M3
by Tenda
CVEs (46)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-51092 | Cri | 0.65 | 9.8 | 0.13 | Dec 26, 2023 | Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function upgrade. | ||
| CVE-2023-51094 | Cri | 0.64 | 9.8 | 0.01 | Dec 26, 2023 | Tenda M3 V1.0.0.12(4856) was discovered to contain a Command Execution vulnerability via the function TendaTelnet. | ||
| CVE-2023-51093 | Cri | 0.64 | 9.8 | 0.01 | Dec 26, 2023 | Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function fromSetLocalVlanInfo. | ||
| CVE-2023-51091 | Cri | 0.64 | 9.8 | 0.08 | Dec 26, 2023 | Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function R7WebsSecurityHandler. | ||
| CVE-2023-51090 | Cri | 0.64 | 9.8 | 0.01 | Dec 26, 2023 | Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function formGetWeiXinConfig. | ||
| CVE-2023-51095 | Cri | 0.64 | 9.8 | 0.01 | Dec 26, 2023 | Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function formDelWlRfPolicy. | ||
| CVE-2022-27083 | Cri | 0.64 | 9.8 | 0.03 | Mar 24, 2022 | Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadAccessCodePic. | ||
| CVE-2022-27082 | Cri | 0.64 | 9.8 | 0.03 | Mar 24, 2022 | Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetInternetLanInfo. | ||
| CVE-2022-27081 | Cri | 0.64 | 9.8 | 0.03 | Mar 24, 2022 | Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetLanInfo. | ||
| CVE-2022-27080 | Cri | 0.64 | 9.8 | 0.03 | Mar 24, 2022 | Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setWorkmode. | ||
| CVE-2022-27079 | Cri | 0.64 | 9.8 | 0.03 | Mar 24, 2022 | Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setPicListItem. | ||
| CVE-2022-27078 | Cri | 0.64 | 9.8 | 0.03 | Mar 24, 2022 | Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setAdInfoDetail. | ||
| CVE-2022-27077 | Cri | 0.64 | 9.8 | 0.03 | Mar 24, 2022 | Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadWeiXinPic. | ||
| CVE-2022-27076 | Cri | 0.64 | 9.8 | 0.03 | Mar 24, 2022 | Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/delAd. | ||
| CVE-2022-26536 | Cri | 0.64 | 9.8 | 0.03 | Mar 24, 2022 | Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setFixTools. | ||
| CVE-2022-26290 | Cri | 0.64 | 9.8 | 0.03 | Mar 24, 2022 | Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/WriteFacMac. | ||
| CVE-2022-26289 | Cri | 0.64 | 9.8 | 0.03 | Mar 24, 2022 | Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/exeCommand. | ||
| CVE-2026-5567 | Hig | 0.57 | 8.8 | 0.01 | Apr 5, 2026 | A flaw has been found in Tenda M3 1.0.0.10. This vulnerability affects the function setAdvPolicyData of the file /goform/setAdvPolicyData of the component Destination Handler. Executing a manipulation of the argument policyType can lead to buffer overflow. The attack can be… | ||
| CVE-2022-32035 | Hig | 0.50 | 7.5 | 0.13 | Jul 1, 2022 | Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formMasterMng. | ||
| CVE-2022-38571 | Hig | 0.49 | 7.5 | 0.01 | Aug 28, 2022 | Tenda M3 V1.0.0.12(4856) was discovered to contain a buffer overflow in the function formSetGuideListItem. |
- risk 0.65cvss 9.8epss 0.13
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function upgrade.
- risk 0.64cvss 9.8epss 0.01
Tenda M3 V1.0.0.12(4856) was discovered to contain a Command Execution vulnerability via the function TendaTelnet.
- risk 0.64cvss 9.8epss 0.01
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function fromSetLocalVlanInfo.
- risk 0.64cvss 9.8epss 0.08
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function R7WebsSecurityHandler.
- risk 0.64cvss 9.8epss 0.01
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function formGetWeiXinConfig.
- risk 0.64cvss 9.8epss 0.01
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function formDelWlRfPolicy.
- risk 0.64cvss 9.8epss 0.03
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadAccessCodePic.
- risk 0.64cvss 9.8epss 0.03
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetInternetLanInfo.
- risk 0.64cvss 9.8epss 0.03
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetLanInfo.
- risk 0.64cvss 9.8epss 0.03
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setWorkmode.
- risk 0.64cvss 9.8epss 0.03
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setPicListItem.
- risk 0.64cvss 9.8epss 0.03
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setAdInfoDetail.
- risk 0.64cvss 9.8epss 0.03
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadWeiXinPic.
- risk 0.64cvss 9.8epss 0.03
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/delAd.
- risk 0.64cvss 9.8epss 0.03
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setFixTools.
- risk 0.64cvss 9.8epss 0.03
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/WriteFacMac.
- risk 0.64cvss 9.8epss 0.03
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/exeCommand.
- risk 0.57cvss 8.8epss 0.01
A flaw has been found in Tenda M3 1.0.0.10. This vulnerability affects the function setAdvPolicyData of the file /goform/setAdvPolicyData of the component Destination Handler. Executing a manipulation of the argument policyType can lead to buffer overflow. The attack can be…
- risk 0.50cvss 7.5epss 0.13
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formMasterMng.
- risk 0.49cvss 7.5epss 0.01
Tenda M3 V1.0.0.12(4856) was discovered to contain a buffer overflow in the function formSetGuideListItem.
Page 1 of 3