A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130/9.3.5u.6698_B20230810. Affected is the function loginAuth of the file /cgi-bin/cstecgi.cgi of the component Web Interface. The manipulation of the argument http_host leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-254574 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via eport in the function setIpPortFilterRules.
TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiBasicCfg
TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a stack buffer overflow vulnerability in the setIpPortFilterRules function.
A vulnerability, which was classified as critical, has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This issue affects the function setRptWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument loginpass leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formSetIptv.
A buffer overflow vulnerability exists in the upload.cgi module of the iptime NAS firmware v1.5.04. The vulnerability arises due to the unsafe use of the strcpy function to copy attacker-controlled data from the CONTENT_TYPE HTTP header into a fixed-size stack buffer (v8, allocated 8 bytes) without bounds checking. Since this operation occurs before authentication logic is executed, the vulnerability is exploitable pre-authentication.
Tenda AC6 V15.03.05.16 was discovered to contain a stack overflow via the time parameter in the setSmartPowerManagement function.
In Netgear XR300 V1.0.3.38_10.3.30, a stack-based buffer overflow exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occurs when processing POST requests containing the read_access parameter.
In Netgear XR300 V1.0.3.38_10.3.30, a stack-based buffer overflow vulnerability exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occurs when processing POST requests containing the usb_folder parameter.
In Netgear XR300 V1.0.3.38_10.3.30, a stack-based buffer overflow vulnerability exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occurs when processing POST requests containing the share_name parameter.
Tenda FH451 V1.0.0.9 has a stack overflow vulnerability in the function.frmL7ImForm.
In Tenda RX3 V1.0br_V16.03.13.11 in the GetParentControlInfo function of the web url /goform/GetParentControlInfo, the manipulation of the parameter mac leads to stack overflow.
FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the ownekey parameter in the web_rmon_alarm_post_rmon_alarm function.
ALFA AIP-W512 v3.2.2.2.3 was discovered to contain an authenticated stack overflow via the targetAPMac parameter in the formWsc function.
FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the ipv4Aclkey parameter in the web_acl_ipv4BasedAceAdd function.
Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a stack overflow vlunerability via peerPin parameter in the formWsc function.
A vulnerability has been found in Tenda AC15 15.03.05.19 in the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument src leads to stack-based buffer overflow.