Gowri Shankar Infosec

Overview This article details CVE-2025-14141, a high-severity vulnerability affecting UTT 进取 520W routers, specifically version 1.7.7-180627. This vulnerability is a buffer overflow in the strcpy function within the /goform/formArpBindConfig file. Successful exploitation allows remote attackers to potentially execute arbitrary code on the device. The vendor was contacted regarding this disclosure, but no response has been … Read more

Overview CVE-2025-14140 is a medium-severity buffer overflow vulnerability discovered in UTT 进取 520W version 1.7.7-180627. This flaw resides within the strcpy function of the /goform/websHostFilter component. By manipulating the addHostFilter argument, a remote attacker can trigger a buffer overflow, potentially leading to code execution or denial of service. The vulnerability is unpatched, and a public … Read more

Overview CVE-2025-14139 is a medium severity security vulnerability affecting UTT 进取 520W routers, specifically version 1.7.7-180627. This vulnerability is a buffer overflow in the strcpy function of the /goform/formConfigDnsFilterGlobal file. The issue arises from improper handling of the timeRangeName argument, potentially allowing attackers to execute arbitrary code. Technical Details The vulnerability lies within the strcpy … Read more

Overview A high-severity vulnerability, identified as CVE-2025-14136, has been discovered in several Linksys range extender models, specifically RE6500, RE6250, RE6300, RE6350, RE7000, and RE9000 running firmware versions 1.0.013.001, 1.0.04.001, 1.0.04.002, 1.1.05.003, and 1.2.07.001. This vulnerability is a stack-based buffer overflow that can be exploited remotely. The vendor was notified but did not respond. Proof-of-concept exploit … Read more

Overview A high-severity vulnerability, identified as CVE-2025-14135, has been discovered in several Linksys RE series Wi-Fi extenders. This vulnerability is a stack-based buffer overflow affecting the AP_get_wired_clientlist_setClientsName function within the mod_form.so file. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected device. Technical Details The vulnerability resides … Read more

Published: 2025-12-06T11:15:48.437 Overview A high-severity vulnerability, identified as CVE-2025-14134, has been discovered in several Linksys RE series range extenders. This vulnerability affects the RE6500, RE6250, RE6300, RE6350, RE7000, and RE9000 models. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code remotely. Technical Details The vulnerability is a stack-based buffer overflow located … Read more

Overview A high-severity stack-based buffer overflow vulnerability, identified as CVE-2025-14133, has been discovered in several Linksys range extender models. This flaw affects Linksys RE6500, RE6250, RE6300, RE6350, RE7000, and RE9000 devices running firmware versions 1.0.013.001, 1.0.04.001, 1.0.04.002, 1.1.05.003, and 1.2.07.001. An attacker can exploit this vulnerability remotely to potentially execute arbitrary code or cause a … Read more

Overview A high-severity vulnerability, identified as CVE-2025-14126, has been discovered in TOZED ZLT M30S and ZLT M30S PRO routers running firmware versions 1.47/3.09.06. This vulnerability allows attackers within the local network to exploit hardcoded credentials due to improper handling by the Web Interface component. The vendor has not responded to responsible disclosure attempts. Technical Details … Read more

Overview A critical vulnerability, identified as CVE-2025-13065, has been discovered in the Starter Templates plugin for WordPress. This vulnerability affects all versions up to and including 4.4.41. It allows authenticated attackers with author-level access or higher to upload arbitrary files to the affected server, potentially leading to remote code execution. Technical Details The vulnerability stems … Read more

Overview A high-severity vulnerability, identified as CVE-2025-12966, has been discovered in the All-in-One Video Gallery plugin for WordPress. This vulnerability allows authenticated attackers with Author-level access or higher to upload arbitrary files to the affected WordPress server. Successful exploitation of this vulnerability can lead to remote code execution, potentially compromising the entire website. This article … Read more