Total
1428 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-25756 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2025-03-13 | N/A | 8.0 HIGH |
| A Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the formWifiBasicSet function. | |||||
| CVE-2024-25751 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2025-03-13 | N/A | 9.8 CRITICAL |
| A Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the fromSetSysTime function. | |||||
| CVE-2024-37632 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-03-13 | N/A | 9.8 CRITICAL |
| TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via the password parameter in function loginAuth . | |||||
| CVE-2024-30592 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-03-13 | N/A | 8.0 HIGH |
| Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the page parameter of the fromAddressNat function. | |||||
| CVE-2024-30591 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-03-13 | N/A | 8.8 HIGH |
| Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the time parameter of the saveParentControlInfo function. | |||||
| CVE-2024-30590 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-03-13 | N/A | 6.5 MEDIUM |
| Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the schedEndTime parameter of the setSchedWifi function. | |||||
| CVE-2024-30589 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-03-13 | N/A | 9.8 CRITICAL |
| Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability in the entrys parameter of the fromAddressNat function. | |||||
| CVE-2024-30588 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-03-13 | N/A | 4.3 MEDIUM |
| Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the schedStartTime parameter of the setSchedWifi function. | |||||
| CVE-2024-30586 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-03-13 | N/A | 6.5 MEDIUM |
| Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the security_5g parameter of the formWifiBasicSet function. | |||||
| CVE-2024-30585 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-03-13 | N/A | 6.5 MEDIUM |
| Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the saveParentControlInfo function. | |||||
| CVE-2024-30583 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-03-13 | N/A | 8.0 HIGH |
| Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the mitInterface parameter of the fromAddressNat function. | |||||
| CVE-2024-30594 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-03-13 | N/A | 6.5 MEDIUM |
| Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceMac parameter of the addWifiMacFilter function. | |||||
| CVE-2024-30595 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-03-13 | N/A | 9.8 CRITICAL |
| Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the addWifiMacFilter function. | |||||
| CVE-2023-50809 | 2025-03-13 | N/A | 7.8 HIGH | ||
| In certain Sonos products before S1 Release 11.12 and S2 release 15.9, the mt_7615.ko wireless driver does not properly validate an information element during negotiation of a WPA2 four-way handshake. This lack of validation leads to a stack buffer overflow. This can result in remote code execution within the kernel. This affects Amp, Arc, Arc SL, Beam, Beam Gen 2, Beam SL, and Five. | |||||
| CVE-2023-44409 | 1 Dlink | 2 Dap-1325, Dap-1325 Firmware | 2025-03-12 | N/A | 8.8 HIGH |
| D-Link DAP-1325 SetSetupWizardStatus Enabled Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18838. | |||||
| CVE-2023-44408 | 1 Dlink | 2 Dap-1325, Dap-1325 Firmware | 2025-03-12 | N/A | 8.8 HIGH |
| D-Link DAP-1325 SetAPLanSettings IPAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18827. | |||||
| CVE-2023-44407 | 1 Dlink | 2 Dap-1325, Dap-1325 Firmware | 2025-03-12 | N/A | 8.8 HIGH |
| D-Link DAP-1325 SetAPLanSettings Gateway Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18826. | |||||
| CVE-2023-44406 | 1 Dlink | 2 Dap-1325, Dap-1325 Firmware | 2025-03-12 | N/A | 8.8 HIGH |
| D-Link DAP-1325 SetAPLanSettings DeviceName Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18825. | |||||
| CVE-2023-44405 | 1 Dlink | 2 Dap-1325, Dap-1325 Firmware | 2025-03-12 | N/A | 8.8 HIGH |
| D-Link DAP-1325 get_value_of_key Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18824. | |||||
| CVE-2023-44404 | 1 Dlink | 2 Dap-1325, Dap-1325 Firmware | 2025-03-12 | N/A | 8.8 HIGH |
| D-Link DAP-1325 get_value_from_app Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provided to the HNAP1 SOAP endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18823. | |||||