Filtered by vendor Tenda Subscriptions
Total 924 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-30135 1 Tenda 2 Ac18, Ac18 Firmware 2024-11-21 9.8 Critical
Tenda AC18 v15.03.05.19(6318_)_cn was discovered to contain a command injection vulnerability via the deviceName parameter in the setUsbUnload function.
CVE-2023-2923 1 Tenda 2 Ac6, Ac6 Firmware 2024-11-21 6.3 Medium
A vulnerability classified as critical was found in Tenda AC6 US_AC6V1.0BR_V15.03.05.19. Affected by this vulnerability is the function fromDhcpListClient. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230077 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-2649 1 Tenda 2 Ac23, Ac23 Firmware 2024-11-21 7.2 High
A vulnerability was found in Tenda AC23 16.03.07.45_cn. It has been declared as critical. This vulnerability affects unknown code of the file /bin/ate of the component Service Port 7329. The manipulation of the argument v2 leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-228778 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-29681 1 Tenda 2 N301, N301 Firmware 2024-11-21 5.7 Medium
Cleartext Transmission in cookie:ecos_pw: in Tenda N301 v6.0, firmware v12.03.01.06_pt allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password.
CVE-2023-29680 1 Tenda 2 N301, N301 Firmware 2024-11-21 5.7 Medium
Cleartext Transmission in set-cookie:ecos_pw: Tenda N301 v6.0, Firmware v12.02.01.61_multi allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password.
CVE-2023-27240 1 Tenda 2 Ax3, Ax3 Firmware 2024-11-21 9.8 Critical
Tenda AX3 V16.03.12.11 was discovered to contain a command injection vulnerability via the lanip parameter at /goform/AdvSetLanip.
CVE-2023-27239 1 Tenda 2 Ax3, Ax3 Firmware 2024-11-21 9.8 Critical
Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the shareSpeed parameter at /goform/WifiGuestSet.
CVE-2023-27079 1 Tenda 2 G103, G103 Firmware 2024-11-21 7.5 High
Command Injection vulnerability found in Tenda G103 v.1.0.05 allows an attacker to obtain sensitive information via a crafted package
CVE-2023-27076 1 Tenda 2 G103, G103 Firmware 2024-11-21 9.8 Critical
Command injection vulnerability found in Tenda G103 v.1.0.0.5 allows attacker to execute arbitrary code via a the language parameter.
CVE-2023-27065 1 Tenda 2 W15e, W15e Firmware 2024-11-21 7.5 High
Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the picName parameter in the formDelWewifiPi function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2023-27064 1 Tenda 2 W15e, W15e Firmware 2024-11-21 7.5 High
Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the index parameter in the formDelDnsForward function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2023-27063 1 Tenda 2 W15e, W15e Firmware 2024-11-21 9.8 Critical
Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the DNSDomainName parameter in the formModifyDnsForward function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2023-27062 1 Tenda 2 W15e, W15e Firmware 2024-11-21 7.5 High
Tenda V15V1.0 was discovered to contain a buffer overflow vulnerability via the gotoUrl parameter in the formPortalAuth function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2023-27061 1 Tenda 2 W15e, W15e Firmware 2024-11-21 9.8 Critical
Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the wifiFilterListRemark parameter in the modifyWifiFilterRules function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2023-27042 1 Tenda 2 Ax3, Ax3 Firmware 2024-11-21 8.8 High
Tenda AX3 V16.03.12.11 is vulnerable to Buffer Overflow via /goform/SetFirewallCfg.
CVE-2023-27021 1 Tenda 2 Ac10, Ac10 Firmware 2024-11-21 9.8 Critical
Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the formSetFirewallCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.
CVE-2023-27020 1 Tenda 2 Ac10, Ac10 Firmware 2024-11-21 9.8 Critical
Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the saveParentControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.
CVE-2023-27019 1 Tenda 2 Ac10, Ac10 Firmware 2024-11-21 9.8 Critical
Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_458FBC function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.
CVE-2023-27018 1 Tenda 2 Ac10, Ac10 Firmware 2024-11-21 9.8 Critical
Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_45EC1C function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.
CVE-2023-27017 1 Tenda 2 Ac10, Ac10 Firmware 2024-11-21 9.8 Critical
Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_45DC58 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.