Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-0535 | 1 Tendacn | 2 Pa6, Pa6 Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
A vulnerability classified as critical was found in Tenda PA6 1.0.1.21. Affected by this vulnerability is the function cgiPortMapAdd of the file /portmap of the component httpd. The manipulation of the argument groupName leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250705 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2019-19506 | 1 Tendacn | 2 Pa6, Pa6 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a denial of service, caused by an error in the "homeplugd" process. By sending a specially crafted UDP packet, an attacker could exploit this vulnerability to cause the device to reboot. | |||||
CVE-2019-19505 | 1 Tendacn | 2 Pa6, Pa6 Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the "Wireless" section in the web-UI. By sending a specially crafted hostname, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. | |||||
CVE-2019-16213 | 1 Tendacn | 2 Pa6, Pa6 Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted string, an attacker could modify the device name of an attached PLC adapter to inject and execute arbitrary commands on the system with root privileges. |