Filtered by vendor Tenda
Subscribe
Total
776 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-50986 | 1 Tenda | 2 I29, I29 Firmware | 2024-09-13 | N/A | 9.8 CRITICAL |
| Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysLogin function. | |||||
| CVE-2024-7585 | 1 Tenda | 2 I22, I22 Firmware | 2024-09-11 | 9.0 HIGH | 9.8 CRITICAL |
| A vulnerability has been found in Tenda i22 1.0.0.3(4687) and classified as critical. Affected by this vulnerability is the function formApPortalWebAuth of the file /goform/apPortalAuth. The manipulation of the argument webUserName/webUserPassword leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-7584 | 1 Tenda | 2 I22, I22 Firmware | 2024-09-11 | 9.0 HIGH | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in Tenda i22 1.0.0.3(4687). Affected is the function formApPortalPhoneAuth of the file /goform/apPortalPhoneAuth. The manipulation of the argument data leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-46369 | 1 Tenda | 2 W18e, W18e Firmware | 2024-09-11 | N/A | 9.8 CRITICAL |
| Tenda W18E V16.01.0.8(1576) contains a stack overflow vulnerability via the portMirrorMirroredPorts parameter in the formSetNetCheckTools function. | |||||
| CVE-2023-51092 | 1 Tenda | 2 M3, M3 Firmware | 2024-09-09 | N/A | 9.8 CRITICAL |
| Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function upgrade. | |||||
| CVE-2024-42947 | 1 Tenda | 2 Fh1201, Fh1201 Firmware | 2024-09-06 | N/A | 9.8 CRITICAL |
| An issue in the handler function in /goform/telnet of Tenda FH1201 v1.2.0.14 (408) allows attackers to execute arbitrary commands via a crafted HTTP request. | |||||
| CVE-2023-47456 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2024-09-05 | N/A | 9.1 CRITICAL |
| Tenda AX1806 V1.0.0.1 contains a stack overflow vulnerability in function sub_455D4, called by function fromSetWirelessRepeat. | |||||
| CVE-2023-47455 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2024-09-05 | N/A | 9.1 CRITICAL |
| Tenda AX1806 V1.0.0.1 contains a heap overflow vulnerability in setSchedWifi function, in which the src and v12 are directly obtained from http request parameter schedStartTime and schedEndTime without checking their size. | |||||
| CVE-2023-51972 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2024-09-03 | N/A | 9.8 CRITICAL |
| Tenda AX1803 v1.0.0.1 was discovered to contain a command injection vulnerability via the function fromAdvSetLanIp. | |||||
| CVE-2023-51961 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2024-09-03 | N/A | 9.8 CRITICAL |
| Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formGetIptv. | |||||
| CVE-2023-51957 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2024-09-03 | N/A | 9.8 CRITICAL |
| Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formGetIptv. | |||||
| CVE-2024-42941 | 1 Tenda | 2 Fh1201, Fh1201 Firmware | 2024-09-03 | N/A | 7.5 HIGH |
| Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the wanmode parameter in the fromAdvSetWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2024-42940 | 1 Tenda | 2 Fh1201, Fh1201 Firmware | 2024-09-03 | N/A | 7.5 HIGH |
| Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromP2pListFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2024-42987 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2024-09-03 | N/A | 7.5 HIGH |
| Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the modino parameter in the fromPptpUserAdd function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2024-42978 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2024-09-03 | N/A | 9.8 CRITICAL |
| An issue in the handler function in /goform/telnet of Tenda FH1206 v02.03.01.35 allows attackers to execute arbitrary commands via a crafted HTTP request. | |||||
| CVE-2024-42948 | 1 Tenda | 2 Fh1201, Fh1201 Firmware | 2024-09-03 | N/A | 7.5 HIGH |
| Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the delno parameter in the fromPptpUserSetting function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2022-45781 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2024-09-03 | N/A | 8.8 HIGH |
| Buffer Overflow vulnerability in Tenda AX1803 v1.0.0.1_2994 and earlier allows attackers to run arbitrary code via /goform/SetOnlineDevName. | |||||
| CVE-2023-48111 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2024-08-29 | N/A | 7.5 HIGH |
| Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the time parameter in the function saveParentControlInfo . This vulnerability allows attackers to cause a Denial of Service (DoS) attack | |||||
| CVE-2023-48110 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2024-08-29 | N/A | 7.5 HIGH |
| Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow via the urls parameter in the function saveParentControlInfo . This vulnerability allows attackers to cause a Denial of Service (DoS) attack | |||||
| CVE-2024-8224 | 1 Tenda | 2 G3, G3 Firmware | 2024-08-29 | 9.0 HIGH | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in Tenda G3 15.11.0.20. This issue affects the function formSetDebugCfg of the file /goform/setDebugCfg. The manipulation of the argument enable/level/module leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||