Vendor CVEs
Tenda
All CVEs
2,034 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-25547 | 0.00 | — | 0.09 | Mar 9, 2022 | Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter. | |||
| CVE-2022-25553 | 0.00 | — | 0.01 | Mar 9, 2022 | Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsPwd parameter. | |||
| CVE-2022-25554 | 0.00 | — | 0.01 | Mar 9, 2022 | Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the deviceId parameter. | |||
| CVE-2022-25552 | 0.00 | — | 0.01 | Mar 9, 2022 | Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ssid parameter. | |||
| CVE-2022-25551 | 0.00 | — | 0.01 | Mar 9, 2022 | Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsDomain parameter. | |||
| CVE-2022-25549 | 0.00 | — | 0.01 | Mar 9, 2022 | Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsEn parameter. | |||
| CVE-2022-25550 | 0.00 | — | 0.01 | Mar 9, 2022 | Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the deviceName parameter. | |||
| CVE-2022-25548 | 0.00 | — | 0.01 | Mar 9, 2022 | Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the serverName parameter. | |||
| CVE-2022-25546 | 0.00 | — | 0.12 | Mar 9, 2022 | Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsUser parameter. | |||
| CVE-2021-46394 | 0.00 | — | 0.03 | Mar 4, 2022 | There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v13 variable is directly retrieved from the http request parameter startIp. Then v13 will be splice to stack by function sscanf without any security check,… | |||
| CVE-2021-46393 | 0.00 | — | 0.16 | Mar 4, 2022 | There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v10 variable is directly retrieved from the http request parameter startIp. Then v10 will be splice to stack by function sscanf without any security… | |||
| CVE-2022-25418 | 0.00 | — | 0.02 | Feb 22, 2022 | Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function openSchedWifi. | |||
| CVE-2022-25417 | 0.00 | — | 0.02 | Feb 22, 2022 | Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function saveparentcontrolinfo. | |||
| CVE-2022-25414 | 0.00 | — | 0.10 | Feb 22, 2022 | Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the parameter NPTR. | |||
| CVE-2021-45391 | 0.00 | — | 0.02 | Feb 16, 2022 | A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01.21_CN in the sub_422CE4 function in the goform/setIPv6Status binary file /usr/sbin/httpd via the conType parameter, which causes a Denial of Service. | |||
| CVE-2021-46321 | 0.00 | — | 0.02 | Feb 15, 2022 | Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the wifiBasicCfg module. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data. | |||
| CVE-2021-46265 | 0.00 | — | 0.02 | Feb 15, 2022 | Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the wanBasicCfg module. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data. | |||
| CVE-2021-46264 | 0.00 | — | 0.02 | Feb 15, 2022 | Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the onlineList module. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data. | |||
| CVE-2021-46263 | 0.00 | — | 0.02 | Feb 15, 2022 | Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the wifiTime module. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data. | |||
| CVE-2021-46262 | 0.00 | — | 0.02 | Feb 15, 2022 | Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the PPPoE module. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data. | |||
| CVE-2021-45392 | 0.00 | — | 0.12 | Feb 14, 2022 | A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01.21_CN in the sub_422CE4 function in page /goform/setIPv6Status via the prefixDelegate parameter, which causes a Denial of Service. | |||
| CVE-2020-26728 | 0.00 | — | 0.04 | Feb 11, 2022 | A vulnerability was discovered in Tenda AC9 v3.0 V15.03.06.42_multi and Tenda AC9 V1.0 V15.03.05.19(6318)_CN which allows for remote code execution via shell metacharacters in the guestuser field to the __fastcall function with a POST request. | |||
| CVE-2022-24142 | 0.00 | — | 0.01 | Feb 4, 2022 | Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetFirewallCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the firewallEn parameter. | |||
| CVE-2022-24143 | 0.00 | — | 0.01 | Feb 4, 2022 | Tenda AX3 v16.03.12.10_CN and AX12 22.03.01.2_CN was discovered to contain a stack overflow in the function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS) via the timeZone parameter. | |||
| CVE-2022-24146 | 0.00 | — | 0.01 | Feb 4, 2022 | Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetQosBand. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. | |||
| CVE-2022-24145 | 0.00 | — | 0.01 | Feb 4, 2022 | Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formWifiBasicSet. This vulnerability allows attackers to cause a Denial of Service (DoS) via the security and security_5g parameters. | |||
| CVE-2022-24147 | 0.00 | — | 0.01 | Feb 4, 2022 | Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromAdvSetMacMtuWan. This vulnerability allows attackers to cause a Denial of Service (DoS) via the wanMTU, wanSpeed, cloneType, mac, and serviceName parameters. | |||
| CVE-2022-24149 | 0.00 | — | 0.01 | Feb 4, 2022 | Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetWirelessRepeat. This vulnerability allows attackers to cause a Denial of Service (DoS) via the wpapsk_crypto parameter. | |||
| CVE-2022-24151 | 0.00 | — | 0.01 | Feb 4, 2022 | Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetWifiGusetBasic. This vulnerability allows attackers to cause a Denial of Service (DoS) via the shareSpeed parameter. | |||
| CVE-2022-24152 | 0.00 | — | 0.01 | Feb 4, 2022 | Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetRouteStatic. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. | |||
| CVE-2022-24153 | 0.00 | — | 0.01 | Feb 4, 2022 | Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formAddMacfilterRule. This vulnerability allows attackers to cause a Denial of Service (DoS) via the devName parameter. | |||
| CVE-2022-24154 | 0.00 | — | 0.01 | Feb 4, 2022 | Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetRebootTimer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the rebootTime parameter. | |||
| CVE-2022-24155 | 0.00 | — | 0.01 | Feb 4, 2022 | Tenda AX3 v16.03.12.10_CN was discovered to contain a heap overflow in the function setSchedWifi. This vulnerability allows attackers to cause a Denial of Service (DoS) via the schedStartTime and schedEndTime parameters. | |||
| CVE-2022-24156 | 0.00 | — | 0.01 | Feb 4, 2022 | Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetVirtualSer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. | |||
| CVE-2022-24157 | 0.00 | — | 0.01 | Feb 4, 2022 | Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetMacFilterCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the deviceList parameter. | |||
| CVE-2022-24158 | 0.00 | — | 0.01 | Feb 4, 2022 | Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetIpMacBind. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. | |||
| CVE-2022-24162 | 0.00 | — | 0.01 | Feb 4, 2022 | Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter. | |||
| CVE-2022-24159 | 0.00 | — | 0.01 | Feb 4, 2022 | Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetPPTPServer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the startIp and endIp parameters. | |||
| CVE-2022-24160 | 0.00 | — | 0.01 | Feb 4, 2022 | Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetDeviceName. This vulnerability allows attackers to cause a Denial of Service (DoS) via the devName parameter. | |||
| CVE-2022-24161 | 0.00 | — | 0.01 | Feb 4, 2022 | Tenda AX3 v16.03.12.10_CN was discovered to contain a heap overflow in the function GetParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the mac parameter. | |||
| CVE-2022-24163 | 0.00 | — | 0.01 | Feb 4, 2022 | Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the timeZone parameter. | |||
| CVE-2021-44971 | 0.00 | — | 0.03 | Jan 28, 2022 | Multiple Tenda devices are affected by authentication bypass, such as AC15V1.0 Firmware V15.03.05.20_multi?AC5V1.0 Firmware V15.03.06.48_multi and so on. an attacker can obtain sensitive information, and even combine it with authenticated command injection to implement RCE. | |||
| CVE-2021-44352 | 0.00 | — | 0.13 | Dec 3, 2021 | A Stack-based Buffer Overflow vulnerability exists in the Tenda AC15 V15.03.05.18_multi device via the list parameter in a post request in goform/SetIpMacBind. | |||
| CVE-2021-31627 | 0.00 | — | 0.01 | Oct 29, 2021 | Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the index parameter. | |||
| CVE-2021-31624 | 0.00 | — | 0.01 | Oct 29, 2021 | Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the urls parameter. | |||
| CVE-2020-20746 | 0.00 | — | 0.03 | Sep 30, 2021 | A stack-based buffer overflow in the httpd server on Tenda AC9 V15.03.06.60_EN allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via a crafted POST request to /goform/SetStaticRouteCfg. | |||
| CVE-2021-31757 | 0.00 | — | 0.03 | May 7, 2021 | An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request. | |||
| CVE-2021-31756 | 0.00 | — | 0.03 | May 7, 2021 | An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input vector controlled by… | |||
| CVE-2021-27691 | 0.00 | — | 0.25 | Apr 15, 2021 | Command Injection in Tenda G0 routers with firmware versions v15.11.0.6(9039)_CN and v15.11.0.5(5876)_CN , and Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted… | |||
| CVE-2020-28095 | 0.00 | — | 0.01 | Dec 30, 2020 | On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, a large HTTP POST request sent to the change password API will trigger the router to crash and enter an infinite boot loop. |
- CVE-2022-25547Mar 9, 2022risk 0.00cvss —epss 0.09
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter.
- CVE-2022-25553Mar 9, 2022risk 0.00cvss —epss 0.01
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsPwd parameter.
- CVE-2022-25554Mar 9, 2022risk 0.00cvss —epss 0.01
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the deviceId parameter.
- CVE-2022-25552Mar 9, 2022risk 0.00cvss —epss 0.01
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ssid parameter.
- CVE-2022-25551Mar 9, 2022risk 0.00cvss —epss 0.01
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsDomain parameter.
- CVE-2022-25549Mar 9, 2022risk 0.00cvss —epss 0.01
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsEn parameter.
- CVE-2022-25550Mar 9, 2022risk 0.00cvss —epss 0.01
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the deviceName parameter.
- CVE-2022-25548Mar 9, 2022risk 0.00cvss —epss 0.01
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the serverName parameter.
- CVE-2022-25546Mar 9, 2022risk 0.00cvss —epss 0.12
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsUser parameter.
- CVE-2021-46394Mar 4, 2022risk 0.00cvss —epss 0.03
There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v13 variable is directly retrieved from the http request parameter startIp. Then v13 will be splice to stack by function sscanf without any security check,…
- CVE-2021-46393Mar 4, 2022risk 0.00cvss —epss 0.16
There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v10 variable is directly retrieved from the http request parameter startIp. Then v10 will be splice to stack by function sscanf without any security…
- CVE-2022-25418Feb 22, 2022risk 0.00cvss —epss 0.02
Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function openSchedWifi.
- CVE-2022-25417Feb 22, 2022risk 0.00cvss —epss 0.02
Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function saveparentcontrolinfo.
- CVE-2022-25414Feb 22, 2022risk 0.00cvss —epss 0.10
Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the parameter NPTR.
- CVE-2021-45391Feb 16, 2022risk 0.00cvss —epss 0.02
A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01.21_CN in the sub_422CE4 function in the goform/setIPv6Status binary file /usr/sbin/httpd via the conType parameter, which causes a Denial of Service.
- CVE-2021-46321Feb 15, 2022risk 0.00cvss —epss 0.02
Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the wifiBasicCfg module. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.
- CVE-2021-46265Feb 15, 2022risk 0.00cvss —epss 0.02
Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the wanBasicCfg module. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.
- CVE-2021-46264Feb 15, 2022risk 0.00cvss —epss 0.02
Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the onlineList module. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.
- CVE-2021-46263Feb 15, 2022risk 0.00cvss —epss 0.02
Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the wifiTime module. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.
- CVE-2021-46262Feb 15, 2022risk 0.00cvss —epss 0.02
Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the PPPoE module. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.
- CVE-2021-45392Feb 14, 2022risk 0.00cvss —epss 0.12
A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01.21_CN in the sub_422CE4 function in page /goform/setIPv6Status via the prefixDelegate parameter, which causes a Denial of Service.
- CVE-2020-26728Feb 11, 2022risk 0.00cvss —epss 0.04
A vulnerability was discovered in Tenda AC9 v3.0 V15.03.06.42_multi and Tenda AC9 V1.0 V15.03.05.19(6318)_CN which allows for remote code execution via shell metacharacters in the guestuser field to the __fastcall function with a POST request.
- CVE-2022-24142Feb 4, 2022risk 0.00cvss —epss 0.01
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetFirewallCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the firewallEn parameter.
- CVE-2022-24143Feb 4, 2022risk 0.00cvss —epss 0.01
Tenda AX3 v16.03.12.10_CN and AX12 22.03.01.2_CN was discovered to contain a stack overflow in the function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS) via the timeZone parameter.
- CVE-2022-24146Feb 4, 2022risk 0.00cvss —epss 0.01
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetQosBand. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.
- CVE-2022-24145Feb 4, 2022risk 0.00cvss —epss 0.01
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formWifiBasicSet. This vulnerability allows attackers to cause a Denial of Service (DoS) via the security and security_5g parameters.
- CVE-2022-24147Feb 4, 2022risk 0.00cvss —epss 0.01
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromAdvSetMacMtuWan. This vulnerability allows attackers to cause a Denial of Service (DoS) via the wanMTU, wanSpeed, cloneType, mac, and serviceName parameters.
- CVE-2022-24149Feb 4, 2022risk 0.00cvss —epss 0.01
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetWirelessRepeat. This vulnerability allows attackers to cause a Denial of Service (DoS) via the wpapsk_crypto parameter.
- CVE-2022-24151Feb 4, 2022risk 0.00cvss —epss 0.01
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetWifiGusetBasic. This vulnerability allows attackers to cause a Denial of Service (DoS) via the shareSpeed parameter.
- CVE-2022-24152Feb 4, 2022risk 0.00cvss —epss 0.01
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetRouteStatic. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.
- CVE-2022-24153Feb 4, 2022risk 0.00cvss —epss 0.01
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formAddMacfilterRule. This vulnerability allows attackers to cause a Denial of Service (DoS) via the devName parameter.
- CVE-2022-24154Feb 4, 2022risk 0.00cvss —epss 0.01
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetRebootTimer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the rebootTime parameter.
- CVE-2022-24155Feb 4, 2022risk 0.00cvss —epss 0.01
Tenda AX3 v16.03.12.10_CN was discovered to contain a heap overflow in the function setSchedWifi. This vulnerability allows attackers to cause a Denial of Service (DoS) via the schedStartTime and schedEndTime parameters.
- CVE-2022-24156Feb 4, 2022risk 0.00cvss —epss 0.01
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetVirtualSer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.
- CVE-2022-24157Feb 4, 2022risk 0.00cvss —epss 0.01
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetMacFilterCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the deviceList parameter.
- CVE-2022-24158Feb 4, 2022risk 0.00cvss —epss 0.01
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetIpMacBind. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.
- CVE-2022-24162Feb 4, 2022risk 0.00cvss —epss 0.01
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter.
- CVE-2022-24159Feb 4, 2022risk 0.00cvss —epss 0.01
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetPPTPServer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the startIp and endIp parameters.
- CVE-2022-24160Feb 4, 2022risk 0.00cvss —epss 0.01
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetDeviceName. This vulnerability allows attackers to cause a Denial of Service (DoS) via the devName parameter.
- CVE-2022-24161Feb 4, 2022risk 0.00cvss —epss 0.01
Tenda AX3 v16.03.12.10_CN was discovered to contain a heap overflow in the function GetParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the mac parameter.
- CVE-2022-24163Feb 4, 2022risk 0.00cvss —epss 0.01
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the timeZone parameter.
- CVE-2021-44971Jan 28, 2022risk 0.00cvss —epss 0.03
Multiple Tenda devices are affected by authentication bypass, such as AC15V1.0 Firmware V15.03.05.20_multi?AC5V1.0 Firmware V15.03.06.48_multi and so on. an attacker can obtain sensitive information, and even combine it with authenticated command injection to implement RCE.
- CVE-2021-44352Dec 3, 2021risk 0.00cvss —epss 0.13
A Stack-based Buffer Overflow vulnerability exists in the Tenda AC15 V15.03.05.18_multi device via the list parameter in a post request in goform/SetIpMacBind.
- CVE-2021-31627Oct 29, 2021risk 0.00cvss —epss 0.01
Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the index parameter.
- CVE-2021-31624Oct 29, 2021risk 0.00cvss —epss 0.01
Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the urls parameter.
- CVE-2020-20746Sep 30, 2021risk 0.00cvss —epss 0.03
A stack-based buffer overflow in the httpd server on Tenda AC9 V15.03.06.60_EN allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via a crafted POST request to /goform/SetStaticRouteCfg.
- CVE-2021-31757May 7, 2021risk 0.00cvss —epss 0.03
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request.
- CVE-2021-31756May 7, 2021risk 0.00cvss —epss 0.03
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input vector controlled by…
- CVE-2021-27691Apr 15, 2021risk 0.00cvss —epss 0.25
Command Injection in Tenda G0 routers with firmware versions v15.11.0.6(9039)_CN and v15.11.0.5(5876)_CN , and Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted…
- CVE-2020-28095Dec 30, 2020risk 0.00cvss —epss 0.01
On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, a large HTTP POST request sent to the change password API will trigger the router to crash and enter an infinite boot loop.
Page 40 of 41