AX12
by Tenda
CVEs (25)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-45043 | 0.01 | — | 0.18 | Dec 12, 2022 | Tenda AX12 V22.03.01.16_cn is vulnerable to command injection via goform/fast_setting_internet_set. | |||
| CVE-2022-45977 | 0.01 | — | 0.18 | Dec 12, 2022 | Tenda AX12 V22.03.01.21_CN was found to have a command injection vulnerability via /goform/setMacFilterCfg function. | |||
| CVE-2025-29215 | 0.00 | — | 0.00 | Mar 20, 2025 | Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow via the sub_43fdcc function at /goform/SetNetControlList. | |||
| CVE-2025-29214 | 0.00 | — | 0.00 | Mar 20, 2025 | Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow via the sub_42F69C function at /goform/setMacFilterCfg. | |||
| CVE-2024-40503 | 0.00 | — | 0.01 | Jul 16, 2024 | An issue in Tenda AX12 v.16.03.49.18_cn+ allows a remote attacker to cause a denial of service via the Routing functionality and ICMP packet handling. | |||
| CVE-2024-40412 | 0.00 | — | 0.00 | Jul 10, 2024 | Tenda AX12 v1.0 v22.03.01.46 contains a stack overflow in the deviceList parameter of the sub_42E410 function. | |||
| CVE-2024-28383 | 0.00 | — | 0.00 | Mar 14, 2024 | Tenda AX12 v1.0 v22.03.01.16 was discovered to contain a stack overflow via the ssid parameter in the sub_431CF0 function. | |||
| CVE-2023-49427 | 0.00 | — | 0.01 | Jan 10, 2024 | Buffer Overflow vulnerability in Tenda AX12 V22.03.01.46, allows remote attackers to cause a denial of service (DoS) via list parameter in SetNetControlList function. | |||
| CVE-2023-49437 | 0.00 | — | 0.02 | Dec 7, 2023 | Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList. | |||
| CVE-2023-49428 | 0.00 | — | 0.02 | Dec 7, 2023 | Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac' parameter at /goform/SetOnlineDevName. | |||
| CVE-2023-49426 | 0.00 | — | 0.00 | Dec 7, 2023 | Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetStaticRouteCfg. | |||
| CVE-2023-49425 | 0.00 | — | 0.00 | Dec 7, 2023 | Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg . | |||
| CVE-2023-49424 | 0.00 | — | 0.00 | Dec 7, 2023 | Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg. | |||
| CVE-2022-45995 | 0.00 | — | 0.01 | Jan 5, 2023 | There is an unauthorized buffer overflow vulnerability in Tenda AX12 v22.03.01.21 _ cn. This vulnerability can cause the web service not to restart or even execute arbitrary code. It is a different vulnerability from CVE-2022-2414. | |||
| CVE-2022-45980 | 0.00 | — | 0.01 | Dec 12, 2022 | Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via /goform/SysToolRestoreSet . | |||
| CVE-2022-45979 | 0.00 | — | 0.00 | Dec 12, 2022 | Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the ssid parameter at /goform/fast_setting_wifi_set . | |||
| CVE-2022-37292 | 0.00 | — | 0.00 | Aug 25, 2022 | Tenda AX12 V22.03.01.21_CN is vulnerable to Buffer Overflow. This overflow is triggered in the sub_42FDE4 function, which satisfies the request of the upper-level interface function sub_430124, that is, handles the post request under /goform/SetIpMacBind. | |||
| CVE-2022-28917 | 0.00 | — | 0.03 | May 18, 2022 | Tenda AX12 v22.03.01.21_cn was discovered to contain a stack overflow via the lanIp parameter in /goform/AdvSetLanIp. | |||
| CVE-2022-28082 | 0.00 | — | 0.01 | May 4, 2022 | Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the list parameter at /goform/SetNetControlList. | |||
| CVE-2022-27374 | 0.00 | — | 0.00 | Apr 25, 2022 | Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_42E328 at /goform/SysToolReboot. |
- CVE-2022-45043Dec 12, 2022risk 0.01cvss —epss 0.18
Tenda AX12 V22.03.01.16_cn is vulnerable to command injection via goform/fast_setting_internet_set.
- CVE-2022-45977Dec 12, 2022risk 0.01cvss —epss 0.18
Tenda AX12 V22.03.01.21_CN was found to have a command injection vulnerability via /goform/setMacFilterCfg function.
- CVE-2025-29215Mar 20, 2025risk 0.00cvss —epss 0.00
Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow via the sub_43fdcc function at /goform/SetNetControlList.
- CVE-2025-29214Mar 20, 2025risk 0.00cvss —epss 0.00
Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow via the sub_42F69C function at /goform/setMacFilterCfg.
- CVE-2024-40503Jul 16, 2024risk 0.00cvss —epss 0.01
An issue in Tenda AX12 v.16.03.49.18_cn+ allows a remote attacker to cause a denial of service via the Routing functionality and ICMP packet handling.
- CVE-2024-40412Jul 10, 2024risk 0.00cvss —epss 0.00
Tenda AX12 v1.0 v22.03.01.46 contains a stack overflow in the deviceList parameter of the sub_42E410 function.
- CVE-2024-28383Mar 14, 2024risk 0.00cvss —epss 0.00
Tenda AX12 v1.0 v22.03.01.16 was discovered to contain a stack overflow via the ssid parameter in the sub_431CF0 function.
- CVE-2023-49427Jan 10, 2024risk 0.00cvss —epss 0.01
Buffer Overflow vulnerability in Tenda AX12 V22.03.01.46, allows remote attackers to cause a denial of service (DoS) via list parameter in SetNetControlList function.
- CVE-2023-49437Dec 7, 2023risk 0.00cvss —epss 0.02
Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList.
- CVE-2023-49428Dec 7, 2023risk 0.00cvss —epss 0.02
Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac' parameter at /goform/SetOnlineDevName.
- CVE-2023-49426Dec 7, 2023risk 0.00cvss —epss 0.00
Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetStaticRouteCfg.
- CVE-2023-49425Dec 7, 2023risk 0.00cvss —epss 0.00
Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg .
- CVE-2023-49424Dec 7, 2023risk 0.00cvss —epss 0.00
Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg.
- CVE-2022-45995Jan 5, 2023risk 0.00cvss —epss 0.01
There is an unauthorized buffer overflow vulnerability in Tenda AX12 v22.03.01.21 _ cn. This vulnerability can cause the web service not to restart or even execute arbitrary code. It is a different vulnerability from CVE-2022-2414.
- CVE-2022-45980Dec 12, 2022risk 0.00cvss —epss 0.01
Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via /goform/SysToolRestoreSet .
- CVE-2022-45979Dec 12, 2022risk 0.00cvss —epss 0.00
Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the ssid parameter at /goform/fast_setting_wifi_set .
- CVE-2022-37292Aug 25, 2022risk 0.00cvss —epss 0.00
Tenda AX12 V22.03.01.21_CN is vulnerable to Buffer Overflow. This overflow is triggered in the sub_42FDE4 function, which satisfies the request of the upper-level interface function sub_430124, that is, handles the post request under /goform/SetIpMacBind.
- CVE-2022-28917May 18, 2022risk 0.00cvss —epss 0.03
Tenda AX12 v22.03.01.21_cn was discovered to contain a stack overflow via the lanIp parameter in /goform/AdvSetLanIp.
- CVE-2022-28082May 4, 2022risk 0.00cvss —epss 0.01
Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the list parameter at /goform/SetNetControlList.
- CVE-2022-27374Apr 25, 2022risk 0.00cvss —epss 0.00
Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_42E328 at /goform/SysToolReboot.
Page 1 of 2