Filtered by vendor Tenda
Subscriptions
Total
870 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-42952 | 1 Tenda | 2 Fh1201, Fh1201 Firmware | 2024-08-16 | 7.5 High |
| Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromqossetting function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2024-42944 | 1 Tenda | 2 Fh1201, Fh1201 Firmware | 2024-08-15 | 6.5 Medium |
| Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromNatlimit function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2024-2854 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2024-08-12 | 6.3 Medium |
| A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257778 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-2808 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2024-08-12 | 8.8 High |
| A vulnerability, which was classified as critical, has been found in Tenda AC15 15.03.05.18/15.03.20_multi. This issue affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257663. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-2810 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2024-08-12 | 8.8 High |
| A vulnerability has been found in Tenda AC15 15.03.05.18/15.03.20_multi and classified as critical. Affected by this vulnerability is the function formWifiWpsOOB of the file /goform/WifiWpsOOB. The manipulation of the argument index leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257665 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-7582 | 1 Tenda | 2 I22, I22 Firmware | 2024-08-08 | 8.8 High |
| A vulnerability classified as critical was found in Tenda i22 1.0.0.3(4687). This vulnerability affects the function formApPortalAccessCodeAuth of the file /goform/apPortalAccessCodeAuth. The manipulation of the argument accessCode/data/acceInfo leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-7583 | 1 Tenda | 2 I22, I22 Firmware | 2024-08-08 | 8.8 High |
| A vulnerability, which was classified as critical, has been found in Tenda i22 1.0.0.3(4687). This issue affects the function formApPortalOneKeyAuth of the file /goform/apPortalOneKeyAuth. The manipulation of the argument data leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-2814 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2024-08-08 | 8.8 High |
| A vulnerability was found in Tenda AC15 15.03.20_multi. It has been rated as critical. This issue affects the function fromDhcpListClient of the file /goform/DhcpListClient. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257669 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-40414 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2024-08-07 | 9.6 Critical |
| A vulnerability in /goform/SetNetControlList in the sub_656BC function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow. | ||||
| CVE-2024-40415 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2024-08-07 | 9.8 Critical |
| A vulnerability in /goform/SetStaticRouteCfg in the sub_519F4 function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow. | ||||
| CVE-2024-40416 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2024-08-07 | 6.5 Medium |
| A vulnerability in /goform/SetVirtualServerCfg in the sub_6320C function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow. | ||||
| CVE-2024-7581 | 2 Tenda, Tendacn | 3 A301 Firmware, A301, A301 Firmware | 2024-08-07 | 8.8 High |
| A vulnerability classified as critical has been found in Tenda A301 15.13.08.12. This affects the function formWifiBasicSet of the file /goform/WifiBasicSet. The manipulation of the argument security leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2014-7281 | 1 Tenda | 2 A32, A32 Firmware | 2024-08-06 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for requests that reboot the device via a request to goform/SysToolReboot. | ||||
| CVE-2014-5246 | 1 Tenda | 2 A5s, A5s Firmware | 2024-08-06 | N/A |
| The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_CN allows remote attackers to bypass authentication and gain administrator access by setting the admin:language cookie to zh-cn. | ||||
| CVE-2015-5995 | 2 Mediabridge, Tenda | 3 Medialink Mwn-wapr300n, Medialink Mwn-wapr300n Firmware, N3 Wireless N150 | 2024-08-06 | N/A |
| Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote attackers to obtain administrative access via a certain admin substring in an HTTP Cookie header. | ||||
| CVE-2017-16936 | 1 Tenda | 6 Ac15, Ac15 Firmware, Ac18 and 3 more | 2024-08-05 | N/A |
| Directory Traversal vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated attackers to read arbitrary files via a cgi-bin/luci/request?op=1&path= URI that uses directory traversal sequences after a /usb/ substring. | ||||
| CVE-2018-18730 | 1 Tenda | 10 Ac10, Ac10 Firmware, Ac15 and 7 more | 2024-08-05 | N/A |
| An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'startIp' and 'endIp' parameters for a post request, each value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function. | ||||
| CVE-2018-18708 | 1 Tenda | 10 Ac10, Ac10 Firmware, Ac15 and 7 more | 2024-08-05 | N/A |
| An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "page" parameter of the function "fromAddressNat" for a post request, the value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function. | ||||
| CVE-2018-18732 | 1 Tenda | 10 Ac10, Ac10 Firmware, Ac15 and 7 more | 2024-08-05 | N/A |
| An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'ntpServer' parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function. | ||||
| CVE-2018-18707 | 1 Tenda | 10 Ac10, Ac10 Firmware, Ac15 and 7 more | 2024-08-05 | N/A |
| An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "ssid" parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function. | ||||