Tag

Router-Vulnerability

4 briefs RSS

Tenda F1202 Stack-Based Buffer Overflow Vulnerability (CVE-2026-9429)

A stack-based buffer overflow vulnerability (CVE-2026-9429) exists in Tenda F1202 version 1.2.0.20(408) within the formWrlExtraSet function of the /goform/WrlExtraSet file, allowing a remote attacker to execute arbitrary code by manipulating the delno argument; a public exploit is available.

F1202 1.2.0.20 stack-based buffer overflow router vulnerability cve-2026-9429

2r 1t 1c 3w ago

critical threat

Totolink A8000RU Command Injection Vulnerability (CVE-2026-9475)

2 rules 1 TTP 1 CVE

Totolink A8000RU version 7.1cu.643_b20200521 is vulnerable to remote OS command injection via manipulation of the Comment argument in the setIpQosRules function, allowing unauthenticated attackers to execute arbitrary commands on the device.

A8000RU 7.1cu.643_b20200521 command injection router vulnerability CVE-2026-9475

2r 1t 1c 3w ago

critical advisory

Tenda Router DNS Hijacking via Cookie Session Weakness

2 rules 1 TTP 1 CVE

Tenda W3002R/A302/W309R routers with firmware V5.07.64_en are vulnerable to unauthenticated DNS hijacking, where attackers exploit a cookie session weakness to modify DNS settings via crafted GET requests.

W3002R/A302/W309R wireless routers cve-2018-25317 dns-hijacking router-vulnerability

2r 1t 1c Apr 29, 2026

critical advisory

Totolink A8000RU Command Injection Vulnerability (CVE-2026-7244)

3 rules 1 TTP 1 CVE

A critical OS command injection vulnerability (CVE-2026-7244) exists in the setWiFiEasyGuestCfg function of the /cgi-bin/cstecgi.cgi file in Totolink A8000RU version 7.1cu.643_b20200521, allowing remote attackers to execute arbitrary commands.

A8000RU command injection router vulnerability cve-2026-7244

3r 1t 1c Apr 28, 2026