Suggestions search

Untriaged

Filter by:

With package: spotify

Found 3 matching suggestions

View:

Compact

Detailed

Permalink CVE-2026-4253

4.7 MEDIUM

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 6 days, 18 hours ago

Tenda AC8 Web UploadCfg route_set_user_policy_rule os command injection

A security flaw has been discovered in Tenda AC8 16.03.50.11. This affects the function route_set_user_policy_rule of the file /cgi-bin/UploadCfg of the component Web Interface. The manipulation of the argument wans.policy.list1 results in os command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.

References

VDB-351211 | Tenda AC8 Web UploadCfg route_set_user_policy_rule os command injection vdb-entry technical-description
VDB-351211 | CTI Indicators (IOB, IOC, TTP, IOA) signature permissions-required
Submit #771771 | Tenda AC8 V5 V16.03.50.11 OS Command Injection third-party-advisory
https://github.com/digitalandrew/tenda_ac8_v5/blob/main/poc_cmdi_config_upload.… exploit
https://www.tenda.com.cn/ product

Affected products

AC8

==16.03.50.11

Matching in nixpkgs

pkgs.spotify

Play music from the Spotify music service

nixos-unstable 1.2.82.428.g0ac8be2b
- nixpkgs-unstable 1.2.82.428.g0ac8be2b
- nixos-unstable-small 1.2.82.428.g0ac8be2b

pkgs.vimPlugins.nvim-treesitter-parsers.strace

Tree-sitter grammar for strace

nixos-unstable 0.0.0+rev=ac874dd
- nixpkgs-unstable 0.0.0+rev=ac874dd
- nixos-unstable-small 0.0.0+rev=ac874dd

Package maintainers

@ftrvxmtrx Sigrid Solveig Haflínudóttir <ftrvxmtrx@gmail.com>
@Ma27 Maximilian Bosch <maximilian@mbosch.me>
@timokau Timo Kaufmann <timokau@zoho.com>

Permalink CVE-2026-4254

9.8 CRITICAL

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 6 days, 18 hours ago

Tenda AC8 HTTP Endpoint SysToolChangePwd doSystemCmd stack-based overflow

A weakness has been identified in Tenda AC8 up to 16.03.50.11. This vulnerability affects the function doSystemCmd of the file /goform/SysToolChangePwd of the component HTTP Endpoint. This manipulation of the argument local_2c causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.

References

VDB-351212 | Tenda AC8 HTTP Endpoint SysToolChangePwd doSystemCmd stack-based overflow vdb-entry technical-description
VDB-351212 | CTI Indicators (IOB, IOC, IOA) signature permissions-required
Submit #771773 | Tenda AC8 V5 V16.03.50.11 Buffer Overflow third-party-advisory
https://github.com/digitalandrew/tenda_ac8_v5/blob/main/CVE_Report_Tenda_AC8_Sy… exploit
https://www.tenda.com.cn/ product

Affected products

AC8

==16.03.50.0
==16.03.50.5
==16.03.50.6
==16.03.50.2
==16.03.50.3
==16.03.50.10
==16.03.50.11
==16.03.50.8
==16.03.50.9
==16.03.50.7
==16.03.50.4
==16.03.50.1

Matching in nixpkgs

pkgs.spotify

Play music from the Spotify music service

nixos-unstable 1.2.82.428.g0ac8be2b
- nixpkgs-unstable 1.2.82.428.g0ac8be2b
- nixos-unstable-small 1.2.82.428.g0ac8be2b

pkgs.vimPlugins.nvim-treesitter-parsers.strace

Tree-sitter grammar for strace

nixos-unstable 0.0.0+rev=ac874dd
- nixpkgs-unstable 0.0.0+rev=ac874dd
- nixos-unstable-small 0.0.0+rev=ac874dd

Package maintainers

@ftrvxmtrx Sigrid Solveig Haflínudóttir <ftrvxmtrx@gmail.com>
@Ma27 Maximilian Bosch <maximilian@mbosch.me>
@timokau Timo Kaufmann <timokau@zoho.com>

Permalink CVE-2026-4252

9.8 CRITICAL

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 6 days, 18 hours ago

Tenda AC8 IPv6 check_is_ipv6 ip address for authentication

A vulnerability was identified in Tenda AC8 16.03.50.11. Affected by this issue is the function check_is_ipv6 of the component IPv6 Handler. The manipulation leads to reliance on ip address for authentication. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

References

https://github.com/digitalandrew/tenda_ac8_v5/blob/main/poc_ipv6_auth_bypass.py exploit
https://www.tenda.com.cn/ product
VDB-351210 | Tenda AC8 IPv6 check_is_ipv6 ip address for authentication vdb-entry technical-description
VDB-351210 | CTI Indicators (IOB, IOC, IOA) signature permissions-required
Submit #771759 | Tenda AC8 V5 V16.03.50.11 Authentication Bypass Issues third-party-advisory

Affected products

AC8

==16.03.50.11

Matching in nixpkgs

pkgs.spotify

Play music from the Spotify music service

nixos-unstable 1.2.82.428.g0ac8be2b
- nixpkgs-unstable 1.2.82.428.g0ac8be2b
- nixos-unstable-small 1.2.82.428.g0ac8be2b

pkgs.vimPlugins.nvim-treesitter-parsers.strace

Tree-sitter grammar for strace

nixos-unstable 0.0.0+rev=ac874dd
- nixpkgs-unstable 0.0.0+rev=ac874dd
- nixos-unstable-small 0.0.0+rev=ac874dd

Package maintainers

@ftrvxmtrx Sigrid Solveig Haflínudóttir <ftrvxmtrx@gmail.com>
@Ma27 Maximilian Bosch <maximilian@mbosch.me>
@timokau Timo Kaufmann <timokau@zoho.com>