VYPR

AC9

by Tenda

CVEs (104)

  • CVE-2023-41561CriAug 30, 2023
    risk 0.64cvss 9.8epss 0.01

    Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter startIp and endIp at url /goform/SetPptpServerCfg.

  • CVE-2023-41560CriAug 30, 2023
    risk 0.64cvss 9.8epss 0.01

    Tenda AC9 V3.0 V15.03.06.42_multi was discovered to contain a stack overflow via parameter firewallEn at url /goform/SetFirewallCfg.

  • CVE-2023-41559CriAug 30, 2023
    risk 0.64cvss 9.8epss 0.01

    Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter page at url /goform/NatStaticSetting.

  • CVE-2023-41556CriAug 30, 2023
    risk 0.64cvss 9.8epss 0.01

    Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter list at url /goform/SetIpMacBind.

  • CVE-2023-41554CriAug 30, 2023
    risk 0.64cvss 9.8epss 0.01

    Tenda AC9 V3.0 V15.03.06.42_multi was discovered to contain a stack overflow via parameter wpapsk_crypto at url /goform/WifiExtraSet.

  • CVE-2023-41553CriAug 30, 2023
    risk 0.64cvss 9.8epss 0.01

    Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter list at url /goform/SetStaticRouteCfg.

  • CVE-2023-41552CriAug 30, 2023
    risk 0.64cvss 9.8epss 0.01

    Tenda AC7 V1.0 V15.03.06.44 and Tenda AC9 V3.0 V15.03.06.42_multi were discovered to contain a stack overflow via parameter ssid at url /goform/fast_setting_wifi_set.

  • CVE-2023-38933CriAug 7, 2023
    risk 0.64cvss 9.8epss 0.01

    Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6 and AC9 V3.0 V15.03.06.42_multi, and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function.

  • CVE-2023-38930CriAug 7, 2023
    risk 0.64cvss 9.8epss 0.01

    Tenda AC7 V1.0,V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0,V15.03.06.28, AC9 V3.0,V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function.

  • CVE-2022-36273CriAug 16, 2022
    risk 0.64cvss 9.8epss 0.02

    Tenda AC9 V15.03.2.21_cn is vulnerable to command injection via goform/SetSysTimeCfg.

  • CVE-2022-28560CriMay 3, 2022
    risk 0.64cvss 9.8epss 0.02

    There is a stack overflow vulnerability in the goform/fast_setting_wifi_set function in the httpd service of Tenda ac9 15.03.2.21_cn router. An attacker can obtain a stable shell through a carefully constructed payload

  • CVE-2022-27022CriApr 7, 2022
    risk 0.64cvss 9.8epss 0.02

    There is a stack overflow vulnerability in the SetSysTimeCfg() function in the httpd service of Tenda AC9 V15.03.2.21_cn. The attacker can obtain a stable root shell through a constructed payload.

  • CVE-2022-27016CriApr 7, 2022
    risk 0.64cvss 9.8epss 0.02

    There is a stack overflow vulnerability in the SetStaticRouteCfg() function in the httpd service of Tenda AC9 15.03.2.21_cn.

  • CVE-2022-26278CriMar 28, 2022
    risk 0.64cvss 9.8epss 0.02

    Tenda AC9 v15.03.2.21_cn was discovered to contain a stack overflow via the time parameter in the PowerSaveSet function.

  • CVE-2022-25441CriMar 18, 2022
    risk 0.64cvss 9.8epss 0.05

    Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the vlanid parameter in the SetIPTVCfg function.

  • CVE-2022-25440CriMar 18, 2022
    risk 0.64cvss 9.8epss 0.02

    Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the ntpserver parameter in the SetSysTimeCfg function.

  • CVE-2022-25439CriMar 18, 2022
    risk 0.64cvss 9.8epss 0.02

    Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetIpMacBind function.

  • CVE-2022-25438CriMar 18, 2022
    risk 0.64cvss 9.8epss 0.05

    Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the SetIPTVCfg function.

  • CVE-2022-25437CriMar 18, 2022
    risk 0.64cvss 9.8epss 0.02

    Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetVirtualServerCfg function.

  • CVE-2022-25435CriMar 18, 2022
    risk 0.64cvss 9.8epss 0.02

    Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetStaticRoutecfg function.

Page 2 of 6