AX12
by Tenda
CVEs (30)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-28383 | Cri | 0.64 | 9.8 | 0.01 | Mar 14, 2024 | Tenda AX12 v1.0 v22.03.01.16 was discovered to contain a stack overflow via the ssid parameter in the sub_431CF0 function. | ||
| CVE-2023-49437 | Cri | 0.64 | 9.8 | 0.02 | Dec 7, 2023 | Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList. | ||
| CVE-2023-49428 | Cri | 0.64 | 9.8 | 0.03 | Dec 7, 2023 | Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac' parameter at /goform/SetOnlineDevName. | ||
| CVE-2023-49426 | Cri | 0.64 | 9.8 | 0.01 | Dec 7, 2023 | Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetStaticRouteCfg. | ||
| CVE-2023-49425 | Cri | 0.64 | 9.8 | 0.01 | Dec 7, 2023 | Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg . | ||
| CVE-2023-49424 | Cri | 0.64 | 9.8 | 0.01 | Dec 7, 2023 | Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg. | ||
| CVE-2022-45995 | Cri | 0.64 | 9.8 | 0.01 | Jan 5, 2023 | There is an unauthorized buffer overflow vulnerability in Tenda AX12 v22.03.01.21 _ cn. This vulnerability can cause the web service not to restart or even execute arbitrary code. It is a different vulnerability from CVE-2022-2414. | ||
| CVE-2022-28082 | Cri | 0.64 | 9.8 | 0.09 | May 4, 2022 | Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the list parameter at /goform/SetNetControlList. | ||
| CVE-2022-28561 | Cri | 0.64 | 9.8 | 0.10 | May 3, 2022 | There is a stack overflow vulnerability in the /goform/setMacFilterCfg function in the httpd service of Tenda ax12 22.03.01.21_cn router. An attacker can obtain a stable shell through a carefully constructed payload | ||
| CVE-2022-45980 | Hig | 0.58 | 8.8 | 0.07 | Dec 12, 2022 | Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via /goform/SysToolRestoreSet . | ||
| CVE-2023-47422 | Hig | 0.57 | 8.8 | 0.00 | Feb 20, 2024 | An access control issue in /usr/sbin/httpd in Tenda TX9 V1 V22.03.02.54, Tenda AX3 V3 V16.03.12.11, Tenda AX9 V1 V22.03.01.46, and Tenda AX12 V1 V22.03.01.46 allows attackers to bypass authentication on any endpoint via a crafted URL. | ||
| CVE-2022-45977 | Hig | 0.57 | 8.8 | 0.02 | Dec 12, 2022 | Tenda AX12 V22.03.01.21_CN was found to have a command injection vulnerability via /goform/setMacFilterCfg function. | ||
| CVE-2022-45043 | Hig | 0.57 | 8.8 | 0.02 | Dec 12, 2022 | Tenda AX12 V22.03.01.16_cn is vulnerable to command injection via goform/fast_setting_internet_set. | ||
| CVE-2021-45392 | Hig | 0.50 | 7.5 | 0.12 | Feb 14, 2022 | A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01.21_CN in the sub_422CE4 function in page /goform/setIPv6Status via the prefixDelegate parameter, which causes a Denial of Service. | ||
| CVE-2025-29214 | Hig | 0.49 | 7.5 | 0.01 | Mar 20, 2025 | Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow via the sub_42F69C function at /goform/setMacFilterCfg. | ||
| CVE-2023-49427 | Hig | 0.49 | 7.5 | 0.01 | Jan 10, 2024 | Buffer Overflow vulnerability in Tenda AX12 V22.03.01.46, allows remote attackers to cause a denial of service (DoS) via list parameter in SetNetControlList function. | ||
| CVE-2022-45979 | Hig | 0.49 | 7.5 | 0.01 | Dec 12, 2022 | Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the ssid parameter at /goform/fast_setting_wifi_set . | ||
| CVE-2022-28917 | Hig | 0.49 | 7.5 | 0.09 | May 18, 2022 | Tenda AX12 v22.03.01.21_cn was discovered to contain a stack overflow via the lanIp parameter in /goform/AdvSetLanIp. | ||
| CVE-2022-25561 | Hig | 0.49 | 7.5 | 0.01 | Mar 10, 2022 | Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_42DE00. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. | ||
| CVE-2022-25560 | Hig | 0.49 | 7.5 | 0.01 | Mar 10, 2022 | Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_4327CC. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. |
- risk 0.64cvss 9.8epss 0.01
Tenda AX12 v1.0 v22.03.01.16 was discovered to contain a stack overflow via the ssid parameter in the sub_431CF0 function.
- risk 0.64cvss 9.8epss 0.02
Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList.
- risk 0.64cvss 9.8epss 0.03
Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac' parameter at /goform/SetOnlineDevName.
- risk 0.64cvss 9.8epss 0.01
Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetStaticRouteCfg.
- risk 0.64cvss 9.8epss 0.01
Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg .
- risk 0.64cvss 9.8epss 0.01
Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg.
- risk 0.64cvss 9.8epss 0.01
There is an unauthorized buffer overflow vulnerability in Tenda AX12 v22.03.01.21 _ cn. This vulnerability can cause the web service not to restart or even execute arbitrary code. It is a different vulnerability from CVE-2022-2414.
- risk 0.64cvss 9.8epss 0.09
Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the list parameter at /goform/SetNetControlList.
- risk 0.64cvss 9.8epss 0.10
There is a stack overflow vulnerability in the /goform/setMacFilterCfg function in the httpd service of Tenda ax12 22.03.01.21_cn router. An attacker can obtain a stable shell through a carefully constructed payload
- risk 0.58cvss 8.8epss 0.07
Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via /goform/SysToolRestoreSet .
- risk 0.57cvss 8.8epss 0.00
An access control issue in /usr/sbin/httpd in Tenda TX9 V1 V22.03.02.54, Tenda AX3 V3 V16.03.12.11, Tenda AX9 V1 V22.03.01.46, and Tenda AX12 V1 V22.03.01.46 allows attackers to bypass authentication on any endpoint via a crafted URL.
- risk 0.57cvss 8.8epss 0.02
Tenda AX12 V22.03.01.21_CN was found to have a command injection vulnerability via /goform/setMacFilterCfg function.
- risk 0.57cvss 8.8epss 0.02
Tenda AX12 V22.03.01.16_cn is vulnerable to command injection via goform/fast_setting_internet_set.
- risk 0.50cvss 7.5epss 0.12
A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01.21_CN in the sub_422CE4 function in page /goform/setIPv6Status via the prefixDelegate parameter, which causes a Denial of Service.
- risk 0.49cvss 7.5epss 0.01
Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow via the sub_42F69C function at /goform/setMacFilterCfg.
- risk 0.49cvss 7.5epss 0.01
Buffer Overflow vulnerability in Tenda AX12 V22.03.01.46, allows remote attackers to cause a denial of service (DoS) via list parameter in SetNetControlList function.
- risk 0.49cvss 7.5epss 0.01
Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the ssid parameter at /goform/fast_setting_wifi_set .
- risk 0.49cvss 7.5epss 0.09
Tenda AX12 v22.03.01.21_cn was discovered to contain a stack overflow via the lanIp parameter in /goform/AdvSetLanIp.
- risk 0.49cvss 7.5epss 0.01
Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_42DE00. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.
- risk 0.49cvss 7.5epss 0.01
Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_4327CC. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.
Page 1 of 2