VYPR

AX1803

by Tenda

CVEs (102)

  • CVE-2023-49046CriNov 27, 2023
    risk 0.64cvss 9.8epss 0.01

    Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the devName parameter in the function formAddMacfilterRule.

  • CVE-2022-40876CriOct 27, 2022
    risk 0.64cvss 9.8epss 0.02

    In Tenda ax1803 v1.0.0.1, the http requests handled by the fromAdvSetMacMtuWan functions, wanSpeed, cloneType, mac, can cause a stack overflow and enable remote code execution (RCE).

  • CVE-2022-34597CriJul 6, 2022
    risk 0.64cvss 9.8epss 0.02

    Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability via the function WanParameterSetting.

  • CVE-2022-34596CriJul 6, 2022
    risk 0.64cvss 9.8epss 0.02

    Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function WanParameterSetting.

  • CVE-2022-34595CriJul 6, 2022
    risk 0.64cvss 9.8epss 0.02

    Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function setipv6status.

  • CVE-2022-32032CriJul 1, 2022
    risk 0.64cvss 9.8epss 0.09

    Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the deviceList parameter in the function formAddMacfilterRule.

  • CVE-2023-47456CriNov 7, 2023
    risk 0.59cvss 9.1epss 0.01

    Tenda AX1806 V1.0.0.1 contains a stack overflow vulnerability in function sub_455D4, called by function fromSetWirelessRepeat.

  • CVE-2023-47455CriNov 7, 2023
    risk 0.59cvss 9.1epss 0.01

    Tenda AX1806 V1.0.0.1 contains a heap overflow vulnerability in setSchedWifi function, in which the src and v12 are directly obtained from http request parameter schedStartTime and schedEndTime without checking their size.

  • CVE-2024-4236HigApr 26, 2024
    risk 0.58cvss 8.8epss 0.15

    A vulnerability, which was classified as critical, has been found in Tenda AX1803 1.0.0.1. This issue affects the function formSetSysToolDDNS of the file /goform/SetDDNSCfg. The manipulation of the argument serverName/ddnsUser/ddnsPwd/ddnsDomain leads to stack-based buffer…

  • CVE-2025-7598HigJul 14, 2025
    risk 0.57cvss 8.8epss 0.01

    A vulnerability classified as critical was found in Tenda AX1803 1.0.0.1. Affected by this vulnerability is the function formSetWifiMacFilterCfg of the file /goform/setWifiFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack can…

  • CVE-2025-7597HigJul 14, 2025
    risk 0.57cvss 8.8epss 0.01

    A vulnerability classified as critical has been found in Tenda AX1803 1.0.0.1. Affected is the function formSetMacFilterCfg of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. It is possible to launch the attack…

  • CVE-2024-4239HigApr 26, 2024
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was found in Tenda AX1806 1.0.0.1 and classified as critical. Affected by this issue is the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack may be…

  • CVE-2024-4238HigApr 26, 2024
    risk 0.57cvss 8.8epss 0.01

    A vulnerability has been found in Tenda AX1806 1.0.0.1 and classified as critical. Affected by this vulnerability is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack can…

  • CVE-2024-4237HigApr 26, 2024
    risk 0.57cvss 8.8epss 0.01

    A vulnerability, which was classified as critical, was found in Tenda AX1806 1.0.0.1. Affected is the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to launch the…

  • CVE-2022-45781HigNov 14, 2023
    risk 0.57cvss 8.8epss 0.01

    Buffer Overflow vulnerability in Tenda AX1803 v1.0.0.1_2994 and earlier allows attackers to run arbitrary code via /goform/SetOnlineDevName.

  • CVE-2022-28572HigMay 2, 2022
    risk 0.57cvss 8.8epss 0.03

    Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability in `SetIPv6Status` function

  • CVE-2024-35578HigMay 20, 2024
    risk 0.52cvss 8.0epss 0.00

    Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formSetIptv.

  • CVE-2022-37824HigAug 25, 2022
    risk 0.51cvss 7.8epss 0.00

    Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGusetBasic.

  • CVE-2022-37823HigAug 25, 2022
    risk 0.51cvss 7.8epss 0.00

    Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function formSetVirtualSer.

  • CVE-2022-37822HigAug 25, 2022
    risk 0.51cvss 7.8epss 0.00

    Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the function fromSetRouteStatic.

Page 3 of 6