Abcd1234

#8967de 53,638
30.5CVSS total
Vulnerabilidades · 4
Média
1
Alta
3
PT-2026-5401
9.0
2026-01-30
Totolink · Totolink A3600R · CVE-2026-1686
**Name of the Vulnerable Software and Affected Versions** Totolink A3600R version 5.9c.4959 **Description** A security flaw exists in Totolink A3600R version 5.9c.4959. The issue resides within the `setAppEasyWizardConfig` function located in the `/lib/cste modules/app.so` library. Manipulation of the `apcliSsid` argument can lead to a buffer overflow. This issue is remotely exploitable. The exploit code has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2026-5423
7.5
2026-01-30
Unknown · Boa Web Server · CVE-2026-1687
**Name of the Vulnerable Software and Affected Versions** Tenda HG10 US HG7 HG9 HG10re 300001138 en xpon (affected versions not specified) **Description** A flaw exists in the Boa Webserver component of Tenda HG10 US HG7 HG9 HG10re 300001138 en xpon. Specifically, a manipulation of the `serverString` argument within the /boaform/formSamba file can result in command injection. This allows for remote execution of commands. The exploit for this issue has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2026-5425
7.5
2026-01-17
Tenda · Tenda Hg10 · CVE-2026-1689
**Nome do Software Vulnerável e Versões Afetadas** Tenda HG10 US HG7 HG9 HG10re 300001138 en xpon (versões afetadas não especificadas) **Descrição** Existe uma falha no componente de Interface de Login do software, especificamente dentro da função `checkUserFromLanOrWan` localizada no arquivo `/boaform/admin/formLogin`. A manipulação do argumento `Host` pode resultar em injeção de comando. Este problema é explorável remotamente e o exploit está disponível publicamente. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.
PT-2026-5426
6.5
2026-01-17
Tenda · Tenda Hg10 · CVE-2026-1690
**Name of the Vulnerable Software and Affected Versions** Tenda HG10 US HG7 HG9 HG10re 300001138 en xpon (affected versions not specified) **Description** A flaw exists in the system function associated with the file '/boaform/formSysCmd'. Manipulation of the `sysCmd` argument can lead to command injection. This attack can be initiated remotely. The exploit has been published. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.