AX3
by Tenda
CVEs (53)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-24995 | Cri | 0.65 | 9.8 | 0.14 | Mar 10, 2022 | Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter. | ||
| CVE-2021-46393 | Cri | 0.65 | 9.8 | 0.16 | Mar 4, 2022 | There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v10 variable is directly retrieved from the http request parameter startIp. Then v10 will be splice to stack by function sscanf without any security… | ||
| CVE-2022-24144 | Cri | 0.65 | 9.8 | 0.19 | Feb 4, 2022 | Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function WanParameterSetting. This vulnerability allows attackers to execute arbitrary commands via the gateway, dns1, and dns2 parameters. | ||
| CVE-2023-51812 | Cri | 0.64 | 9.8 | 0.01 | Jan 4, 2024 | Tenda AX3 v16.03.12.11 was discovered to contain a remote code execution (RCE) vulnerability via the list parameter at /goform/SetNetControlList. | ||
| CVE-2023-49409 | Cri | 0.64 | 9.8 | 0.02 | Dec 7, 2023 | Tenda AX3 V16.03.12.11 was discovered to contain a Command Execution vulnerability via the function /goform/telnet. | ||
| CVE-2023-49408 | Cri | 0.64 | 9.8 | 0.01 | Dec 7, 2023 | Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the function set_device_name. | ||
| CVE-2023-27240 | Cri | 0.64 | 9.8 | 0.03 | Mar 15, 2023 | Tenda AX3 V16.03.12.11 was discovered to contain a command injection vulnerability via the lanip parameter at /goform/AdvSetLanip. | ||
| CVE-2023-27239 | Cri | 0.64 | 9.8 | 0.01 | Mar 15, 2023 | Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the shareSpeed parameter at /goform/WifiGuestSet. | ||
| CVE-2023-24212 | Cri | 0.64 | 9.8 | 0.01 | Feb 23, 2023 | Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the timeType function at /goform/SetSysTimeCfg. | ||
| CVE-2021-46394 | Cri | 0.64 | 9.8 | 0.03 | Mar 4, 2022 | There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v13 variable is directly retrieved from the http request parameter startIp. Then v13 will be splice to stack by function sscanf without any security check,… | ||
| CVE-2022-24150 | Cri | 0.64 | 9.8 | 0.03 | Feb 4, 2022 | Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function formSetSafeWanWebMan. This vulnerability allows attackers to execute arbitrary commands via the remoteIp parameter. | ||
| CVE-2022-24148 | Cri | 0.64 | 9.8 | 0.03 | Feb 4, 2022 | Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function mDMZSetCfg. This vulnerability allows attackers to execute arbitrary commands via the dmzIp parameter. | ||
| CVE-2023-27042 | Hig | 0.57 | 8.8 | 0.01 | Mar 24, 2023 | Tenda AX3 V16.03.12.11 is vulnerable to Buffer Overflow via /goform/SetFirewallCfg. | ||
| CVE-2023-40915 | Hig | 0.49 | 7.5 | 0.01 | Aug 25, 2023 | Tenda AX3 v16.03.12.11 has a stack buffer overflow vulnerability detected at function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ssid parameter. | ||
| CVE-2022-24163 | Hig | 0.49 | 7.5 | 0.01 | Feb 4, 2022 | Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the timeZone parameter. | ||
| CVE-2022-24162 | Hig | 0.49 | 7.5 | 0.01 | Feb 4, 2022 | Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter. | ||
| CVE-2022-24161 | Hig | 0.49 | 7.5 | 0.01 | Feb 4, 2022 | Tenda AX3 v16.03.12.10_CN was discovered to contain a heap overflow in the function GetParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the mac parameter. | ||
| CVE-2022-24160 | Hig | 0.49 | 7.5 | 0.01 | Feb 4, 2022 | Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetDeviceName. This vulnerability allows attackers to cause a Denial of Service (DoS) via the devName parameter. | ||
| CVE-2022-24159 | Hig | 0.49 | 7.5 | 0.01 | Feb 4, 2022 | Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetPPTPServer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the startIp and endIp parameters. | ||
| CVE-2022-24158 | Hig | 0.49 | 7.5 | 0.01 | Feb 4, 2022 | Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetIpMacBind. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. |
- risk 0.65cvss 9.8epss 0.14
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter.
- risk 0.65cvss 9.8epss 0.16
There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v10 variable is directly retrieved from the http request parameter startIp. Then v10 will be splice to stack by function sscanf without any security…
- risk 0.65cvss 9.8epss 0.19
Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function WanParameterSetting. This vulnerability allows attackers to execute arbitrary commands via the gateway, dns1, and dns2 parameters.
- risk 0.64cvss 9.8epss 0.01
Tenda AX3 v16.03.12.11 was discovered to contain a remote code execution (RCE) vulnerability via the list parameter at /goform/SetNetControlList.
- risk 0.64cvss 9.8epss 0.02
Tenda AX3 V16.03.12.11 was discovered to contain a Command Execution vulnerability via the function /goform/telnet.
- risk 0.64cvss 9.8epss 0.01
Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the function set_device_name.
- risk 0.64cvss 9.8epss 0.03
Tenda AX3 V16.03.12.11 was discovered to contain a command injection vulnerability via the lanip parameter at /goform/AdvSetLanip.
- risk 0.64cvss 9.8epss 0.01
Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the shareSpeed parameter at /goform/WifiGuestSet.
- risk 0.64cvss 9.8epss 0.01
Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the timeType function at /goform/SetSysTimeCfg.
- risk 0.64cvss 9.8epss 0.03
There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v13 variable is directly retrieved from the http request parameter startIp. Then v13 will be splice to stack by function sscanf without any security check,…
- risk 0.64cvss 9.8epss 0.03
Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function formSetSafeWanWebMan. This vulnerability allows attackers to execute arbitrary commands via the remoteIp parameter.
- risk 0.64cvss 9.8epss 0.03
Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function mDMZSetCfg. This vulnerability allows attackers to execute arbitrary commands via the dmzIp parameter.
- risk 0.57cvss 8.8epss 0.01
Tenda AX3 V16.03.12.11 is vulnerable to Buffer Overflow via /goform/SetFirewallCfg.
- risk 0.49cvss 7.5epss 0.01
Tenda AX3 v16.03.12.11 has a stack buffer overflow vulnerability detected at function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ssid parameter.
- risk 0.49cvss 7.5epss 0.01
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the timeZone parameter.
- risk 0.49cvss 7.5epss 0.01
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter.
- risk 0.49cvss 7.5epss 0.01
Tenda AX3 v16.03.12.10_CN was discovered to contain a heap overflow in the function GetParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the mac parameter.
- risk 0.49cvss 7.5epss 0.01
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetDeviceName. This vulnerability allows attackers to cause a Denial of Service (DoS) via the devName parameter.
- risk 0.49cvss 7.5epss 0.01
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetPPTPServer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the startIp and endIp parameters.
- risk 0.49cvss 7.5epss 0.01
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetIpMacBind. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.
Page 1 of 3