CVE-2026-11553

Publié : 8 juin 2026

Modifié : 8 juin 2026

Score CVSS

8.8

HIGH

Description détaillée

A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formPPPEdit of the file /boaform/formPPPEdit. The manipulation of the argument encodename results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used.

Vecteur d'attaque (CVSS)

Vecteur brut :CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Références et Patchs

https://github.com/xiezhihua-1127/Tenda-Stack-Overflow.git https://github.com/xiezhihua-1127/Tenda-Stack-Overflow/blob/main/report.md https://vuldb.com/cve/CVE-2026-11553 https://vuldb.com/submit/836778 https://vuldb.com/vuln/369163 https://vuldb.com/vuln/369163/cti https://www.tenda.com.cn/

Dernières Vulnérabilités

CVE-2026-44541

Fides is an open-source privacy engineering platform. From version 2.33.0 to before version 2.84.5, there is a DOM-based XSS vulnerability in fides.js via the fides_description override. This issue has been patched in version 2.84.5.

VOIR DÉTAILS

CVE-2026-40215

A race condition in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows remote attackers to potentially cause a server crash or leak heap memory via a use-after-free triggered during TLS session promotion.

VOIR DÉTAILS

CVE-2026-11585

A vulnerability was determined in CodeAstro Student Attendance Management System 1.0. Affected is an unknown function of the file /attendance-php/Admin/createClassArms.php. This manipulation of the argument classId causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.

VOIR DÉTAILS