Filtered by vendor Tenda
Subscriptions
Total
938 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-48459 | 1 Tenda | 1 Ax2 Pro Firmware | 2024-10-29 | 7.3 High |
A command execution vulnerability exists in the AX2 Pro home router produced by Shenzhen Tenda Technology Co., Ltd. (Jixiang Tenda) v.DI_7003G-19.12.24A1V16.03.29.50;V16.03.29.50;V16.03.29.50. An attacker can exploit this vulnerability by constructing a malicious payload to execute commands and further obtain shell access to the router's file system with the highest privileges. | ||||
CVE-2024-48826 | 1 Tenda | 1 Ac7 Firmware | 2024-10-29 | 8 High |
Tenda AC7 v.15.03.06.44 ate_iwpriv_set has pre-authentication command injection allowing remote attackers to execute arbitrary code. | ||||
CVE-2024-48825 | 1 Tenda | 1 Ac7 Firmware | 2024-10-29 | 8 High |
Tenda AC7 v.15.03.06.44 ate_ifconfig_set has pre-authentication command injection allowing remote attackers to execute arbitrary code. | ||||
CVE-2024-10130 | 1 Tenda | 2 Ac8, Ac8 Firmware | 2024-10-28 | 8.8 High |
A vulnerability classified as critical was found in Tenda AC8 16.03.34.06. This vulnerability affects the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2024-10123 | 1 Tenda | 2 Ac8, Ac8 Firmware | 2024-10-28 | 8.8 High |
A vulnerability was found in Tenda AC8 16.03.34.06. It has been declared as critical. Affected by this vulnerability is the function compare_parentcontrol_time of the file /goform/saveParentControlInfo. The manipulation of the argument time leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This is not the same issue like CVE-2023-33671. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2024-42986 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2024-10-24 | 7.5 High |
Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the PPPOEPassword parameter in the fromAdvSetWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
CVE-2024-42977 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2024-10-24 | 7.5 High |
Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the qos parameter in the fromqossetting function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
CVE-2024-48192 | 1 Tenda | 1 G3 Firmware | 2024-10-18 | 8 High |
Tenda G3 v15.01.0.5(2848_755)_EN was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root | ||||
CVE-2024-8231 | 1 Tenda | 2 O6, O6 Firmware | 2024-10-16 | 8.8 High |
A vulnerability classified as critical has been found in Tenda O6 1.0.0.7(2054). Affected is the function fromVirtualSet of the file /goform/setPortForward. The manipulation of the argument ip/localPort/publicPort/app leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2024-46045 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2024-10-15 | 5.7 Medium |
Tenda CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the frmL7PlotForm function. | ||||
CVE-2024-46044 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2024-10-15 | 5.7 Medium |
CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the fromqossetting function. | ||||
CVE-2024-46049 | 1 Tenda | 2 O6, O6 Firmware | 2024-10-15 | 5.7 Medium |
Tenda O6 V3.0 firmware V1.0.0.7(2054) contains a stack overflow vulnerability in the formexeCommand function. | ||||
CVE-2024-46628 | 2 Tenda, Tendacn | 3 G3 Firmware, G3, G3 Firmware | 2024-10-04 | 8 High |
Tenda G3 Router firmware v15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function. | ||||
CVE-2024-46652 | 1 Tenda | 1 Ac8v4 Firmware | 2024-09-26 | 9.8 Critical |
Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability in the fromAdvSetMacMtuWan function. | ||||
CVE-2023-36103 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2024-09-24 | 8 High |
Command Injection vulnerability in goform/SetIPTVCfg interface of Tenda AC15 V15.03.05.20 allows remote attackers to run arbitrary commands via crafted POST request. | ||||
CVE-2024-46048 | 1 Tenda | 2 Fh451, Fh451 Firmware | 2024-09-20 | 8.8 High |
Tenda FH451 v1.0.0.9 has a command injection vulnerability in the formexeCommand function i | ||||
CVE-2024-46047 | 1 Tenda | 2 Fh451, Fh451 Firmware | 2024-09-20 | 6.5 Medium |
Tenda FH451 v1.0.0.9 has a stack overflow vulnerability in the fromDhcpListClient function. | ||||
CVE-2024-46046 | 1 Tenda | 2 Fh451, Fh451 Firmware | 2024-09-20 | 6.5 Medium |
Tenda FH451 v1.0.0.9 has a stack overflow vulnerability located in the RouteStatic function. | ||||
CVE-2024-7585 | 1 Tenda | 2 I22, I22 Firmware | 2024-09-11 | 8.8 High |
A vulnerability has been found in Tenda i22 1.0.0.3(4687) and classified as critical. Affected by this vulnerability is the function formApPortalWebAuth of the file /goform/apPortalAuth. The manipulation of the argument webUserName/webUserPassword leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2024-7584 | 1 Tenda | 2 I22, I22 Firmware | 2024-09-11 | 8.8 High |
A vulnerability, which was classified as critical, was found in Tenda i22 1.0.0.3(4687). Affected is the function formApPortalPhoneAuth of the file /goform/apPortalPhoneAuth. The manipulation of the argument data leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |