ReportizFlow
Filtered by vendor Tendacn
Subscriptions
Total
157 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-16213 | 1 Tendacn | 2 Pa6, Pa6 Firmware | 2024-11-21 | 8.8 High |
| Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted string, an attacker could modify the device name of an attached PLC adapter to inject and execute arbitrary commands on the system with root privileges. | ||||
| CVE-2018-7561 | 2 Tenda, Tendacn | 2 Ac9, Ac9 Firmware | 2024-11-21 | N/A |
| Stack-based Buffer Overflow in httpd on Tenda AC9 devices V15.03.05.14_EN allows remote attackers to cause a denial of service or possibly have unspecified other impact. | ||||
| CVE-2018-5770 | 1 Tendacn | 2 Ac15, Ac15 Firmware | 2024-11-21 | N/A |
| An issue was discovered on Tenda AC15 devices. A remote, unauthenticated attacker can make a request to /goform/telnet, creating a telnetd service on the device. This service is password protected; however, several default accounts exist on the device that are root accounts, which can be used to log in. | ||||
| CVE-2018-5768 | 1 Tendacn | 2 Ac15, Ac15 Firmware | 2024-11-21 | N/A |
| A remote, unauthenticated attacker can gain remote code execution on the the Tenda AC15 router with a specially crafted password parameter for the COOKIE header. | ||||
| CVE-2018-5767 | 1 Tendacn | 2 Ac15, Ac15 Firmware | 2024-11-21 | N/A |
| An issue was discovered on Tenda AC15 V15.03.1.16_multi devices. A remote, unauthenticated attacker can gain remote code execution on the device with a crafted password parameter for the COOKIE header. | ||||
| CVE-2018-20373 | 1 Tendacn | 2 Adsl, Adsl Firmware | 2024-11-21 | N/A |
| Tenda ADSL modem routers 1.0.1 allow XSS via the hostname of a DHCP client. | ||||
| CVE-2018-16334 | 1 Tendacn | 4 Ac10, Ac10 Firmware, Ac9 and 1 more | 2024-11-21 | N/A |
| An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection. | ||||
| CVE-2018-16333 | 1 Tendacn | 10 Ac10, Ac10 Firmware, Ac15 and 7 more | 2024-11-21 | N/A |
| An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server. While processing the ssid parameter for a POST request, the value is directly used in a sprintf call to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow. | ||||
| CVE-2018-14497 | 1 Tendacn | 2 D152, D152 Firmware | 2024-11-21 | N/A |
| Tenda D152 ADSL routers allow XSS via a crafted SSID. | ||||
| CVE-2018-14492 | 1 Tendacn | 10 Ac10, Ac10 Firmware, Ac15 and 7 more | 2024-11-21 | N/A |
| Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI. | ||||
| CVE-2024-46628 | 2 Tenda, Tendacn | 3 G3 Firmware, G3, G3 Firmware | 2024-10-04 | 8 High |
| Tenda G3 Router firmware v15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function. | ||||
| CVE-2024-42942 | 2 Tenda, Tendacn | 3 Fh1201 Firmware, Fh1201, Fh1201 Firmware | 2024-08-16 | 6.5 Medium |
| Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the frmL7ImForm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2024-42945 | 2 Tenda, Tendacn | 3 Fh1201 Firmware, Fh1201, Fh1201 Firmware | 2024-08-16 | 6.5 Medium |
| Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromAddressNat function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2024-42949 | 2 Tenda, Tendacn | 3 Fh1201 Firmware, Fh1201, Fh1201 Firmware | 2024-08-16 | 6.5 Medium |
| Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the qos parameter in the fromqossetting function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2024-42953 | 2 Tenda, Tendacn | 3 Fh1201 Firmware, Fh1201, Fh1201 Firmware | 2024-08-16 | 6.5 Medium |
| Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the PPW parameter in the fromWizardHandle function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2024-42954 | 2 Tenda, Tendacn | 3 Fh1201 Firmware, Fh1201, Fh1201 Firmware | 2024-08-16 | 6.5 Medium |
| Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromwebExcptypemanFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2024-7581 | 2 Tenda, Tendacn | 3 A301 Firmware, A301, A301 Firmware | 2024-08-07 | 8.8 High |
| A vulnerability classified as critical has been found in Tenda A301 15.13.08.12. This affects the function formWifiBasicSet of the file /goform/WifiBasicSet. The manipulation of the argument security leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||