Mastodawn

🔥 CVE-2026-4567: Critical stack buffer overflow in Tenda A15 (v15.13.07.13). Remote, unauthenticated code execution possible via /cgi-bin/UploadCfg. Patch or restrict access immediately! https://radar.offseq.com/threat/cve-2026-4567-stack-based-buffer-overflow-in-tenda-27ff1845 #OffSeq #infosec #routersecurity #CVE20264567

🚩 CRITICAL: CVE-2026-4252 impacts Tenda AC8 (16.03.50.11). IP-based auth in IPv6 Handler lets remote attackers bypass login. Exploit is public. Disable remote mgmt, restrict access, monitor traffic. Details: https://radar.offseq.com/threat/cve-2026-4252-reliance-on-ip-address-for-authentic-a9de4650 #OffSeq #CVE #RouterSecurity #Infosec

🚨 CRITICAL: CVE-2026-4254 in Tenda AC8 (fw ≤16.03.50.11) enables remote stack buffer overflow via /goform/SysToolChangePwd. Public exploit out — isolate & monitor! No patch yet. https://radar.offseq.com/threat/cve-2026-4254-stack-based-buffer-overflow-in-tenda-501e8b3e #OffSeq #CVE20264254 #RouterSecurity #Vuln

🚩 CVE-2026-4164 (CRITICAL): Wavlink WL-WN578W2 (221110) is vulnerable to remote command injection via POST to /cgi-bin/wireless.cgi. Public exploit is out. Restrict access, monitor logs, and upgrade ASAP. https://radar.offseq.com/threat/cve-2026-4164-command-injection-in-wavlink-wl-wn57-c028dcbd #OffSeq #CVE #RouterSecurity #IoTSecurity

🚨 HIGH severity: CVE-2026-4167 in Belkin F9K1122 (1.00.33) enables remote code execution via stack buffer overflow — no auth needed, no patch. Isolate, restrict, and monitor now! https://radar.offseq.com/threat/cve-2026-4167-stack-based-buffer-overflow-in-belki-ac4818a6 #OffSeq #infosec #routersecurity #CVE20264167

🚨 CVE-2026-4164 (CRITICAL, CVSS 9.3) in Wavlink WL-WN578W2 (v221110): Unauth'd command injection via /cgi-bin/wireless.cgi. Public exploit released. Patch ASAP or restrict access! https://radar.offseq.com/threat/cve-2026-4164-command-injection-in-wavlink-wl-wn57-c028dcbd #OffSeq #CVE #RouterSecurity #Infosec

🚨 CVE-2026-4163 (CRITICAL): Wavlink WL-WN579A3 routers (v220323) have a command injection bug in /cgi-bin/wireless.cgi. Public exploit code available — restrict remote mgmt, monitor logs, and patch ASAP. https://radar.offseq.com/threat/cve-2026-4163-command-injection-in-wavlink-wl-wn57-5fa0760b #OffSeq #CVE20264163 #infosec #routersecurity

🚨 KadNap malware is hijacking Asus routers and enrolling them into a malicious proxy botnet used by cybercriminals.

The botnet hides its infrastructure using a Kademlia DHT-based C2 network, making it harder to track and disrupt.

🚩 CVE-2026-3768 (HIGH, CVSS 8.7): Stack buffer overflow in Tenda F453 v1.0.0.3 — remote, unauthenticated exploit possible. Public exploit code released. Patch ASAP or restrict remote access! https://radar.offseq.com/threat/cve-2026-3768-stack-based-buffer-overflow-in-tenda-9b634f69 #OffSeq #CVE20263768 #RouterSecurity #Infosec

🛑 CVE-2026-3732: HIGH severity stack buffer overflow in Tenda F453 (v1.0.0.3). Remote, unauthenticated code execution risk — no patch yet. Block remote mgmt & monitor endpoints. Details: https://radar.offseq.com/threat/cve-2026-3732-stack-based-buffer-overflow-in-tenda-41443da2 #OffSeq #Vuln #RouterSecurity #CVE20263732