Skip to content

Commit 54a0a69

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-4gf6-p85h-2wcf GHSA-5v96-qvr4-5mm3 GHSA-hgx9-j277-fq3j GHSA-qv52-c9fr-fjw8 GHSA-w32p-pwv5-9jr3
1 parent 8b73367 commit 54a0a69

File tree

5 files changed

+288
-0
lines changed

5 files changed

+288
-0
lines changed

advisories/unreviewed/2025/12/GHSA-4gf6-p85h-2wcf/GHSA-4gf6-p85h-2wcf.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-4gf6-p85h-2wcf",
4+
"modified": "2025-12-14T12:32:24Z",
5+
"published": "2025-12-14T12:32:24Z",
6+
"aliases": [
7+
"CVE-2025-14654"
8+
],
9+
"details": "A vulnerability was identified in Tenda AC20 16.03.08.12. The affected element is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component httpd. Such manipulation of the argument list leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14654"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/Tenda/VULN12/AC20_SetPptpUserList.md"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/?ctiid.336387"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?id.336387"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?submit.712899"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://www.tenda.com.cn"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-119"
50+
],
51+
"severity": "HIGH",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2025-12-14T10:15:47Z"
55+
}
56+
}

advisories/unreviewed/2025/12/GHSA-5v96-qvr4-5mm3/GHSA-5v96-qvr4-5mm3.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-5v96-qvr4-5mm3",
4+
"modified": "2025-12-14T12:32:24Z",
5+
"published": "2025-12-14T12:32:24Z",
6+
"aliases": [
7+
"CVE-2025-14653"
8+
],
9+
"details": "A vulnerability was determined in itsourcecode Student Management System 1.0. Impacted is an unknown function of the file /addrecord.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14653"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/moonrains/content/issues/1"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://itsourcecode.com"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?ctiid.336386"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?id.336386"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?submit.712651"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-74"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2025-12-14T10:15:46Z"
55+
}
56+
}

advisories/unreviewed/2025/12/GHSA-hgx9-j277-fq3j/GHSA-hgx9-j277-fq3j.json

Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,64 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-hgx9-j277-fq3j",
4+
"modified": "2025-12-14T12:32:24Z",
5+
"published": "2025-12-14T12:32:24Z",
6+
"aliases": [
7+
"CVE-2025-14659"
8+
],
9+
"details": "A vulnerability was detected in D-Link DIR-860LB1 and DIR-868LB1 203b01/203b03. Affected is an unknown function of the component DHCP Daemon. The manipulation of the argument Hostname results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14659"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://tzh00203.notion.site/D-Link-DIR-860LB1-v203b03-Command-Injection-in-DHCPd-2c6b5c52018a807eab1ae73dbd95eee3?source=copy_link"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://tzh00203.notion.site/D-Link-DIR-868LB1-v203b01-Command-Injection-in-DHCPd-2c8b5c52018a805296c3dea51a7a4070?source=copy_link"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?ctiid.336391"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?id.336391"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?submit.713701"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://vuldb.com/?submit.714709"
49+
},
50+
{
51+
"type": "WEB",
52+
"url": "https://www.dlink.com"
53+
}
54+
],
55+
"database_specific": {
56+
"cwe_ids": [
57+
"CWE-74"
58+
],
59+
"severity": "HIGH",
60+
"github_reviewed": false,
61+
"github_reviewed_at": null,
62+
"nvd_published_at": "2025-12-14T12:16:02Z"
63+
}
64+
}

advisories/unreviewed/2025/12/GHSA-qv52-c9fr-fjw8/GHSA-qv52-c9fr-fjw8.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-qv52-c9fr-fjw8",
4+
"modified": "2025-12-14T12:32:24Z",
5+
"published": "2025-12-14T12:32:24Z",
6+
"aliases": [
7+
"CVE-2025-14656"
8+
],
9+
"details": "A weakness has been identified in Tenda AC20 16.03.08.12. This affects the function httpd of the file /goform/openSchedWifi. Executing manipulation of the argument schedStartTime/schedEndTime can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be exploited.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14656"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/Tenda/VULN14/AC20_openSchedWifi.md"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/?ctiid.336389"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?id.336389"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?submit.712917"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://www.tenda.com.cn"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-119"
50+
],
51+
"severity": "HIGH",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2025-12-14T11:15:40Z"
55+
}
56+
}

advisories/unreviewed/2025/12/GHSA-w32p-pwv5-9jr3/GHSA-w32p-pwv5-9jr3.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-w32p-pwv5-9jr3",
4+
"modified": "2025-12-14T12:32:25Z",
5+
"published": "2025-12-14T12:32:24Z",
6+
"aliases": [
7+
"CVE-2025-14655"
8+
],
9+
"details": "A security flaw has been discovered in Tenda AC20 16.03.08.12. The impacted element is the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg of the component httpd. Performing manipulation of the argument rebootTime results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14655"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/Madgeaaaaa/MY_VULN_2/blob/main/Tenda/VULN13/AC20_SetSysAutoRebbotCfg.md"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/?ctiid.336388"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?id.336388"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?submit.712910"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://www.tenda.com.cn"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-119"
50+
],
51+
"severity": "HIGH",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2025-12-14T11:15:39Z"
55+
}
56+
}

0 commit comments

Comments
 (0)