Total
90 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-41554 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Tenda AC9 V3.0 V15.03.06.42_multi was discovered to contain a stack overflow via parameter wpapsk_crypto at url /goform/WifiExtraSet.
|
|||||
| CVE-2023-41553 | 1 Tenda | 4 Ac5, Ac5 Firmware, Ac9 and 1 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter list at url /goform/SetStaticRouteCfg.
|
|||||
| CVE-2023-41552 | 1 Tenda | 4 Ac7, Ac7 Firmware, Ac9 and 1 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Tenda AC7 V1.0 V15.03.06.44 and Tenda AC9 V3.0 V15.03.06.42_multi were discovered to contain a stack overflow via parameter ssid at url /goform/fast_setting_wifi_set.
|
|||||
| CVE-2023-38937 | 1 Tenda | 14 Ac10, Ac10 Firmware, Ac1206 and 11 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, AC9 V3.0 V15.03.06.42_multi and AC10 v4.0 V16.03.10.13 were discovered to contain a stack overflow via the list parameter in the formSetVirtualSer function.
|
|||||
| CVE-2023-38936 | 1 Tenda | 18 Ac10, Ac10 Firmware, Ac1206 and 15 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6, AC9 V3.0 V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function.
|
|||||
| CVE-2023-38935 | 1 Tenda | 10 Ac10, Ac10 Firmware, Ac1206 and 7 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Tenda AC1206 V15.03.06.23, AC8 V4 V16.03.34.06, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and AC9 V3.0 V15.03.06.42_multi were discovered to contain a tack overflow via the list parameter in the formSetQosBand function.
|
|||||
| CVE-2023-38933 | 1 Tenda | 18 Ac10, Ac10 Firmware, Ac1206 and 15 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6 and AC9 V3.0 V15.03.06.42_multi, and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function.
|
|||||
| CVE-2023-38930 | 1 Tenda | 10 Ac5, Ac5 Firmware, Ac7 and 7 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Tenda AC7 V1.0,V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0,V15.03.06.28, AC9 V3.0,V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function.
|
|||||
| CVE-2023-37717 | 1 Tenda | 14 Ac10, Ac10 Firmware, Ac1206 and 11 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromDhcpListClient.
|
|||||
| CVE-2023-37716 | 1 Tenda | 14 Ac10, Ac10 Firmware, Ac1206 and 11 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromNatStaticSetting.
|
|||||
| CVE-2022-36571 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2024-11-21 | N/A | 7.2 HIGH |
|
Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the mask parameter at /goform/WanParameterSetting.
|
|||||
| CVE-2022-36570 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2024-11-21 | N/A | 7.2 HIGH |
|
Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the time parameter at /goform/SetLEDCfg.
|
|||||
| CVE-2022-36569 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
|
Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg.
|
|||||
| CVE-2022-36568 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
|
Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the list parameter at /goform/setPptpUserList.
|
|||||
| CVE-2022-36273 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Tenda AC9 V15.03.2.21_cn is vulnerable to command injection via goform/SetSysTimeCfg.
|
|||||
| CVE-2022-28560 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
There is a stack overflow vulnerability in the goform/fast_setting_wifi_set function in the httpd service of Tenda ac9 15.03.2.21_cn router. An attacker can obtain a stable shell through a carefully constructed payload
|
|||||
| CVE-2022-27022 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
There is a stack overflow vulnerability in the SetSysTimeCfg() function in the httpd service of Tenda AC9 V15.03.2.21_cn. The attacker can obtain a stable root shell through a constructed payload.
|
|||||
| CVE-2022-27016 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
There is a stack overflow vulnerability in the SetStaticRouteCfg() function in the httpd service of Tenda AC9 15.03.2.21_cn.
|
|||||
| CVE-2022-26278 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Tenda AC9 v15.03.2.21_cn was discovered to contain a stack overflow via the time parameter in the PowerSaveSet function.
|
|||||
| CVE-2022-25441 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the vlanid parameter in the SetIPTVCfg function.
|
|||||
| CVE-2022-25440 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the ntpserver parameter in the SetSysTimeCfg function.
|
|||||
| CVE-2022-25439 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetIpMacBind function.
|
|||||
| CVE-2022-25438 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the SetIPTVCfg function.
|
|||||
| CVE-2022-25437 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetVirtualServerCfg function.
|
|||||
| CVE-2022-25435 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetStaticRoutecfg function.
|
|||||
| CVE-2022-25434 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the firewallen parameter in the SetFirewallCfg function.
|
|||||
| CVE-2022-25433 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the urls parameter in the saveparentcontrolinfo function.
|
|||||
| CVE-2022-25431 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Tenda AC9 v15.03.2.21 was discovered to contain multiple stack overflows via the NPTR, V12, V10 and V11 parameter in the Formsetqosband function.
|
|||||
| CVE-2022-25429 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Tenda AC9 v15.03.2.21 was discovered to contain a buffer overflow via the time parameter in the saveparentcontrolinfo function.
|
|||||
| CVE-2022-25428 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the deviceId parameter in the saveparentcontrolinfo function.
|
|||||
| CVE-2022-25427 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the schedendtime parameter in the openSchedWifi function.
|
|||||
| CVE-2022-25418 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function openSchedWifi.
|
|||||
| CVE-2022-25417 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function saveparentcontrolinfo.
|
|||||
| CVE-2022-25414 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the parameter NPTR.
|
|||||
| CVE-2021-42659 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2024-11-21 | 6.1 MEDIUM | 6.5 MEDIUM |
|
There is a buffer overflow vulnerability in the Web server httpd of the router in Tenda router devices such as Tenda AC9 V1.0 V15.03.02.19(6318) and Tenda AC9 V3.0 V15.03.06.42_multi. When setting the virtual service, the httpd program will crash and exit when the super-long list parameter occurs.
|
|||||
| CVE-2020-26728 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A vulnerability was discovered in Tenda AC9 v3.0 V15.03.06.42_multi and Tenda AC9 V1.0 V15.03.05.19(6318)_CN which allows for remote code execution via shell metacharacters in the guestuser field to the __fastcall function with a POST request.
|
|||||
| CVE-2018-7561 | 2 Tenda, Tendacn | 2 Ac9, Ac9 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Stack-based Buffer Overflow in httpd on Tenda AC9 devices V15.03.05.14_EN allows remote attackers to cause a denial of service or possibly have unspecified other impact.
|
|||||
| CVE-2018-18732 | 1 Tenda | 10 Ac10, Ac10 Firmware, Ac15 and 7 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'ntpServer' parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function.
|
|||||
| CVE-2018-18731 | 1 Tenda | 10 Ac10, Ac10 Firmware, Ac15 and 7 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceMac' parameter for a post request, the value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function.
|
|||||
| CVE-2018-18730 | 1 Tenda | 10 Ac10, Ac10 Firmware, Ac15 and 7 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'startIp' and 'endIp' parameters for a post request, each value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function.
|
|||||