Vendor CVEs
Tenda
All CVEs
2,034 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-49411 | 0.00 | — | 0.01 | Dec 7, 2023 | Tenda W30E V16.01.0.12(4843) contains a stack overflow vulnerability via the function formDeleteMeshNode. | |||
| CVE-2023-49436 | 0.00 | — | 0.02 | Dec 7, 2023 | Tenda AX9 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList. | |||
| CVE-2023-48963 | 0.00 | — | 0.01 | Nov 30, 2023 | Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/wifiSSIDget. | |||
| CVE-2023-48964 | 0.00 | — | 0.01 | Nov 30, 2023 | Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/WifiMacFilterSet. | |||
| CVE-2023-45484 | 0.00 | — | 0.01 | Nov 29, 2023 | Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGuestBasic. | |||
| CVE-2023-45479 | 0.00 | — | 0.01 | Nov 29, 2023 | Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the list parameter in the function sub_49E098. | |||
| CVE-2023-45483 | 0.00 | — | 0.01 | Nov 29, 2023 | Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the time parameter in the function compare_parentcontrol_time. | |||
| CVE-2023-45482 | 0.00 | — | 0.01 | Nov 29, 2023 | Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the urls parameter in the function get_parentControl_list_Info. | |||
| CVE-2023-45481 | 0.00 | — | 0.01 | Nov 29, 2023 | Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the firewallEn parameter in the function SetFirewallCfg. | |||
| CVE-2023-45480 | 0.00 | — | 0.01 | Nov 29, 2023 | Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the src parameter in the function sub_47D878. | |||
| CVE-2023-49044 | 0.00 | — | 0.01 | Nov 27, 2023 | Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the ssid parameter in the function form_fast_setting_wifi_set. | |||
| CVE-2023-49046 | 0.00 | — | 0.01 | Nov 27, 2023 | Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the devName parameter in the function formAddMacfilterRule. | |||
| CVE-2023-49047 | 0.00 | — | 0.01 | Nov 27, 2023 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the devName parameter in the function formSetDeviceName. | |||
| CVE-2023-49042 | 0.00 | — | 0.01 | Nov 27, 2023 | Heap Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the schedStartTime parameter or the schedEndTime parameter in the function setSchedWifi. | |||
| CVE-2023-48111 | 0.00 | — | 0.01 | Nov 20, 2023 | Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the time parameter in the function saveParentControlInfo . This vulnerability allows attackers to cause a Denial of Service (DoS) attack | |||
| CVE-2023-48109 | 0.00 | — | 0.01 | Nov 20, 2023 | Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow via the deviceId parameter in the function saveParentControlInfo . This vulnerability allows attackers to cause a Denial of Service (DoS) attack | |||
| CVE-2023-48110 | 0.00 | — | 0.01 | Nov 20, 2023 | Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow via the urls parameter in the function saveParentControlInfo . This vulnerability allows attackers to cause a Denial of Service (DoS) attack | |||
| CVE-2023-38823 | 0.00 | — | 0.01 | Nov 20, 2023 | Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 and v.1.0 allows a remote attacker to execute arbitrary code via the formSetCfm function in bin/httpd. | |||
| CVE-2022-45781 | 0.00 | — | 0.01 | Nov 14, 2023 | Buffer Overflow vulnerability in Tenda AX1803 v1.0.0.1_2994 and earlier allows attackers to run arbitrary code via /goform/SetOnlineDevName. | |||
| CVE-2023-43886 | 0.00 | — | 0.01 | Nov 7, 2023 | A buffer overflow in the HTTP server component of Tenda RX9 Pro v22.03.02.20 might allow an authenticated attacker to overwrite memory. | |||
| CVE-2023-43885 | 0.00 | — | 0.01 | Nov 7, 2023 | Missing error handling in the HTTP server component of Tenda RX9 Pro Firmware V22.03.02.20 allows authenticated attackers to arbitrarily lock the device. | |||
| CVE-2023-47455 | 0.00 | — | 0.01 | Nov 7, 2023 | Tenda AX1806 V1.0.0.1 contains a heap overflow vulnerability in setSchedWifi function, in which the src and v12 are directly obtained from http request parameter schedStartTime and schedEndTime without checking their size. | |||
| CVE-2023-47456 | 0.00 | — | 0.01 | Nov 7, 2023 | Tenda AX1806 V1.0.0.1 contains a stack overflow vulnerability in function sub_455D4, called by function fromSetWirelessRepeat. | |||
| CVE-2023-46518 | 0.00 | — | 0.02 | Oct 25, 2023 | Mercury A15 V1.0 20230818_1.0.3 was discovered to contain a command execution vulnerability via the component cloudDeviceTokenSuccCB. | |||
| CVE-2023-46369 | 0.00 | — | 0.01 | Oct 24, 2023 | Tenda W18E V16.01.0.8(1576) contains a stack overflow vulnerability via the portMirrorMirroredPorts parameter in the formSetNetCheckTools function. | |||
| CVE-2023-40830 | 0.00 | — | 0.01 | Oct 3, 2023 | Tenda AC6 v15.03.05.19 is vulnerable to Buffer Overflow as the Index parameter does not verify the length. | |||
| CVE-2023-44014 | 0.00 | — | 0.01 | Sep 27, 2023 | Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain multiple stack overflows in the formSetMacFilterCfg function via the macFilterType and deviceList parameters. | |||
| CVE-2023-44018 | 0.00 | — | 0.15 | Sep 27, 2023 | Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the domain parameter in the add_white_node function. | |||
| CVE-2023-44022 | 0.00 | — | 0.01 | Sep 27, 2023 | Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function. | |||
| CVE-2023-44016 | 0.00 | — | 0.01 | Sep 27, 2023 | Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function. | |||
| CVE-2023-44013 | 0.00 | — | 0.01 | Sep 27, 2023 | Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the list parameter in the fromSetIpMacBind function. | |||
| CVE-2023-44021 | 0.00 | — | 0.01 | Sep 27, 2023 | Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the formSetClientState function. | |||
| CVE-2023-44023 | 0.00 | — | 0.01 | Sep 27, 2023 | Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function. | |||
| CVE-2023-44015 | 0.00 | — | 0.01 | Sep 27, 2023 | Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the schedEndTime parameter in the setSchedWifi function. | |||
| CVE-2023-44019 | 0.00 | — | 0.01 | Sep 27, 2023 | Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the mac parameter in the GetParentControlInfo function. | |||
| CVE-2023-44020 | 0.00 | — | 0.01 | Sep 27, 2023 | Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the security parameter in the formWifiBasicSet function. | |||
| CVE-2023-44017 | 0.00 | — | 0.01 | Sep 27, 2023 | Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the timeZone parameter in the fromSetSysTime function. | |||
| CVE-2023-42320 | 0.00 | — | 0.01 | Sep 18, 2023 | Buffer Overflow vulnerability in Tenda AC10V4 v.US_AC10V4.0si_V16.03.10.13_cn_TDC01 allows a remote attacker to cause a denial of service via the mac parameter in the GetParentControlInfo function. | |||
| CVE-2023-40942 | 0.00 | — | 0.01 | Sep 7, 2023 | Tenda AC9 V3.0BR_V15.03.06.42_multi_TD01 was discovered stack overflow via parameter 'firewall_value' at url /goform/SetFirewallCfg. | |||
| CVE-2023-4498 | 0.00 | — | 0.00 | Sep 6, 2023 | Tenda N300 Wireless N VDSL2 Modem Router allows unauthenticated access to pages that in turn should be accessible to authenticated users only | |||
| CVE-2021-40546 | 0.00 | — | 0.01 | Sep 5, 2023 | Tenda AC6 US_AC6V4.0RTL_V02.03.01.26_cn.bin allows attackers (who have the administrator password) to cause a denial of service (device crash) via a long string in the wifiPwd_5G parameter to /goform/setWifi. | |||
| CVE-2023-4744 | 0.00 | — | 0.02 | Sep 3, 2023 | A vulnerability was found in Tenda AC8 16.03.34.06_cn_TDC01. It has been declared as critical. Affected by this vulnerability is the function formSetDeviceName. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been… | |||
| CVE-2023-40837 | 0.00 | — | 0.01 | Aug 30, 2023 | Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_ADD50' contains a command execution vulnerability. In the "formSetIptv" function, obtaining the "list" and "vlanId" fields, unfiltered passing these two fields as parameters to the "sub_ADD50" function to execute… | |||
| CVE-2023-41555 | 0.00 | — | 0.01 | Aug 30, 2023 | Tenda AC7 V1.0 V15.03.06.44 was discovered to contain a stack overflow via parameter security_5g at url /goform/WifiBasicSet. | |||
| CVE-2023-41556 | 0.00 | — | 0.01 | Aug 30, 2023 | Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter list at url /goform/SetIpMacBind. | |||
| CVE-2023-40845 | 0.00 | — | 0.01 | Aug 30, 2023 | Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function 'sub_34FD0.' In the function, it reads user provided parameters and passes variables to the function without any length checks. | |||
| CVE-2023-41559 | 0.00 | — | 0.01 | Aug 30, 2023 | Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter page at url /goform/NatStaticSetting. | |||
| CVE-2023-40844 | 0.00 | — | 0.01 | Aug 30, 2023 | Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function 'formWifiBasicSet.' | |||
| CVE-2023-41554 | 0.00 | — | 0.01 | Aug 30, 2023 | Tenda AC9 V3.0 V15.03.06.42_multi was discovered to contain a stack overflow via parameter wpapsk_crypto at url /goform/WifiExtraSet. | |||
| CVE-2023-40848 | 0.00 | — | 0.01 | Aug 30, 2023 | Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via the function "sub_7D858." |
- CVE-2023-49411Dec 7, 2023risk 0.00cvss —epss 0.01
Tenda W30E V16.01.0.12(4843) contains a stack overflow vulnerability via the function formDeleteMeshNode.
- CVE-2023-49436Dec 7, 2023risk 0.00cvss —epss 0.02
Tenda AX9 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList.
- CVE-2023-48963Nov 30, 2023risk 0.00cvss —epss 0.01
Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/wifiSSIDget.
- CVE-2023-48964Nov 30, 2023risk 0.00cvss —epss 0.01
Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/WifiMacFilterSet.
- CVE-2023-45484Nov 29, 2023risk 0.00cvss —epss 0.01
Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGuestBasic.
- CVE-2023-45479Nov 29, 2023risk 0.00cvss —epss 0.01
Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the list parameter in the function sub_49E098.
- CVE-2023-45483Nov 29, 2023risk 0.00cvss —epss 0.01
Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the time parameter in the function compare_parentcontrol_time.
- CVE-2023-45482Nov 29, 2023risk 0.00cvss —epss 0.01
Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the urls parameter in the function get_parentControl_list_Info.
- CVE-2023-45481Nov 29, 2023risk 0.00cvss —epss 0.01
Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the firewallEn parameter in the function SetFirewallCfg.
- CVE-2023-45480Nov 29, 2023risk 0.00cvss —epss 0.01
Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the src parameter in the function sub_47D878.
- CVE-2023-49044Nov 27, 2023risk 0.00cvss —epss 0.01
Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the ssid parameter in the function form_fast_setting_wifi_set.
- CVE-2023-49046Nov 27, 2023risk 0.00cvss —epss 0.01
Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the devName parameter in the function formAddMacfilterRule.
- CVE-2023-49047Nov 27, 2023risk 0.00cvss —epss 0.01
Tenda AX1803 v1.0.0.1 contains a stack overflow via the devName parameter in the function formSetDeviceName.
- CVE-2023-49042Nov 27, 2023risk 0.00cvss —epss 0.01
Heap Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the schedStartTime parameter or the schedEndTime parameter in the function setSchedWifi.
- CVE-2023-48111Nov 20, 2023risk 0.00cvss —epss 0.01
Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the time parameter in the function saveParentControlInfo . This vulnerability allows attackers to cause a Denial of Service (DoS) attack
- CVE-2023-48109Nov 20, 2023risk 0.00cvss —epss 0.01
Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow via the deviceId parameter in the function saveParentControlInfo . This vulnerability allows attackers to cause a Denial of Service (DoS) attack
- CVE-2023-48110Nov 20, 2023risk 0.00cvss —epss 0.01
Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow via the urls parameter in the function saveParentControlInfo . This vulnerability allows attackers to cause a Denial of Service (DoS) attack
- CVE-2023-38823Nov 20, 2023risk 0.00cvss —epss 0.01
Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 and v.1.0 allows a remote attacker to execute arbitrary code via the formSetCfm function in bin/httpd.
- CVE-2022-45781Nov 14, 2023risk 0.00cvss —epss 0.01
Buffer Overflow vulnerability in Tenda AX1803 v1.0.0.1_2994 and earlier allows attackers to run arbitrary code via /goform/SetOnlineDevName.
- CVE-2023-43886Nov 7, 2023risk 0.00cvss —epss 0.01
A buffer overflow in the HTTP server component of Tenda RX9 Pro v22.03.02.20 might allow an authenticated attacker to overwrite memory.
- CVE-2023-43885Nov 7, 2023risk 0.00cvss —epss 0.01
Missing error handling in the HTTP server component of Tenda RX9 Pro Firmware V22.03.02.20 allows authenticated attackers to arbitrarily lock the device.
- CVE-2023-47455Nov 7, 2023risk 0.00cvss —epss 0.01
Tenda AX1806 V1.0.0.1 contains a heap overflow vulnerability in setSchedWifi function, in which the src and v12 are directly obtained from http request parameter schedStartTime and schedEndTime without checking their size.
- CVE-2023-47456Nov 7, 2023risk 0.00cvss —epss 0.01
Tenda AX1806 V1.0.0.1 contains a stack overflow vulnerability in function sub_455D4, called by function fromSetWirelessRepeat.
- CVE-2023-46518Oct 25, 2023risk 0.00cvss —epss 0.02
Mercury A15 V1.0 20230818_1.0.3 was discovered to contain a command execution vulnerability via the component cloudDeviceTokenSuccCB.
- CVE-2023-46369Oct 24, 2023risk 0.00cvss —epss 0.01
Tenda W18E V16.01.0.8(1576) contains a stack overflow vulnerability via the portMirrorMirroredPorts parameter in the formSetNetCheckTools function.
- CVE-2023-40830Oct 3, 2023risk 0.00cvss —epss 0.01
Tenda AC6 v15.03.05.19 is vulnerable to Buffer Overflow as the Index parameter does not verify the length.
- CVE-2023-44014Sep 27, 2023risk 0.00cvss —epss 0.01
Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain multiple stack overflows in the formSetMacFilterCfg function via the macFilterType and deviceList parameters.
- CVE-2023-44018Sep 27, 2023risk 0.00cvss —epss 0.15
Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the domain parameter in the add_white_node function.
- CVE-2023-44022Sep 27, 2023risk 0.00cvss —epss 0.01
Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function.
- CVE-2023-44016Sep 27, 2023risk 0.00cvss —epss 0.01
Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function.
- CVE-2023-44013Sep 27, 2023risk 0.00cvss —epss 0.01
Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the list parameter in the fromSetIpMacBind function.
- CVE-2023-44021Sep 27, 2023risk 0.00cvss —epss 0.01
Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the formSetClientState function.
- CVE-2023-44023Sep 27, 2023risk 0.00cvss —epss 0.01
Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.
- CVE-2023-44015Sep 27, 2023risk 0.00cvss —epss 0.01
Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the schedEndTime parameter in the setSchedWifi function.
- CVE-2023-44019Sep 27, 2023risk 0.00cvss —epss 0.01
Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the mac parameter in the GetParentControlInfo function.
- CVE-2023-44020Sep 27, 2023risk 0.00cvss —epss 0.01
Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the security parameter in the formWifiBasicSet function.
- CVE-2023-44017Sep 27, 2023risk 0.00cvss —epss 0.01
Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the timeZone parameter in the fromSetSysTime function.
- CVE-2023-42320Sep 18, 2023risk 0.00cvss —epss 0.01
Buffer Overflow vulnerability in Tenda AC10V4 v.US_AC10V4.0si_V16.03.10.13_cn_TDC01 allows a remote attacker to cause a denial of service via the mac parameter in the GetParentControlInfo function.
- CVE-2023-40942Sep 7, 2023risk 0.00cvss —epss 0.01
Tenda AC9 V3.0BR_V15.03.06.42_multi_TD01 was discovered stack overflow via parameter 'firewall_value' at url /goform/SetFirewallCfg.
- CVE-2023-4498Sep 6, 2023risk 0.00cvss —epss 0.00
Tenda N300 Wireless N VDSL2 Modem Router allows unauthenticated access to pages that in turn should be accessible to authenticated users only
- CVE-2021-40546Sep 5, 2023risk 0.00cvss —epss 0.01
Tenda AC6 US_AC6V4.0RTL_V02.03.01.26_cn.bin allows attackers (who have the administrator password) to cause a denial of service (device crash) via a long string in the wifiPwd_5G parameter to /goform/setWifi.
- CVE-2023-4744Sep 3, 2023risk 0.00cvss —epss 0.02
A vulnerability was found in Tenda AC8 16.03.34.06_cn_TDC01. It has been declared as critical. Affected by this vulnerability is the function formSetDeviceName. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been…
- CVE-2023-40837Aug 30, 2023risk 0.00cvss —epss 0.01
Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_ADD50' contains a command execution vulnerability. In the "formSetIptv" function, obtaining the "list" and "vlanId" fields, unfiltered passing these two fields as parameters to the "sub_ADD50" function to execute…
- CVE-2023-41555Aug 30, 2023risk 0.00cvss —epss 0.01
Tenda AC7 V1.0 V15.03.06.44 was discovered to contain a stack overflow via parameter security_5g at url /goform/WifiBasicSet.
- CVE-2023-41556Aug 30, 2023risk 0.00cvss —epss 0.01
Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter list at url /goform/SetIpMacBind.
- CVE-2023-40845Aug 30, 2023risk 0.00cvss —epss 0.01
Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function 'sub_34FD0.' In the function, it reads user provided parameters and passes variables to the function without any length checks.
- CVE-2023-41559Aug 30, 2023risk 0.00cvss —epss 0.01
Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter page at url /goform/NatStaticSetting.
- CVE-2023-40844Aug 30, 2023risk 0.00cvss —epss 0.01
Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function 'formWifiBasicSet.'
- CVE-2023-41554Aug 30, 2023risk 0.00cvss —epss 0.01
Tenda AC9 V3.0 V15.03.06.42_multi was discovered to contain a stack overflow via parameter wpapsk_crypto at url /goform/WifiExtraSet.
- CVE-2023-40848Aug 30, 2023risk 0.00cvss —epss 0.01
Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via the function "sub_7D858."
Page 29 of 41