AX1803
by Tenda
CVEs (102)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-49046 | Cri | 0.64 | 9.8 | 0.01 | Nov 27, 2023 | Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the devName parameter in the function formAddMacfilterRule. | ||
| CVE-2022-40876 | Cri | 0.64 | 9.8 | 0.02 | Oct 27, 2022 | In Tenda ax1803 v1.0.0.1, the http requests handled by the fromAdvSetMacMtuWan functions, wanSpeed, cloneType, mac, can cause a stack overflow and enable remote code execution (RCE). | ||
| CVE-2022-34597 | Cri | 0.64 | 9.8 | 0.02 | Jul 6, 2022 | Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability via the function WanParameterSetting. | ||
| CVE-2022-34596 | Cri | 0.64 | 9.8 | 0.02 | Jul 6, 2022 | Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function WanParameterSetting. | ||
| CVE-2022-34595 | Cri | 0.64 | 9.8 | 0.02 | Jul 6, 2022 | Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function setipv6status. | ||
| CVE-2022-32032 | Cri | 0.64 | 9.8 | 0.09 | Jul 1, 2022 | Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the deviceList parameter in the function formAddMacfilterRule. | ||
| CVE-2023-47456 | Cri | 0.59 | 9.1 | 0.01 | Nov 7, 2023 | Tenda AX1806 V1.0.0.1 contains a stack overflow vulnerability in function sub_455D4, called by function fromSetWirelessRepeat. | ||
| CVE-2023-47455 | Cri | 0.59 | 9.1 | 0.01 | Nov 7, 2023 | Tenda AX1806 V1.0.0.1 contains a heap overflow vulnerability in setSchedWifi function, in which the src and v12 are directly obtained from http request parameter schedStartTime and schedEndTime without checking their size. | ||
| CVE-2024-4236 | Hig | 0.58 | 8.8 | 0.15 | Apr 26, 2024 | A vulnerability, which was classified as critical, has been found in Tenda AX1803 1.0.0.1. This issue affects the function formSetSysToolDDNS of the file /goform/SetDDNSCfg. The manipulation of the argument serverName/ddnsUser/ddnsPwd/ddnsDomain leads to stack-based buffer… | ||
| CVE-2025-7598 | Hig | 0.57 | 8.8 | 0.01 | Jul 14, 2025 | A vulnerability classified as critical was found in Tenda AX1803 1.0.0.1. Affected by this vulnerability is the function formSetWifiMacFilterCfg of the file /goform/setWifiFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack can… | ||
| CVE-2025-7597 | Hig | 0.57 | 8.8 | 0.01 | Jul 14, 2025 | A vulnerability classified as critical has been found in Tenda AX1803 1.0.0.1. Affected is the function formSetMacFilterCfg of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. It is possible to launch the attack… | ||
| CVE-2024-4239 | Hig | 0.57 | 8.8 | 0.01 | Apr 26, 2024 | A vulnerability was found in Tenda AX1806 1.0.0.1 and classified as critical. Affected by this issue is the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack may be… | ||
| CVE-2024-4238 | Hig | 0.57 | 8.8 | 0.01 | Apr 26, 2024 | A vulnerability has been found in Tenda AX1806 1.0.0.1 and classified as critical. Affected by this vulnerability is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack can… | ||
| CVE-2024-4237 | Hig | 0.57 | 8.8 | 0.01 | Apr 26, 2024 | A vulnerability, which was classified as critical, was found in Tenda AX1806 1.0.0.1. Affected is the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to launch the… | ||
| CVE-2022-45781 | Hig | 0.57 | 8.8 | 0.01 | Nov 14, 2023 | Buffer Overflow vulnerability in Tenda AX1803 v1.0.0.1_2994 and earlier allows attackers to run arbitrary code via /goform/SetOnlineDevName. | ||
| CVE-2022-28572 | Hig | 0.57 | 8.8 | 0.03 | May 2, 2022 | Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability in `SetIPv6Status` function | ||
| CVE-2024-35578 | Hig | 0.52 | 8.0 | 0.00 | May 20, 2024 | Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formSetIptv. | ||
| CVE-2022-37824 | Hig | 0.51 | 7.8 | 0.00 | Aug 25, 2022 | Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGusetBasic. | ||
| CVE-2022-37823 | Hig | 0.51 | 7.8 | 0.00 | Aug 25, 2022 | Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function formSetVirtualSer. | ||
| CVE-2022-37822 | Hig | 0.51 | 7.8 | 0.00 | Aug 25, 2022 | Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the function fromSetRouteStatic. |
- risk 0.64cvss 9.8epss 0.01
Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the devName parameter in the function formAddMacfilterRule.
- risk 0.64cvss 9.8epss 0.02
In Tenda ax1803 v1.0.0.1, the http requests handled by the fromAdvSetMacMtuWan functions, wanSpeed, cloneType, mac, can cause a stack overflow and enable remote code execution (RCE).
- risk 0.64cvss 9.8epss 0.02
Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability via the function WanParameterSetting.
- risk 0.64cvss 9.8epss 0.02
Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function WanParameterSetting.
- risk 0.64cvss 9.8epss 0.02
Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function setipv6status.
- risk 0.64cvss 9.8epss 0.09
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the deviceList parameter in the function formAddMacfilterRule.
- risk 0.59cvss 9.1epss 0.01
Tenda AX1806 V1.0.0.1 contains a stack overflow vulnerability in function sub_455D4, called by function fromSetWirelessRepeat.
- risk 0.59cvss 9.1epss 0.01
Tenda AX1806 V1.0.0.1 contains a heap overflow vulnerability in setSchedWifi function, in which the src and v12 are directly obtained from http request parameter schedStartTime and schedEndTime without checking their size.
- risk 0.58cvss 8.8epss 0.15
A vulnerability, which was classified as critical, has been found in Tenda AX1803 1.0.0.1. This issue affects the function formSetSysToolDDNS of the file /goform/SetDDNSCfg. The manipulation of the argument serverName/ddnsUser/ddnsPwd/ddnsDomain leads to stack-based buffer…
- risk 0.57cvss 8.8epss 0.01
A vulnerability classified as critical was found in Tenda AX1803 1.0.0.1. Affected by this vulnerability is the function formSetWifiMacFilterCfg of the file /goform/setWifiFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack can…
- risk 0.57cvss 8.8epss 0.01
A vulnerability classified as critical has been found in Tenda AX1803 1.0.0.1. Affected is the function formSetMacFilterCfg of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. It is possible to launch the attack…
- risk 0.57cvss 8.8epss 0.01
A vulnerability was found in Tenda AX1806 1.0.0.1 and classified as critical. Affected by this issue is the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack may be…
- risk 0.57cvss 8.8epss 0.01
A vulnerability has been found in Tenda AX1806 1.0.0.1 and classified as critical. Affected by this vulnerability is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack can…
- risk 0.57cvss 8.8epss 0.01
A vulnerability, which was classified as critical, was found in Tenda AX1806 1.0.0.1. Affected is the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to launch the…
- risk 0.57cvss 8.8epss 0.01
Buffer Overflow vulnerability in Tenda AX1803 v1.0.0.1_2994 and earlier allows attackers to run arbitrary code via /goform/SetOnlineDevName.
- risk 0.57cvss 8.8epss 0.03
Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability in `SetIPv6Status` function
- risk 0.52cvss 8.0epss 0.00
Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formSetIptv.
- risk 0.51cvss 7.8epss 0.00
Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGusetBasic.
- risk 0.51cvss 7.8epss 0.00
Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function formSetVirtualSer.
- risk 0.51cvss 7.8epss 0.00
Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the function fromSetRouteStatic.
Page 3 of 6