Vulnerabilities (CVE)

Filtered by vendor Tenda Subscribe
Total 804 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-28917 1 Tenda 2 Ax12, Ax12 Firmware 2024-11-21 7.8 HIGH 7.5 HIGH
Tenda AX12 v22.03.01.21_cn was discovered to contain a stack overflow via the lanIp parameter in /goform/AdvSetLanIp.
CVE-2022-28572 1 Tenda 4 Ax1803, Ax1803 Firmware, Ax1806 and 1 more 2024-11-21 6.5 MEDIUM 8.8 HIGH
Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability in `SetIPv6Status` function
CVE-2022-28561 1 Tenda 2 Ax12, Ax12 Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
There is a stack overflow vulnerability in the /goform/setMacFilterCfg function in the httpd service of Tenda ax12 22.03.01.21_cn router. An attacker can obtain a stable shell through a carefully constructed payload
CVE-2022-28560 1 Tenda 2 Ac9, Ac9 Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
There is a stack overflow vulnerability in the goform/fast_setting_wifi_set function in the httpd service of Tenda ac9 15.03.2.21_cn router. An attacker can obtain a stable shell through a carefully constructed payload
CVE-2022-28557 1 Tenda 2 Ac15, Ac15 Firmware 2024-11-21 7.5 HIGH 9.8 CRITICAL
There is a command injection vulnerability at the /goform/setsambacfg interface of Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin device web, which can also cooperate with CVE-2021-44971 to cause unconditional arbitrary command execution
CVE-2022-28556 1 Tenda 2 Ac15, Ac15 Firmware 2024-11-21 5.0 MEDIUM 7.5 HIGH
Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin is vulnerable to Buffer Overflow. The stack overflow vulnerability lies in the /goform/setpptpservercfg interface of the web. The sent post data startip and endip are copied to the stack using the sanf function, resulting in stack overflow. Similarly, this vulnerability can be used together with CVE-2021-44971
CVE-2022-28082 1 Tenda 2 Ax12, Ax12 Firmware 2024-11-21 7.5 HIGH 9.8 CRITICAL
Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the list parameter at /goform/SetNetControlList.
CVE-2022-27375 1 Tenda 2 Ax12, Ax12 Firmware 2024-11-21 7.1 HIGH 6.5 MEDIUM
Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_422168 at /goform/WifiExtraSet.
CVE-2022-27374 1 Tenda 2 Ax12, Ax12 Firmware 2024-11-21 7.1 HIGH 6.5 MEDIUM
Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_42E328 at /goform/SysToolReboot.
CVE-2022-27083 1 Tenda 2 M3, M3 Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadAccessCodePic.
CVE-2022-27082 1 Tenda 2 M3, M3 Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetInternetLanInfo.
CVE-2022-27081 1 Tenda 2 M3, M3 Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetLanInfo.
CVE-2022-27080 1 Tenda 2 M3, M3 Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setWorkmode.
CVE-2022-27079 1 Tenda 2 M3, M3 Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setPicListItem.
CVE-2022-27078 1 Tenda 2 M3, M3 Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setAdInfoDetail.
CVE-2022-27077 1 Tenda 2 M3, M3 Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadWeiXinPic.
CVE-2022-27076 1 Tenda 2 M3, M3 Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/delAd.
CVE-2022-27022 1 Tenda 2 Ac9, Ac9 Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
There is a stack overflow vulnerability in the SetSysTimeCfg() function in the httpd service of Tenda AC9 V15.03.2.21_cn. The attacker can obtain a stable root shell through a constructed payload.
CVE-2022-27016 1 Tenda 2 Ac9, Ac9 Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
There is a stack overflow vulnerability in the SetStaticRouteCfg() function in the httpd service of Tenda AC9 15.03.2.21_cn.
CVE-2022-26536 1 Tenda 2 M3, M3 Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setFixTools.