Vulnerabilities (CVE)

Filtered by vendor Tenda Subscribe
Total 149 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-30040 1 Tenda 2 Ax1803, Ax1803 Firmware 2022-05-20 5.0 MEDIUM 7.5 HIGH
Tenda AX1803 v1.0.0.1_2890 is vulnerable to Buffer Overflow. The vulnerability lies in rootfs_ In / goform / setsystimecfg of / bin / tdhttpd in ubif file system, attackers can access http://ip/goform/SetSysTimeCfg, and by setting the ntpserve parameter, the stack buffer overflow can be caused to achieve the effect of router denial of service.
CVE-2022-28973 1 Tenda 2 Ax1806, Ax1806 Firmware 2022-05-17 7.8 HIGH 7.5 HIGH
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the wanMTU parameter in the function fromAdvSetMacMtuWan. This vulnerability allows attackers to cause a Denial of Service (DoS).
CVE-2022-28972 1 Tenda 2 Ax1806, Ax1806 Firmware 2022-05-17 7.8 HIGH 7.5 HIGH
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the timeZone parameter in the function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS).
CVE-2022-28969 1 Tenda 2 Ax1806, Ax1806 Firmware 2022-05-16 7.8 HIGH 7.5 HIGH
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGusetBasic. This vulnerability allows attackers to cause a Denial of Service (DoS).
CVE-2022-28971 1 Tenda 2 Ax1806, Ax1806 Firmware 2022-05-16 7.8 HIGH 7.5 HIGH
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function fromSetIpMacBind. This vulnerability allows attackers to cause a Denial of Service (DoS).
CVE-2022-28970 1 Tenda 2 Ax1806, Ax1806 Firmware 2022-05-16 7.8 HIGH 7.5 HIGH
Tenda AX1806 v1.0.0.1 was discovered to contain a heap overflow via the mac parameter in the function GetParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS).
CVE-2022-29591 1 Tenda 2 Tx9 Pro, Tx9 Pro Firmware 2022-05-16 10.0 HIGH 9.8 CRITICAL
Tenda TX9 Pro 22.03.02.10 devices have a SetNetControlList buffer overflow.
CVE-2022-28557 1 Tenda 2 Ac15, Ac15 Firmware 2022-05-13 7.5 HIGH 9.8 CRITICAL
There is a command injection vulnerability at the /goform/setsambacfg interface of Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin device web, which can also cooperate with CVE-2021-44971 to cause unconditional arbitrary command execution
CVE-2022-28556 1 Tenda 2 Ac15, Ac15 Firmware 2022-05-13 5.0 MEDIUM 7.5 HIGH
Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin is vulnerable to Buffer Overflow. The stack overflow vulnerability lies in the /goform/setpptpservercfg interface of the web. The sent post data startip and endip are copied to the stack using the sanf function, resulting in stack overflow. Similarly, this vulnerability can be used together with CVE-2021-44971
CVE-2022-29592 1 Tenda 2 Tx9 Pro, Tx9 Pro Firmware 2022-05-13 10.0 HIGH 9.8 CRITICAL
Tenda TX9 Pro 22.03.02.10 devices allow OS command injection via set_route (called by doSystemCmd_route).
CVE-2022-28082 1 Tenda 2 Ax12, Ax12 Firmware 2022-05-12 7.5 HIGH 9.8 CRITICAL
Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the list parameter at /goform/SetNetControlList.
CVE-2022-28560 1 Tenda 2 Ac9, Ac9 Firmware 2022-05-11 10.0 HIGH 9.8 CRITICAL
There is a stack overflow vulnerability in the goform/fast_setting_wifi_set function in the httpd service of Tenda ac9 15.03.2.21_cn router. An attacker can obtain a stable shell through a carefully constructed payload
CVE-2022-28561 1 Tenda 2 Ax12, Ax12 Firmware 2022-05-09 10.0 HIGH 9.8 CRITICAL
There is a stack overflow vulnerability in the /goform/setMacFilterCfg function in the httpd service of Tenda ax12 22.03.01.21_cn router. An attacker can obtain a stable shell through a carefully constructed payload
CVE-2022-27375 1 Tenda 2 Ax12, Ax12 Firmware 2022-05-06 7.1 HIGH 6.5 MEDIUM
Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_422168 at /goform/WifiExtraSet.
CVE-2022-27374 1 Tenda 2 Ax12, Ax12 Firmware 2022-05-06 7.1 HIGH 6.5 MEDIUM
Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_42E328 at /goform/SysToolReboot.
CVE-2022-27022 1 Tenda 2 Ac9, Ac9 Firmware 2022-04-14 10.0 HIGH 9.8 CRITICAL
There is a stack overflow vulnerability in the SetSysTimeCfg() function in the httpd service of Tenda AC9 V15.03.2.21_cn. The attacker can obtain a stable root shell through a constructed payload.
CVE-2022-27016 1 Tenda 2 Ac9, Ac9 Firmware 2022-04-14 10.0 HIGH 9.8 CRITICAL
There is a stack overflow vulnerability in the SetStaticRouteCfg() function in the httpd service of Tenda AC9 15.03.2.21_cn.
CVE-2022-26278 1 Tenda 2 Ac9, Ac9 Firmware 2022-04-04 10.0 HIGH 9.8 CRITICAL
Tenda AC9 v15.03.2.21_cn was discovered to contain a stack overflow via the time parameter in the PowerSaveSet function.
CVE-2022-27081 1 Tenda 2 M3, M3 Firmware 2022-03-29 10.0 HIGH 9.8 CRITICAL
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetLanInfo.
CVE-2022-27080 1 Tenda 2 M3, M3 Firmware 2022-03-29 10.0 HIGH 9.8 CRITICAL
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setWorkmode.