Noahze01

#9428of 53,633
29.4Total CVSS
Vulnerabilities · 3
Critical
3
PT-2025-41606
9.8
2025-10-06
Tenda · Tenda Ac7 · CVE-2025-11586
**Name of the Vulnerable Software and Affected Versions** Tenda AC7 version 15.03.06.44 **Description** A stack-based buffer overflow exists in the Tenda AC7 router firmware. The issue is located in an unknown function within the `/goform/setNotUpgrade` endpoint. Manipulation of the `newVersion` argument causes the overflow, and the attack can be carried out remotely. The exploit has been publicly disclosed. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the `/goform/setNotUpgrade` endpoint to minimize the risk of exploitation.
PT-2024-30008
9.8
2024-08-12
Totolink · Totolink A3100R · CVE-2024-42546
**Name of the Vulnerable Software and Affected Versions** TOTOLINK A3100R version 4.1.2cu.5050 B20200504 **Description** The issue is a buffer overflow vulnerability in the `password` parameter in the `loginauth` function. This vulnerability can be exploited, but no specific details about the estimated number of potentially affected devices or real-world incidents are provided. **Recommendations** For TOTOLINK A3100R version 4.1.2cu.5050 B20200504, as a temporary workaround, consider restricting the use of the `loginauth` function until a patch is available. Avoid using the `password` parameter in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2024-30009
9.8
2024-08-12
Totolink · Totolink A3100R · CVE-2024-42547
**Name of the Vulnerable Software and Affected Versions** TOTOLINK A3100R version 4.1.2cu.5050 B20200504 **Description** The issue is a buffer overflow vulnerability in the `http host` parameter within the `loginauth` function. This vulnerability can be exploited, potentially leading to unauthorized access or control. **Recommendations** For TOTOLINK A3100R version 4.1.2cu.5050 B20200504, as a temporary workaround, consider restricting access to the `loginauth` function until a patch is available. Avoid using the `http host` parameter in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.