Export limit exceeded: 344176 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344176 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-70651 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2026-01-26 | 7.5 High |
| Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow in the ssid parameter of the form_fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | ||||
| CVE-2025-14750 | 1 Weintek | 3 Cmt-ctrl01, Cmt-svrx-820, Cmt3072xh | 2026-01-26 | N/A |
| The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. A low-privileged user can modify the parameters and potentially manipulate account-level privileges. | ||||
| CVE-2025-70648 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2026-01-26 | 7.5 High |
| Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in the security_5g parameter of the sub_727F4 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | ||||
| CVE-2025-70646 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2026-01-26 | 7.5 High |
| Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in the security parameter of the sub_72290 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | ||||
| CVE-2025-71020 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2026-01-26 | 7.5 High |
| Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the security parameter of the sub_4C408 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | ||||
| CVE-2025-56088 | 1 Ruijie | 2 Rg-bcr860, Rg-bcr860 Firmware | 2026-01-26 | 8.8 High |
| OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the action_service in file /usr/lib/lua/luci/controller/admin/service.lua. | ||||
| CVE-2025-70746 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2026-01-26 | 7.5 High |
| Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the timeZone parameter of the fromSetSysTime function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | ||||
| CVE-2025-70645 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2026-01-26 | 7.5 High |
| Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the deviceList parameter of the formSetWifiMacFilterCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | ||||
| CVE-2025-70650 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2026-01-26 | 7.5 High |
| Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the deviceList parameter of the formSetMacFilterCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | ||||
| CVE-2025-70644 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2026-01-26 | 7.5 High |
| Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the time parameter of the sub_60CFC function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | ||||
| CVE-2025-56109 | 1 Ruijie | 2 Rg-bcr860, Rg-bcr860 Firmware | 2026-01-26 | 8.8 High |
| OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the action_wireless in file /usr/lib/lua/luci/control/admin/wireless.lua. | ||||
| CVE-2025-69764 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2026-01-26 | 9.8 Critical |
| Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the formGetIptv function due to improper handling of the stbpvid stack buffer, which may result in memory corruption and remote code execution. | ||||
| CVE-2025-69766 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2026-01-26 | 9.8 Critical |
| Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the formGetIptv function due to improper handling of the citytag stack buffer, which may result in memory corruption and remote code execution. | ||||
| CVE-2025-69762 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2026-01-26 | 9.8 Critical |
| Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formSetIptv via the list parameter, which can cause memory corruption and enable remote code execution. | ||||
| CVE-2025-69763 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2026-01-26 | 9.8 Critical |
| Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formSetIptv via the vlanId parameter, which can cause memory corruption and enable remote code execution. | ||||
| CVE-2024-31976 | 2 Engenius, Engeniustech | 3 Ews356 Fit Firmware, Ews356-fir, Ews356-fir Firmware | 2026-01-26 | 8 High |
| EnGenius EWS356-FIR 1.1.30 and earlier devices allow a remote attacker to execute arbitrary OS commands via the Controller connectivity parameter. | ||||
| CVE-2025-56106 | 1 Ruijie | 4 Rg-est350, Rg-est350 Firmware, Rg-ew1800gx and 1 more | 2026-01-26 | 8.8 High |
| OS Command Injection vulnerability in Ruijie RG-EW1800GX B11P226_EW1800GX_10223121 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua. | ||||
| CVE-2018-25143 | 1 Microhardcorp | 22 Bullet-3g, Bullet-3g Firmware, Bullet-lte and 19 more | 2026-01-26 | 8.8 High |
| Microhard Systems IPn4G 1.1.0 contains a service vulnerability that allows authenticated users to enable a restricted SSH shell with a default 'msshc' user. Attackers can exploit a custom 'ping' command in the NcFTP environment to escape the restricted shell and execute commands with root privileges. | ||||
| CVE-2018-25145 | 1 Microhardcorp | 22 Bullet-3g, Bullet-3g Firmware, Bullet-lte and 19 more | 2026-01-26 | 6.5 Medium |
| Microhard Systems IPn4G 1.1.0 contains a configuration file disclosure vulnerability that allows authenticated attackers to download sensitive system configuration files. Attackers can retrieve configuration files from multiple directories including '/www', '/etc/m_cli/', and '/tmp' to access system passwords and network settings. | ||||
| CVE-2025-36410 | 1 Ibm | 1 Applinx | 2026-01-26 | 3.1 Low |
| IBM ApplinX 11.1 could allow an authenticated user to perform unauthorized administrative actions on the server due to server-side enforcement of client-side security. | ||||