51 results (0.001 seconds)

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this issue is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/theRaz0r/iot-mycve/blob/main/tenda_ac6_stackflow_formSetDeviceName/tenda_ac6_stackflow_formSetDeviceName.md https://vuldb.com/?ctiid.282866 https://vuldb.com/?id.282866 https://vuldb.com/?submit.434935 https://www.tenda.com.cn • CWE-121: Stack-based Buffer Overflow •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability has been found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac of the component API Endpoint. The manipulation of the argument The leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/theRaz0r/iot-mycve/blob/main/tenda_ac6_rce_WriteFacMac/tenda_ac6_rce_WriteFacMac.md https://vuldb.com/?ctiid.282865 https://vuldb.com/?id.282865 https://vuldb.com/?submit.434934 https://www.tenda.com.cn • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 1

Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 and v.1.0 allows a remote attacker to execute arbitrary code via the formSetCfm function in bin/httpd. Vulnerabilidad de desbordamiento del búfer en Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 y v.1.0 permite a un atacante remoto ejecutar código arbitrario a través de la función formSetCfm en bin/httpd. • https://github.com/nhtri2003gmail/CVE_report/blob/master/CVE-2023-38823.md https://github.com/johnathanhuutri/CVE_report/blob/master/CVE-2023-38823/README.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

Tenda AC6 v15.03.05.19 is vulnerable to Buffer Overflow as the Index parameter does not verify the length. Tenda AC6 v15.03.05.19 es vulnerable al desbordamiento del búfer ya que el parámetro Índice no verifica la longitud. • https://reference1.example.com/goform/WifiWpsOOB • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 1

Tenda AC6 US_AC6V4.0RTL_V02.03.01.26_cn.bin allows attackers (who have the administrator password) to cause a denial of service (device crash) via a long string in the wifiPwd_5G parameter to /goform/setWifi. Tenda AC6 US_AC6V4.0RTL_V02.03.01.26_cn.bin permite a atacantes (que tienen la contraseña de administrador) provocar una denegación de servicio (caída del dispositivo) a través de una cadena larga en el parámetro wifiPwd_5G en /goform/setWifi. • https://github.com/doudoudedi/buffer_overflow/blob/main/Tenda%20AC6%20V4.0-Denial%20of%20Service%20Vulnerability.md • CWE-404: Improper Resource Shutdown or Release •