Ezangel

#3967of 53,633
65.3Total CVSS
Vulnerabilities · 7
Medium
1
Critical
6
PT-2026-49291
9.8
2026-06-15
Undefined · Undefined · CVE-2026-38060
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action unlock sim via the pin parameter.
PT-2026-49294
9.8
2026-06-15
Undefined · Undefined · CVE-2026-38063
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action radio on with ia apn via the ia parameter.
PT-2026-49292
9.8
2026-06-15
Undefined · Undefined · CVE-2026-38061
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action set volume via the volume parameter.
PT-2026-25027
9.8
2026-03-12
Gl.Inet · Ar300M16 Firmware · CVE-2026-26795
**Name of the Vulnerable Software and Affected Versions** GL-iNet GL-AR300M16 version 4.3.11 **Description** The GL-iNet GL-AR300M16 device contains a command injection issue through the `module` parameter within the `M.get system log` function. This allows attackers to execute arbitrary commands by providing a crafted input. The vulnerability is present in the system log API, potentially leading to unauthorized remote code execution on travel routers. **Recommendations** GL-iNet GL-AR300M16 version 4.3.11: As a temporary workaround, consider disabling access to the `M.get system log` function until a patch is available.
PT-2025-51753
9.8
2025-12-16
Unknown · Mercury D196G · CVE-2025-50401
**Name of the Vulnerable Software and Affected Versions** Mercury D196G version d196gv1-cn-up 2020-01-09 11.21.44 **Description** A buffer overflow condition exists in the Mercury D196G router. This issue is present in the `sub 404CAEDC` function and is triggered by the `password` parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2025-51752
9.8
2025-12-16
Unknown · Mercury D196G · CVE-2025-50398
**Name of the Vulnerable Software and Affected Versions** Mercury D196G version d196gv1-cn-up 2020-01-09 11.21.44 **Description** The software is susceptible to a buffer overflow issue. This occurs in the `sub 404CAEDC` function through the `fac password` parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2024-7090
6.5
2024-10-08
Tp Link · Tp-Link Tl-Wdr7660 · CVE-2024-48714
**Name of the Vulnerable Software and Affected Versions** TP-Link TL-WDR7660 version 1.0 **Description** The issue is related to the `guestRuleJsonToBin()` function, which handles the `string name` parameter without validation, potentially leading to a stack overflow. This can be exploited by a remote attacker using a specially crafted HTTP request, resulting in a denial of service. **Recommendations** For TP-Link TL-WDR7660 version 1.0, as a temporary workaround, consider disabling the `guestRuleJsonToBin()` function until a patch is available. Restrict access to the vulnerable guest function to minimize the risk of exploitation. Avoid using the `string name` parameter in the affected HTTP endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.