Filtered by vendor Tenda
Subscriptions
Filtered by product Ac7 Firmware
Subscriptions
Total
29 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-18730 | 1 Tenda | 10 Ac10, Ac10 Firmware, Ac15 and 7 more | 2024-08-05 | N/A |
| An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'startIp' and 'endIp' parameters for a post request, each value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function. | ||||
| CVE-2018-18708 | 1 Tenda | 10 Ac10, Ac10 Firmware, Ac15 and 7 more | 2024-08-05 | N/A |
| An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "page" parameter of the function "fromAddressNat" for a post request, the value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function. | ||||
| CVE-2018-18732 | 1 Tenda | 10 Ac10, Ac10 Firmware, Ac15 and 7 more | 2024-08-05 | N/A |
| An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'ntpServer' parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function. | ||||
| CVE-2018-18707 | 1 Tenda | 10 Ac10, Ac10 Firmware, Ac15 and 7 more | 2024-08-05 | N/A |
| An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "ssid" parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function. | ||||
| CVE-2018-18729 | 1 Tenda | 10 Ac10, Ac10 Firmware, Ac15 and 7 more | 2024-08-05 | N/A |
| An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a heap-based buffer overflow vulnerability in the router's web server -- httpd. While processing the 'mac' parameter for a post request, the value is directly used in a strcpy to a variable placed on the heap, which can leak sensitive information or even hijack program control flow. | ||||
| CVE-2018-18727 | 1 Tenda | 10 Ac10, Ac10 Firmware, Ac15 and 7 more | 2024-08-05 | N/A |
| An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceList' parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function. | ||||
| CVE-2018-18706 | 1 Tenda | 10 Ac10, Ac10 Firmware, Ac15 and 7 more | 2024-08-05 | N/A |
| An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "page" parameter of the function "fromDhcpListClient" for a request, it is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function. | ||||
| CVE-2018-18731 | 1 Tenda | 10 Ac10, Ac10 Firmware, Ac15 and 7 more | 2024-08-05 | N/A |
| An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceMac' parameter for a post request, the value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function. | ||||
| CVE-2018-18709 | 1 Tenda | 10 Ac10, Ac10 Firmware, Ac15 and 7 more | 2024-08-05 | N/A |
| An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "firewallEn" parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function. | ||||
| CVE-2018-14557 | 1 Tenda | 6 Ac10, Ac10 Firmware, Ac7 and 3 more | 2024-08-05 | N/A |
| An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A buffer overflow vulnerability exists in the router's web server (httpd). When processing the page parameters for a post request, the value is directly written with sprintf to a local variable placed on the stack, which overrides the return address of the function, a causing buffer overflow. | ||||
| CVE-2018-14558 | 1 Tenda | 6 Ac10, Ac10 Firmware, Ac7 and 3 more | 2024-08-05 | N/A |
| An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted goform/setUsbUnload request. This occurs because the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input. | ||||
| CVE-2018-14559 | 1 Tenda | 6 Ac10, Ac10 Firmware, Ac7 and 3 more | 2024-08-05 | N/A |
| An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A buffer overflow vulnerability exists in the router's web server (httpd). When processing the list parameters for a post request, the value is directly written with sprintf to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow. | ||||
| CVE-2023-41558 | 1 Tenda | 2 Ac7, Ac7 Firmware | 2024-08-02 | 9.8 Critical |
| Tenda AC7 V1.0 V15.03.06.44 was discovered to contain a stack overflow via parameter timeZone at url /goform/SetSysTimeCfg. | ||||
| CVE-2023-41557 | 1 Tenda | 4 Ac5, Ac5 Firmware, Ac7 and 1 more | 2024-08-02 | 9.8 Critical |
| Tenda AC7 V1.0 V15.03.06.44 and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter entrys and mitInterface at url /goform/addressNat. | ||||
| CVE-2023-41552 | 1 Tenda | 4 Ac7, Ac7 Firmware, Ac9 and 1 more | 2024-08-02 | 9.8 Critical |
| Tenda AC7 V1.0 V15.03.06.44 and Tenda AC9 V3.0 V15.03.06.42_multi were discovered to contain a stack overflow via parameter ssid at url /goform/fast_setting_wifi_set. | ||||
| CVE-2023-41556 | 1 Tenda | 6 Ac5, Ac5 Firmware, Ac7 and 3 more | 2024-08-02 | 9.8 Critical |
| Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter list at url /goform/SetIpMacBind. | ||||
| CVE-2023-41559 | 1 Tenda | 6 Ac5, Ac5 Firmware, Ac7 and 3 more | 2024-08-02 | 9.8 Critical |
| Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter page at url /goform/NatStaticSetting. | ||||
| CVE-2023-41555 | 1 Tenda | 2 Ac7, Ac7 Firmware | 2024-08-02 | 9.8 Critical |
| Tenda AC7 V1.0 V15.03.06.44 was discovered to contain a stack overflow via parameter security_5g at url /goform/WifiBasicSet. | ||||
| CVE-2023-41562 | 1 Tenda | 6 Ac5, Ac5 Firmware, Ac7 and 3 more | 2024-08-02 | 9.8 Critical |
| Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter time at url /goform/PowerSaveSet. | ||||
| CVE-2023-38936 | 1 Tenda | 18 Ac10, Ac10 Firmware, Ac1206 and 15 more | 2024-08-02 | 9.8 Critical |
| Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6, AC9 V3.0 V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function. | ||||