.1105. This affects an unknown part of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_type leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-x15x15_firmwareX15
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-13206
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.19% / 40.83%
||
7 Day CHG~0.00%
Published-13 Mar, 2020 | 17:39
Updated-04 Aug, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in multiple parameters of the Document Boxes functionality of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device.

Action-Not Available
Vendor-kyoceran/a
Product-ecosys_m5526cdw_firmwareecosys_m5526cdwn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5785
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.66% / 70.69%
||
7 Day CHG+0.16%
Published-06 Jun, 2025 | 16:00
Updated-10 Jun, 2025 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK X15 HTTP POST Request formWirelessTbl buffer overflow

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This issue affects some unknown processing of the file /boafrm/formWirelessTbl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-x15x15_firmwareX15
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-13196
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.20% / 41.56%
||
7 Day CHG~0.00%
Published-13 Mar, 2020 | 18:11
Updated-04 Aug, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the arg4 and arg9 parameters of several functionalities of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device.

Action-Not Available
Vendor-kyoceran/a
Product-ecosys_m5526cdw_firmwareecosys_m5526cdwn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5795
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.46% / 63.83%
||
7 Day CHG+0.11%
Published-06 Jun, 2025 | 18:31
Updated-09 Jun, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC5 AdvSetLanip fromadvsetlanip buffer overflow

A vulnerability, which was classified as critical, was found in Tenda AC5 1.0/15.03.06.47. This affects the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac5ac5_firmwareAC5
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5629
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.39% / 59.70%
||
7 Day CHG+0.09%
Published-05 Jun, 2025 | 02:00
Updated-06 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC10 HTTP SetPptpServerCfg formSetPPTPServer buffer overflow

A vulnerability, which was classified as critical, was found in Tenda AC10 up to 15.03.06.47. This affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg of the component HTTP Handler. The manipulation of the argument startIp/endIp leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac10_firmwareac10AC10
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5794
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.46% / 63.83%
||
7 Day CHG+0.11%
Published-06 Jun, 2025 | 18:31
Updated-09 Jun, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC5 setPptpUserList formSetPPTPUserList buffer overflow

A vulnerability, which was classified as critical, has been found in Tenda AC5 15.03.06.47. Affected by this issue is the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac5ac5_firmwareAC5
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5792
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.56% / 67.83%
||
7 Day CHG+0.13%
Published-06 Jun, 2025 | 18:00
Updated-12 Jun, 2025 | 16:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK EX1200T HTTP POST Request formWlanRedirect buffer overflow

A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This issue affects some unknown processing of the file /boafrm/formWlanRedirect of the component HTTP POST Request Handler. The manipulation of the argument redirect-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-ex1200t_firmwareex1200tEX1200T
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5788
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.66% / 70.69%
||
7 Day CHG+0.16%
Published-06 Jun, 2025 | 17:00
Updated-09 Jun, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK X15 HTTP POST Request formReflashClientTbl buffer overflow

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boafrm/formReflashClientTbl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-x15x15_firmwareX15
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-11859
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6||MEDIUM
EPSS-0.02% / 3.79%
||
7 Day CHG~0.00%
Published-21 Aug, 2020 | 18:51
Updated-16 Sep, 2024 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ALEOS SMS Handler Buffer Overflow

A buffer overflow exists in the SMS handler API of ALEOS before 4.13.0, 4.9.5, 4.9.4 that may allow code execution as root.

Action-Not Available
Vendor-sierrawirelessn/a
Product-airlink_es440airlink_gx440airlink_lx60aleosairlink_gx400airlink_rv50airlink_mp70eairlink_gx450airlink_lx40airlink_es450airlink_ls300airlink_rv50xairlink_mp70n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5793
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.38% / 58.64%
||
7 Day CHG+0.09%
Published-06 Jun, 2025 | 18:00
Updated-12 Jun, 2025 | 16:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK EX1200T HTTP POST Request formPortFw buffer overflow

A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_type leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-ex1200t_firmwareex1200tEX1200T
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5739
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.66% / 70.69%
||
7 Day CHG+0.16%
Published-06 Jun, 2025 | 09:00
Updated-09 Jun, 2025 | 13:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK X15 HTTP POST Request formSaveConfig buffer overflow

A vulnerability classified as critical has been found in TOTOLINK X15 1.0.0-B20230714.1105. This affects an unknown part of the file /boafrm/formSaveConfig of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-X15
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5738
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.39% / 59.28%
||
7 Day CHG+0.09%
Published-06 Jun, 2025 | 09:00
Updated-09 Jun, 2025 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK X15 HTTP POST Request formStats buffer overflow

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boafrm/formStats of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-X15
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5735
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.39% / 59.28%
||
7 Day CHG+0.09%
Published-06 Jun, 2025 | 08:00
Updated-09 Jun, 2025 | 13:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK X15 HTTP POST Request formSetLg buffer overflow

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This issue affects some unknown processing of the file /boafrm/formSetLg of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-X15
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-11858
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.7||MEDIUM
EPSS-0.02% / 5.60%
||
7 Day CHG~0.00%
Published-21 Aug, 2020 | 18:52
Updated-16 Sep, 2024 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ALEOS Multiple Web UI vulnerabilities

Multiple buffer overflow vulnerabilities exist in the AceManager Web API of ALEOS before 4.13.0, 4.9.5, and 4.4.9.

Action-Not Available
Vendor-sierrawirelessn/a
Product-airlink_es440airlink_gx440airlink_lx60aleosairlink_gx400airlink_rv50airlink_mp70eairlink_gx450airlink_lx40airlink_es450airlink_ls300airlink_rv50xairlink_mp70n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5790
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.66% / 70.69%
||
7 Day CHG+0.16%
Published-06 Jun, 2025 | 17:31
Updated-17 Jun, 2025 | 21:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK X15 HTTP POST Request formIpQoS buffer overflow

A vulnerability classified as critical was found in TOTOLINK X15 1.0.0-B20230714.1105. This vulnerability affects unknown code of the file /boafrm/formIpQoS of the component HTTP POST Request Handler. The manipulation of the argument mac leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-x15x15_firmwareX15
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5737
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.39% / 59.28%
||
7 Day CHG+0.09%
Published-06 Jun, 2025 | 08:31
Updated-09 Jun, 2025 | 13:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK X15 HTTP POST Request formDosCfg buffer overflow

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formDosCfg of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-X15
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5607
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.18% / 39.86%
||
7 Day CHG+0.04%
Published-04 Jun, 2025 | 19:31
Updated-05 Jun, 2025 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC18 setPptpUserList formSetPPTPUserList buffer overflow

A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated as critical. This issue affects the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-AC18
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-29068
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.9||CRITICAL
EPSS-0.55% / 67.56%
||
7 Day CHG~0.00%
Published-23 Mar, 2021 | 06:57
Updated-03 Aug, 2024 | 21:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R6700v3 before 1.0.4.98, R6400v2 before 1.0.4.98, R7000 before 1.0.11.106, R6900P before 1.3.2.124, R7000P before 1.3.2.124, R7900 before 1.0.4.26, R7850 before 1.0.5.60, R8000 before 1.0.4.58, RS400 before 1.5.0.48, R6400 before 1.0.1.62, R6700 before 1.0.2.16, R6900 before 1.0.2.16, MK60 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, CBR40 before 2.5.0.10, R8000P before 1.4.1.62, R7960P before 1.4.1.62, R7900P before 1.4.1.62, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RAX200 before 1.0.2.102, RAX45 before 1.0.2.64, RAX50 before 1.0.2.64, EX7500 before 1.0.0.68, EAX80 before 1.0.1.62, EAX20 before 1.0.0.36, RBK752 before 3.2.16.6, RBK753 before 3.2.16.6, RBK753S before 3.2.16.6, RBK754 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBK853 before 3.2.16.6, RBK854 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, R6120 before 1.0.0.70, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.76, R6850 before 1.1.0.76, R6350 before 1.1.0.76, R6330 before 1.1.0.76, D7800 before 1.0.1.58, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK40 before 2.6.1.36, RBR40 before 2.6.1.36, RBS40 before 2.6.1.38, RBK23 before 2.6.1.36, RBR20 before 2.6.1.38, RBS20 before 2.6.1.38, RBK12 before 2.6.1.44, RBK13 before 2.6.1.44, RBK14 before 2.6.1.44, RBK15 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, R6800 before 1.2.0.72, R6900v2 before 1.2.0.72, R6700v2 before 1.2.0.72, R7200 before 1.2.0.72, R7350 before 1.2.0.72, R7400 before 1.2.0.72, R7450 before 1.2.0.72, AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, R7800 before 1.0.2.74, R8900 before 1.0.5.24, R9000 before 1.0.5.24, RAX120 before 1.0.1.136, XR450 before 2.3.2.66, XR500 before 2.3.2.66, XR700 before 1.0.1.34, and XR300 before 1.0.3.50.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-eax80rax15r6120rbk14_firmwaremk60_firmwarerbk15_firmwareex7500_firmwarerax45rs400r6260_firmwarer6220rax20ac2400_firmwarerbk753r7900pxr450_firmwarerbk12_firmwareeax20_firmwarerbs40_firmwaremr60r6230r6700rbr10r6330rbs10_firmwarer7000rax80_firmwarer6230_firmwarerbk853_firmwarer9000cbr40rbk752_firmwarer7900_firmwarerbs840_firmwarerbk852r6700_firmwarems60xr450rbk753s_firmwarer8000_firmwarexr700rax80rs400_firmwarer6850_firmwarer7450_firmwarer8000rbs20_firmwarer6900pr8000pr6120_firmwarer7200_firmwarer6800rbr750r8000p_firmwarer7850rbk842_firmwarexr500d7800_firmwarer7850_firmwarexr300rbr40rbr50_firmwaremk60r7960p_firmwarerbk852_firmwarerbk50_firmwareac2600_firmwarecbr40_firmwarerbk12r8900_firmwarer6220_firmwareac2600rbr40_firmwareac2400r6400_firmwarerbk23_firmwarerax50r6900p_firmwarer7960prbk754_firmwarer7000_firmwareeax80_firmwarer7350_firmwarerbk753sxr500_firmwarexr700_firmwarerbk15rax20_firmwarer7200rbs40r8900r9000_firmwarerbs850_firmwarerbr850rbs50_firmwarerbs20ac2100_firmwarerbk854r6900_firmwarer7400rbk23r7800rax120_firmwarer6850r6350rbs10rbr840_firmwarer7800_firmwarer7900p_firmwarer6800_firmwarerbs840ex7500rbk14rax75d7800r7900rbk842rbk40rbr20rbs850ms60_firmwarerbk753_firmwarer6260rbk854_firmwarerbk754rbk853rax200r6330_firmwarerbk40_firmwarer7400_firmwarerax120rbk13r7000p_firmwarerax200_firmwarer6350_firmwarerbs750_firmwarerbr10_firmwaremr60_firmwarerbr750_firmwareeax20r6900r7000prbs50rbr50xr300_firmwareac2100r7450rbk752rbk13_firmwarerbs750rax15_firmwarerbr20_firmwarerbr840rax75_firmwarerbk50rax50_firmwarer6400rax45_firmwarer7350rbr850_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-4149
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.19% / 41.26%
||
7 Day CHG+0.02%
Published-01 May, 2025 | 04:00
Updated-19 May, 2025 | 11:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netgear EX6200 sub_54014 buffer overflow

A vulnerability was found in Netgear EX6200 1.0.3.94. It has been classified as critical. This affects the function sub_54014. The manipulation of the argument host leads to buffer overflow. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-ex6200_firmwareex6200EX6200
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
  • Previous
  • 1
  • 2
  • ...
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • Next
Details not found