Aggregator

В открытый доступ попали данные почти 19 миллионов пользователей игровых автоматов.

A vulnerability marked as critical has been reported in Tenda F1202 1.2.0.20(408). This affects the function fromPptpUserAdd of the file /goform/PptpUserAdd. The manipulation of the argument opttype leads to stack-based buffer overflow. This vulnerability is documented as CVE-2026-9431. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability labeled as critical has been found in Tenda F1202 1.2.0.20(408). Affected by this issue is the function formGstDhcpSetSer of the file /goform/GstDhcpSetSerof. Executing a manipulation of the argument dips can lead to stack-based buffer overflow. This vulnerability is registered as CVE-2026-9430. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability identified as critical has been detected in Tenda F1202 1.2.0.20(408). Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet. Performing a manipulation of the argument delno results in stack-based buffer overflow. This vulnerability is cataloged as CVE-2026-9429. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability categorized as critical has been discovered in Tenda F1202 1.2.0.20(408). Affected is the function fromPPTPUserSetting of the file /goform/PPTPUserSetting. Such manipulation of the argument delno leads to stack-based buffer overflow. This vulnerability is listed as CVE-2026-9428. The attack may be performed from remote. In addition, an exploit is available.

Submit #813909 / VDB-365417

Submit #813908 / VDB-365416

Submit #813907 / VDB-365415

Submit #813906 / VDB-365414

Submit #813905 / VDB-365413

A vulnerability was found in Edimax EW-7438RPn 1.31. It has been rated as critical. This impacts the function formWlSiteSurvey of the file /goform/formWlSiteSurvey of the component webs. This manipulation of the argument selSSID/submit-url causes stack-based buffer overflow. This vulnerability is tracked as CVE-2026-9427. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Edimax EW-7438RPn 1.31. It has been declared as critical. This affects the function formHwSet of the file /goform/formHwSet. The manipulation of the argument Anntena/Mcs/regDomain/nic0Addr/nic1Addr/wlanAddr/wanAddr/wlanSSID/wlanChan/initgain/txcck/txofdm/submit-url results in stack-based buffer overflow. This vulnerability is identified as CVE-2026-9426. The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Edimax EW-7438RPn 1.31. It has been classified as critical. The impacted element is the function formWlanMP of the file /goform/formWlanMP. The manipulation of the argument ateFunc/ateGain/ateTxCount/ateChan/ateRate/ateMacID/e2pTxPower1/e2pTxPower2/e2pTxPower3/e2pTxPower4/e2pTxPower5/e2pTxPower6/e2pTxPower7/e2pTx2Power1/e2pTx2Power2/e2pTx2Power3/e2pTx2Power4/e2pTx2Power5/e2pTx2Power6/e2pTx2Power7/ateTxFreqOffset/ateMode/ateBW/ateAntenna/e2pTxFreqOffset/e2pTxPwDeltaB/e2pTxPwDeltaG/e2pTxPwDeltaMix/e2pTxPwDeltaN/readE2P leads to stack-based buffer overflow. This vulnerability is referenced as CVE-2026-9425. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Edimax EW-7438RPn 1.31 and classified as critical. The affected element is the function formWlanMP of the file /goform/formWlanMP of the component Content-Type Handler. Executing a manipulation of the argument ateFunc/ateGain/ateTxCount/ateChan/ateRate/ateMacID/e2pTxPower1/e2pTxPower2/e2pTxPower3/e2pTxPower4/e2pTxPower5/e2pTxPower6/e2pTxPower7/e2pTx2Power1/e2pTx2Power2/e2pTx2Power3/e2pTx2Power4/e2pTx2Power5/e2pTx2Power6/e2pTx2Power7/ateTxFreqOffset/ateMode/ateBW/ateAntenna/e2pTxFreqOffset/e2pTxPwDeltaB/e2pTxPwDeltaG/e2pTxPwDeltaMix/e2pTxPwDeltaN/readE2P can lead to os command injection. The identification of this vulnerability is CVE-2026-9424. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in Edimax BR-6675nD 1.12 and classified as critical. Impacted is the function mp of the file /goform/mp of the component POST Request Handler. Performing a manipulation of the argument command results in command injection. This vulnerability was named CVE-2026-9423. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

说实话，没有那么多传奇故事，更多是很具体的活：看代码路径，复现实验，想清楚场景，写 changelog，发 patch，然后等 review。最开始，是 Barry（宋宝华）老师发起了一张“英雄帖”，把几个愿意花时间啃内核问题的人招呼到了一起。我们想把这些事摊开：看过的代码，做过的实验，踩过的坑，patch 为什么这么写，又为什么被打回来。我们想成为这样的人，也想遇到更多这样的人。我们是一群 Linux kernel 狂热爱好者，没有收益，没有赞助，也没有什么复杂的背景。今天开始，这里就是“笑傲内核”。

Submit #813916 / VDB-365412

Submit #813915 / VDB-365411

Submit #813913 / VDB-236358

Submit #813912 / VDB-365410