AC9
by Tenda
CVEs (104)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-41561 | Cri | 0.64 | 9.8 | 0.01 | Aug 30, 2023 | Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter startIp and endIp at url /goform/SetPptpServerCfg. | ||
| CVE-2023-41560 | Cri | 0.64 | 9.8 | 0.01 | Aug 30, 2023 | Tenda AC9 V3.0 V15.03.06.42_multi was discovered to contain a stack overflow via parameter firewallEn at url /goform/SetFirewallCfg. | ||
| CVE-2023-41559 | Cri | 0.64 | 9.8 | 0.01 | Aug 30, 2023 | Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter page at url /goform/NatStaticSetting. | ||
| CVE-2023-41556 | Cri | 0.64 | 9.8 | 0.01 | Aug 30, 2023 | Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter list at url /goform/SetIpMacBind. | ||
| CVE-2023-41554 | Cri | 0.64 | 9.8 | 0.01 | Aug 30, 2023 | Tenda AC9 V3.0 V15.03.06.42_multi was discovered to contain a stack overflow via parameter wpapsk_crypto at url /goform/WifiExtraSet. | ||
| CVE-2023-41553 | Cri | 0.64 | 9.8 | 0.01 | Aug 30, 2023 | Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter list at url /goform/SetStaticRouteCfg. | ||
| CVE-2023-41552 | Cri | 0.64 | 9.8 | 0.01 | Aug 30, 2023 | Tenda AC7 V1.0 V15.03.06.44 and Tenda AC9 V3.0 V15.03.06.42_multi were discovered to contain a stack overflow via parameter ssid at url /goform/fast_setting_wifi_set. | ||
| CVE-2023-38933 | Cri | 0.64 | 9.8 | 0.01 | Aug 7, 2023 | Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6 and AC9 V3.0 V15.03.06.42_multi, and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function. | ||
| CVE-2023-38930 | Cri | 0.64 | 9.8 | 0.01 | Aug 7, 2023 | Tenda AC7 V1.0,V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0,V15.03.06.28, AC9 V3.0,V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function. | ||
| CVE-2022-36273 | Cri | 0.64 | 9.8 | 0.02 | Aug 16, 2022 | Tenda AC9 V15.03.2.21_cn is vulnerable to command injection via goform/SetSysTimeCfg. | ||
| CVE-2022-28560 | Cri | 0.64 | 9.8 | 0.02 | May 3, 2022 | There is a stack overflow vulnerability in the goform/fast_setting_wifi_set function in the httpd service of Tenda ac9 15.03.2.21_cn router. An attacker can obtain a stable shell through a carefully constructed payload | ||
| CVE-2022-27022 | Cri | 0.64 | 9.8 | 0.02 | Apr 7, 2022 | There is a stack overflow vulnerability in the SetSysTimeCfg() function in the httpd service of Tenda AC9 V15.03.2.21_cn. The attacker can obtain a stable root shell through a constructed payload. | ||
| CVE-2022-27016 | Cri | 0.64 | 9.8 | 0.02 | Apr 7, 2022 | There is a stack overflow vulnerability in the SetStaticRouteCfg() function in the httpd service of Tenda AC9 15.03.2.21_cn. | ||
| CVE-2022-26278 | Cri | 0.64 | 9.8 | 0.02 | Mar 28, 2022 | Tenda AC9 v15.03.2.21_cn was discovered to contain a stack overflow via the time parameter in the PowerSaveSet function. | ||
| CVE-2022-25441 | Cri | 0.64 | 9.8 | 0.05 | Mar 18, 2022 | Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the vlanid parameter in the SetIPTVCfg function. | ||
| CVE-2022-25440 | Cri | 0.64 | 9.8 | 0.02 | Mar 18, 2022 | Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the ntpserver parameter in the SetSysTimeCfg function. | ||
| CVE-2022-25439 | Cri | 0.64 | 9.8 | 0.02 | Mar 18, 2022 | Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetIpMacBind function. | ||
| CVE-2022-25438 | Cri | 0.64 | 9.8 | 0.05 | Mar 18, 2022 | Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the SetIPTVCfg function. | ||
| CVE-2022-25437 | Cri | 0.64 | 9.8 | 0.02 | Mar 18, 2022 | Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetVirtualServerCfg function. | ||
| CVE-2022-25435 | Cri | 0.64 | 9.8 | 0.02 | Mar 18, 2022 | Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetStaticRoutecfg function. |
- risk 0.64cvss 9.8epss 0.01
Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter startIp and endIp at url /goform/SetPptpServerCfg.
- risk 0.64cvss 9.8epss 0.01
Tenda AC9 V3.0 V15.03.06.42_multi was discovered to contain a stack overflow via parameter firewallEn at url /goform/SetFirewallCfg.
- risk 0.64cvss 9.8epss 0.01
Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter page at url /goform/NatStaticSetting.
- risk 0.64cvss 9.8epss 0.01
Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter list at url /goform/SetIpMacBind.
- risk 0.64cvss 9.8epss 0.01
Tenda AC9 V3.0 V15.03.06.42_multi was discovered to contain a stack overflow via parameter wpapsk_crypto at url /goform/WifiExtraSet.
- risk 0.64cvss 9.8epss 0.01
Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter list at url /goform/SetStaticRouteCfg.
- risk 0.64cvss 9.8epss 0.01
Tenda AC7 V1.0 V15.03.06.44 and Tenda AC9 V3.0 V15.03.06.42_multi were discovered to contain a stack overflow via parameter ssid at url /goform/fast_setting_wifi_set.
- risk 0.64cvss 9.8epss 0.01
Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6 and AC9 V3.0 V15.03.06.42_multi, and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function.
- risk 0.64cvss 9.8epss 0.01
Tenda AC7 V1.0,V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0,V15.03.06.28, AC9 V3.0,V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function.
- risk 0.64cvss 9.8epss 0.02
Tenda AC9 V15.03.2.21_cn is vulnerable to command injection via goform/SetSysTimeCfg.
- risk 0.64cvss 9.8epss 0.02
There is a stack overflow vulnerability in the goform/fast_setting_wifi_set function in the httpd service of Tenda ac9 15.03.2.21_cn router. An attacker can obtain a stable shell through a carefully constructed payload
- risk 0.64cvss 9.8epss 0.02
There is a stack overflow vulnerability in the SetSysTimeCfg() function in the httpd service of Tenda AC9 V15.03.2.21_cn. The attacker can obtain a stable root shell through a constructed payload.
- risk 0.64cvss 9.8epss 0.02
There is a stack overflow vulnerability in the SetStaticRouteCfg() function in the httpd service of Tenda AC9 15.03.2.21_cn.
- risk 0.64cvss 9.8epss 0.02
Tenda AC9 v15.03.2.21_cn was discovered to contain a stack overflow via the time parameter in the PowerSaveSet function.
- risk 0.64cvss 9.8epss 0.05
Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the vlanid parameter in the SetIPTVCfg function.
- risk 0.64cvss 9.8epss 0.02
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the ntpserver parameter in the SetSysTimeCfg function.
- risk 0.64cvss 9.8epss 0.02
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetIpMacBind function.
- risk 0.64cvss 9.8epss 0.05
Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the SetIPTVCfg function.
- risk 0.64cvss 9.8epss 0.02
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetVirtualServerCfg function.
- risk 0.64cvss 9.8epss 0.02
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetStaticRoutecfg function.
Page 2 of 6