VYPR

Vendor CVEs

Tenda

All CVEs

2,034 total · sorted by risk
  • CVE-2022-25547Mar 9, 2022
    risk 0.00cvss epss 0.09

    Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter.

  • CVE-2022-25553Mar 9, 2022
    risk 0.00cvss epss 0.01

    Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsPwd parameter.

  • CVE-2022-25554Mar 9, 2022
    risk 0.00cvss epss 0.01

    Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the deviceId parameter.

  • CVE-2022-25552Mar 9, 2022
    risk 0.00cvss epss 0.01

    Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ssid parameter.

  • CVE-2022-25551Mar 9, 2022
    risk 0.00cvss epss 0.01

    Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsDomain parameter.

  • CVE-2022-25549Mar 9, 2022
    risk 0.00cvss epss 0.01

    Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsEn parameter.

  • CVE-2022-25550Mar 9, 2022
    risk 0.00cvss epss 0.01

    Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the deviceName parameter.

  • CVE-2022-25548Mar 9, 2022
    risk 0.00cvss epss 0.01

    Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the serverName parameter.

  • CVE-2022-25546Mar 9, 2022
    risk 0.00cvss epss 0.12

    Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsUser parameter.

  • CVE-2021-46394Mar 4, 2022
    risk 0.00cvss epss 0.03

    There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v13 variable is directly retrieved from the http request parameter startIp. Then v13 will be splice to stack by function sscanf without any security check,…

  • CVE-2021-46393Mar 4, 2022
    risk 0.00cvss epss 0.16

    There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v10 variable is directly retrieved from the http request parameter startIp. Then v10 will be splice to stack by function sscanf without any security…

  • CVE-2022-25418Feb 22, 2022
    risk 0.00cvss epss 0.02

    Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function openSchedWifi.

  • CVE-2022-25417Feb 22, 2022
    risk 0.00cvss epss 0.02

    Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function saveparentcontrolinfo.

  • CVE-2022-25414Feb 22, 2022
    risk 0.00cvss epss 0.10

    Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the parameter NPTR.

  • CVE-2021-45391Feb 16, 2022
    risk 0.00cvss epss 0.02

    A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01.21_CN in the sub_422CE4 function in the goform/setIPv6Status binary file /usr/sbin/httpd via the conType parameter, which causes a Denial of Service.

  • CVE-2021-46321Feb 15, 2022
    risk 0.00cvss epss 0.02

    Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the wifiBasicCfg module. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.

  • CVE-2021-46265Feb 15, 2022
    risk 0.00cvss epss 0.02

    Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the wanBasicCfg module. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.

  • CVE-2021-46264Feb 15, 2022
    risk 0.00cvss epss 0.02

    Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the onlineList module. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.

  • CVE-2021-46263Feb 15, 2022
    risk 0.00cvss epss 0.02

    Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the wifiTime module. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.

  • CVE-2021-46262Feb 15, 2022
    risk 0.00cvss epss 0.02

    Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the PPPoE module. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.

  • CVE-2021-45392Feb 14, 2022
    risk 0.00cvss epss 0.12

    A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01.21_CN in the sub_422CE4 function in page /goform/setIPv6Status via the prefixDelegate parameter, which causes a Denial of Service.

  • CVE-2020-26728Feb 11, 2022
    risk 0.00cvss epss 0.04

    A vulnerability was discovered in Tenda AC9 v3.0 V15.03.06.42_multi and Tenda AC9 V1.0 V15.03.05.19(6318)_CN which allows for remote code execution via shell metacharacters in the guestuser field to the __fastcall function with a POST request.

  • CVE-2022-24142Feb 4, 2022
    risk 0.00cvss epss 0.01

    Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetFirewallCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the firewallEn parameter.

  • CVE-2022-24143Feb 4, 2022
    risk 0.00cvss epss 0.01

    Tenda AX3 v16.03.12.10_CN and AX12 22.03.01.2_CN was discovered to contain a stack overflow in the function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS) via the timeZone parameter.

  • CVE-2022-24146Feb 4, 2022
    risk 0.00cvss epss 0.01

    Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetQosBand. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.

  • CVE-2022-24145Feb 4, 2022
    risk 0.00cvss epss 0.01

    Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formWifiBasicSet. This vulnerability allows attackers to cause a Denial of Service (DoS) via the security and security_5g parameters.

  • CVE-2022-24147Feb 4, 2022
    risk 0.00cvss epss 0.01

    Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromAdvSetMacMtuWan. This vulnerability allows attackers to cause a Denial of Service (DoS) via the wanMTU, wanSpeed, cloneType, mac, and serviceName parameters.

  • CVE-2022-24149Feb 4, 2022
    risk 0.00cvss epss 0.01

    Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetWirelessRepeat. This vulnerability allows attackers to cause a Denial of Service (DoS) via the wpapsk_crypto parameter.

  • CVE-2022-24151Feb 4, 2022
    risk 0.00cvss epss 0.01

    Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetWifiGusetBasic. This vulnerability allows attackers to cause a Denial of Service (DoS) via the shareSpeed parameter.

  • CVE-2022-24152Feb 4, 2022
    risk 0.00cvss epss 0.01

    Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetRouteStatic. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.

  • CVE-2022-24153Feb 4, 2022
    risk 0.00cvss epss 0.01

    Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formAddMacfilterRule. This vulnerability allows attackers to cause a Denial of Service (DoS) via the devName parameter.

  • CVE-2022-24154Feb 4, 2022
    risk 0.00cvss epss 0.01

    Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetRebootTimer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the rebootTime parameter.

  • CVE-2022-24155Feb 4, 2022
    risk 0.00cvss epss 0.01

    Tenda AX3 v16.03.12.10_CN was discovered to contain a heap overflow in the function setSchedWifi. This vulnerability allows attackers to cause a Denial of Service (DoS) via the schedStartTime and schedEndTime parameters.

  • CVE-2022-24156Feb 4, 2022
    risk 0.00cvss epss 0.01

    Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetVirtualSer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.

  • CVE-2022-24157Feb 4, 2022
    risk 0.00cvss epss 0.01

    Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetMacFilterCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the deviceList parameter.

  • CVE-2022-24158Feb 4, 2022
    risk 0.00cvss epss 0.01

    Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetIpMacBind. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.

  • CVE-2022-24162Feb 4, 2022
    risk 0.00cvss epss 0.01

    Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter.

  • CVE-2022-24159Feb 4, 2022
    risk 0.00cvss epss 0.01

    Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetPPTPServer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the startIp and endIp parameters.

  • CVE-2022-24160Feb 4, 2022
    risk 0.00cvss epss 0.01

    Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetDeviceName. This vulnerability allows attackers to cause a Denial of Service (DoS) via the devName parameter.

  • CVE-2022-24161Feb 4, 2022
    risk 0.00cvss epss 0.01

    Tenda AX3 v16.03.12.10_CN was discovered to contain a heap overflow in the function GetParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the mac parameter.

  • CVE-2022-24163Feb 4, 2022
    risk 0.00cvss epss 0.01

    Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the timeZone parameter.

  • CVE-2021-44971Jan 28, 2022
    risk 0.00cvss epss 0.03

    Multiple Tenda devices are affected by authentication bypass, such as AC15V1.0 Firmware V15.03.05.20_multi?AC5V1.0 Firmware V15.03.06.48_multi and so on. an attacker can obtain sensitive information, and even combine it with authenticated command injection to implement RCE.

  • CVE-2021-44352Dec 3, 2021
    risk 0.00cvss epss 0.13

    A Stack-based Buffer Overflow vulnerability exists in the Tenda AC15 V15.03.05.18_multi device via the list parameter in a post request in goform/SetIpMacBind.

  • CVE-2021-31627Oct 29, 2021
    risk 0.00cvss epss 0.01

    Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the index parameter.

  • CVE-2021-31624Oct 29, 2021
    risk 0.00cvss epss 0.01

    Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the urls parameter.

  • CVE-2020-20746Sep 30, 2021
    risk 0.00cvss epss 0.03

    A stack-based buffer overflow in the httpd server on Tenda AC9 V15.03.06.60_EN allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via a crafted POST request to /goform/SetStaticRouteCfg.

  • CVE-2021-31757May 7, 2021
    risk 0.00cvss epss 0.03

    An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request.

  • CVE-2021-31756May 7, 2021
    risk 0.00cvss epss 0.03

    An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input vector controlled by…

  • CVE-2021-27691Apr 15, 2021
    risk 0.00cvss epss 0.25

    Command Injection in Tenda G0 routers with firmware versions v15.11.0.6(9039)_CN and v15.11.0.5(5876)_CN , and Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted…

  • CVE-2020-28095Dec 30, 2020
    risk 0.00cvss epss 0.01

    On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, a large HTTP POST request sent to the change password API will trigger the router to crash and enter an infinite boot loop.

Page 40 of 41