VYPR

AX3

by Tenda

CVEs (53)

  • CVE-2022-24995CriMar 10, 2022
    risk 0.65cvss 9.8epss 0.14

    Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter.

  • CVE-2021-46393CriMar 4, 2022
    risk 0.65cvss 9.8epss 0.16

    There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v10 variable is directly retrieved from the http request parameter startIp. Then v10 will be splice to stack by function sscanf without any security…

  • CVE-2022-24144CriFeb 4, 2022
    risk 0.65cvss 9.8epss 0.19

    Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function WanParameterSetting. This vulnerability allows attackers to execute arbitrary commands via the gateway, dns1, and dns2 parameters.

  • CVE-2023-51812CriJan 4, 2024
    risk 0.64cvss 9.8epss 0.01

    Tenda AX3 v16.03.12.11 was discovered to contain a remote code execution (RCE) vulnerability via the list parameter at /goform/SetNetControlList.

  • CVE-2023-49409CriDec 7, 2023
    risk 0.64cvss 9.8epss 0.02

    Tenda AX3 V16.03.12.11 was discovered to contain a Command Execution vulnerability via the function /goform/telnet.

  • CVE-2023-49408CriDec 7, 2023
    risk 0.64cvss 9.8epss 0.01

    Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the function set_device_name.

  • CVE-2023-27240CriMar 15, 2023
    risk 0.64cvss 9.8epss 0.03

    Tenda AX3 V16.03.12.11 was discovered to contain a command injection vulnerability via the lanip parameter at /goform/AdvSetLanip.

  • CVE-2023-27239CriMar 15, 2023
    risk 0.64cvss 9.8epss 0.01

    Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the shareSpeed parameter at /goform/WifiGuestSet.

  • CVE-2023-24212CriFeb 23, 2023
    risk 0.64cvss 9.8epss 0.01

    Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the timeType function at /goform/SetSysTimeCfg.

  • CVE-2021-46394CriMar 4, 2022
    risk 0.64cvss 9.8epss 0.03

    There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v13 variable is directly retrieved from the http request parameter startIp. Then v13 will be splice to stack by function sscanf without any security check,…

  • CVE-2022-24150CriFeb 4, 2022
    risk 0.64cvss 9.8epss 0.03

    Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function formSetSafeWanWebMan. This vulnerability allows attackers to execute arbitrary commands via the remoteIp parameter.

  • CVE-2022-24148CriFeb 4, 2022
    risk 0.64cvss 9.8epss 0.03

    Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function mDMZSetCfg. This vulnerability allows attackers to execute arbitrary commands via the dmzIp parameter.

  • CVE-2023-27042HigMar 24, 2023
    risk 0.57cvss 8.8epss 0.01

    Tenda AX3 V16.03.12.11 is vulnerable to Buffer Overflow via /goform/SetFirewallCfg.

  • CVE-2023-40915HigAug 25, 2023
    risk 0.49cvss 7.5epss 0.01

    Tenda AX3 v16.03.12.11 has a stack buffer overflow vulnerability detected at function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ssid parameter.

  • CVE-2022-24163HigFeb 4, 2022
    risk 0.49cvss 7.5epss 0.01

    Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the timeZone parameter.

  • CVE-2022-24162HigFeb 4, 2022
    risk 0.49cvss 7.5epss 0.01

    Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter.

  • CVE-2022-24161HigFeb 4, 2022
    risk 0.49cvss 7.5epss 0.01

    Tenda AX3 v16.03.12.10_CN was discovered to contain a heap overflow in the function GetParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the mac parameter.

  • CVE-2022-24160HigFeb 4, 2022
    risk 0.49cvss 7.5epss 0.01

    Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetDeviceName. This vulnerability allows attackers to cause a Denial of Service (DoS) via the devName parameter.

  • CVE-2022-24159HigFeb 4, 2022
    risk 0.49cvss 7.5epss 0.01

    Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetPPTPServer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the startIp and endIp parameters.

  • CVE-2022-24158HigFeb 4, 2022
    risk 0.49cvss 7.5epss 0.01

    Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetIpMacBind. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.

Page 1 of 3