M202572177

#8463de 53,635
32.5CVSS total
Vulnerabilidades · 4
Média
1
Alta
3
PT-2026-30716
5.5
2026-03-30
Totolink · Totolink A3300R · CVE-2026-5679
Name of the Vulnerable Software and Affected Versions Totolink A3300R versão 17.0.0cu.557 B20221024 Description Uma falha de segurança foi detectada no Totolink A3300R versão 17.0.0cu.557 B20221024. A função `vsetTr069Cfg` dentro do arquivo `/cgi-bin/cstecgi.cgi` é suscetível à injeção de comandos do sistema operacional através da manipulação do argumento `stun pass`. A exploração foi divulgada publicamente. Recommendations Atualize para uma versão mais recente que contenha uma correção para esta vulnerabilidade. Como medida temporária, restrinja o acesso ao arquivo `/cgi-bin/cstecgi.cgi`.
PT-2026-24019
9.0
2026-03-09
Tenda · Tenda Fh1202 · CVE-2026-3809
**Name of the Vulnerable Software and Affected Versions** Tenda FH1202 version 1.2.0.14(408) **Description** A stack-based buffer overflow exists in the `fromNatStaticSetting` function of the `/goform/NatSaticSetting` file. Manipulation of the `page` argument can trigger the overflow. This issue can be exploited remotely. An exploit has been published. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `/goform/NatSaticSetting` file.
PT-2026-24023
9.0
2026-03-09
Tenda · Tenda Fh1202 · CVE-2026-3810
**Name of the Vulnerable Software and Affected Versions** Tenda FH1202 version 1.2.0.14(408) **Description** A stack-based buffer overflow exists in the `fromDhcpListClient` function within the `/goform/DhcpListClient` file of the Tenda FH1202. The `page` argument is susceptible to manipulation, leading to the overflow. Remote exploitation is possible. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2026-23979
9.0
2026-03-08
Tenda · Tenda Fh1202 · CVE-2026-3811
**Name of the Vulnerable Software and Affected Versions** Tenda FH1202 version 1.2.0.14(408) **Description** A stack-based buffer overflow exists in the `fromP2pListFilter` function of the `/goform/P2pListFilter` file. The issue is triggered by manipulating the `page` argument and can be exploited remotely. The exploit has been publicly released. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `/goform/P2pListFilter` file.