Filtered by vendor Tenda
Subscribe
Total
741 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-24153 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formAddMacfilterRule. This vulnerability allows attackers to cause a Denial of Service (DoS) via the devName parameter. | |||||
CVE-2022-24145 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formWifiBasicSet. This vulnerability allows attackers to cause a Denial of Service (DoS) via the security and security_5g parameters. | |||||
CVE-2022-24155 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
Tenda AX3 v16.03.12.10_CN was discovered to contain a heap overflow in the function setSchedWifi. This vulnerability allows attackers to cause a Denial of Service (DoS) via the schedStartTime and schedEndTime parameters. | |||||
CVE-2022-24142 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetFirewallCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the firewallEn parameter. | |||||
CVE-2021-31756 | 1 Tenda | 2 Ac11, Ac11 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input vector controlled by malicious attack get copied to the stack variable. | |||||
CVE-2021-31755 | 1 Tenda | 2 Ac11, Ac11 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request. | |||||
CVE-2021-27707 | 1 Tenda | 4 G1, G1 Firmware, G3 and 1 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"portMappingIndex "request. This occurs because the "formDelPortMapping" function directly passes the parameter "portMappingIndex" to strcpy without limit. | |||||
CVE-2021-31757 | 1 Tenda | 2 Ac11, Ac11 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request. | |||||
CVE-2021-27706 | 1 Tenda | 4 G1, G1 Firmware, G3 and 1 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Buffer Overflow in Tenda G1 and G3 routers with firmware version V15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"IPMacBindIndex "request. This occurs because the "formIPMacBindDel" function directly passes the parameter "IPMacBindIndex" to strcpy without limit. | |||||
CVE-2021-27705 | 1 Tenda | 4 G1, G1 Firmware, G3 and 1 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"qosIndex "request. This occurs because the "formQOSRuleDel" function directly passes the parameter "qosIndex" to strcpy without limit. | |||||
CVE-2021-31758 | 1 Tenda | 2 Ac11, Ac11 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request. | |||||
CVE-2021-3186 | 1 Tenda | 2 Ac1200, Ac1200 Firmware | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A Stored Cross-site scripting (XSS) vulnerability in /main.html Wifi Settings in Tenda AC5 AC1200 version V15.03.06.47_multi allows remote attackers to inject arbitrary web script or HTML via the Wifi Name parameter. | |||||
CVE-2020-35391 | 1 Tenda | 2 F3, F3 Firmware | 2023-12-10 | 3.3 LOW | 6.5 MEDIUM |
Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_passwd line) via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related issue to CVE-2017-14942. NOTE: the vulnerability report may suggest that either a ? character must be placed after the RouterCfm.cfg filename, or that the HTTP request headers must be unusual, but it is not known why these are relevant to the device's HTTP response behavior. | |||||
CVE-2020-28095 | 1 Tenda | 2 Ac1200, Ac1200 Firmware | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, a large HTTP POST request sent to the change password API will trigger the router to crash and enter an infinite boot loop. | |||||
CVE-2020-10987 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter. | |||||
CVE-2020-10988 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
A hard-coded telnet credential in the tenda_login binary of Tenda AC15 AC1900 version 15.03.05.19 allows unauthenticated remote attackers to start a telnetd service on the device. | |||||
CVE-2020-10986 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2023-12-10 | 7.1 HIGH | 6.5 MEDIUM |
A CSRF issue in the /goform/SysToolReboot endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to reboot the device and cause denial of service via a payload hosted by an attacker-controlled web page. | |||||
CVE-2020-15916 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
goform/AdvSetLanip endpoint on Tenda AC15 AC1900 15.03.05.19 devices allows remote attackers to execute arbitrary system commands via shell metacharacters in the lanIp POST parameter. | |||||
CVE-2020-10989 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
An XSS issue in the /goform/WifiBasicSet endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute malicious payloads via the WifiName POST parameter. | |||||
CVE-2018-14559 | 1 Tenda | 6 Ac10, Ac10 Firmware, Ac7 and 3 more | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A buffer overflow vulnerability exists in the router's web server (httpd). When processing the list parameters for a post request, the value is directly written with sprintf to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow. |