AX12
by Tenda
CVEs (30)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-25556 | Hig | 0.49 | 7.5 | 0.01 | Mar 10, 2022 | Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_42E328. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. | ||
| CVE-2021-46408 | Hig | 0.49 | 7.5 | 0.01 | Mar 10, 2022 | Tenda AX12 v22.03.01.21 was discovered to contain a stack buffer overflow in the function sub_422CE4. This vulnerability allows attackers to cause a Denial of Service (DoS) via the strcpy parameter. | ||
| CVE-2021-45391 | Hig | 0.49 | 7.5 | 0.02 | Feb 16, 2022 | A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01.21_CN in the sub_422CE4 function in the goform/setIPv6Status binary file /usr/sbin/httpd via the conType parameter, which causes a Denial of Service. | ||
| CVE-2022-24143 | Hig | 0.49 | 7.5 | 0.01 | Feb 4, 2022 | Tenda AX3 v16.03.12.10_CN and AX12 22.03.01.2_CN was discovered to contain a stack overflow in the function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS) via the timeZone parameter. | ||
| CVE-2024-40412 | Med | 0.44 | 6.8 | 0.00 | Jul 10, 2024 | Tenda AX12 v1.0 v22.03.01.46 contains a stack overflow in the deviceList parameter of the sub_42E410 function. | ||
| CVE-2025-29215 | Med | 0.42 | 6.5 | 0.01 | Mar 20, 2025 | Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow via the sub_43fdcc function at /goform/SetNetControlList. | ||
| CVE-2024-40503 | Med | 0.42 | 6.5 | 0.00 | Jul 16, 2024 | An issue in Tenda AX12 v.16.03.49.18_cn+ allows a remote attacker to cause a denial of service via the Routing functionality and ICMP packet handling. | ||
| CVE-2022-27375 | Med | 0.42 | 6.5 | 0.00 | Apr 25, 2022 | Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_422168 at /goform/WifiExtraSet. | ||
| CVE-2022-27374 | Med | 0.42 | 6.5 | 0.00 | Apr 25, 2022 | Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_42E328 at /goform/SysToolReboot. | ||
| CVE-2022-37292 | Med | 0.36 | 5.5 | 0.00 | Aug 25, 2022 | Tenda AX12 V22.03.01.21_CN is vulnerable to Buffer Overflow. This overflow is triggered in the sub_42FDE4 function, which satisfies the request of the upper-level interface function sub_430124, that is, handles the post request under /goform/SetIpMacBind. |
- risk 0.49cvss 7.5epss 0.01
Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_42E328. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.
- risk 0.49cvss 7.5epss 0.01
Tenda AX12 v22.03.01.21 was discovered to contain a stack buffer overflow in the function sub_422CE4. This vulnerability allows attackers to cause a Denial of Service (DoS) via the strcpy parameter.
- risk 0.49cvss 7.5epss 0.02
A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01.21_CN in the sub_422CE4 function in the goform/setIPv6Status binary file /usr/sbin/httpd via the conType parameter, which causes a Denial of Service.
- risk 0.49cvss 7.5epss 0.01
Tenda AX3 v16.03.12.10_CN and AX12 22.03.01.2_CN was discovered to contain a stack overflow in the function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS) via the timeZone parameter.
- risk 0.44cvss 6.8epss 0.00
Tenda AX12 v1.0 v22.03.01.46 contains a stack overflow in the deviceList parameter of the sub_42E410 function.
- risk 0.42cvss 6.5epss 0.01
Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow via the sub_43fdcc function at /goform/SetNetControlList.
- risk 0.42cvss 6.5epss 0.00
An issue in Tenda AX12 v.16.03.49.18_cn+ allows a remote attacker to cause a denial of service via the Routing functionality and ICMP packet handling.
- risk 0.42cvss 6.5epss 0.00
Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_422168 at /goform/WifiExtraSet.
- risk 0.42cvss 6.5epss 0.00
Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_42E328 at /goform/SysToolReboot.
- risk 0.36cvss 5.5epss 0.00
Tenda AX12 V22.03.01.21_CN is vulnerable to Buffer Overflow. This overflow is triggered in the sub_42FDE4 function, which satisfies the request of the upper-level interface function sub_430124, that is, handles the post request under /goform/SetIpMacBind.
Page 2 of 2