CVE-2024-10130 – Tenda AC8 SetSysAutoRebbotCfg formSetRebootTimer stack-based overflow
https://notcve.org/view.php?id=CVE-2024-10130
A vulnerability classified as critical was found in Tenda AC8 16.03.34.06. This vulnerability affects the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.280918 https://vuldb.com/?ctiid.280918 https://vuldb.com/?submit.422141 https://github.com/JohenanLi/router_vuls/blob/main/ac8v4/FUN_004a8838.md https://www.tenda.com.cn • CWE-121: Stack-based Buffer Overflow •
CVE-2024-10123 – Tenda AC8 saveParentControlInfo compare_parentcontrol_time stack-based overflow
https://notcve.org/view.php?id=CVE-2024-10123
A vulnerability was found in Tenda AC8 16.03.34.06. It has been declared as critical. Affected by this vulnerability is the function compare_parentcontrol_time of the file /goform/saveParentControlInfo. The manipulation of the argument time leads to stack-based buffer overflow. The attack can be launched remotely. • https://github.com/JohenanLi/router_vuls/blob/main/ac8v4/compare_parentcontrol_time_vul.md https://vuldb.com/?ctiid.280915 https://vuldb.com/?id.280915 https://vuldb.com/?submit.421340 https://www.tenda.com.cn • CWE-121: Stack-based Buffer Overflow •
CVE-2023-4744 – Tenda AC8 formSetDeviceName stack-based overflow
https://notcve.org/view.php?id=CVE-2023-4744
A vulnerability was found in Tenda AC8 16.03.34.06_cn_TDC01. It has been declared as critical. Affected by this vulnerability is the function formSetDeviceName. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. • https://github.com/GleamingEyes/vul/blob/main/tenda_ac8/ac8_1.md https://vuldb.com/?ctiid.238633 https://vuldb.com/?id.238633 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2023-38931
https://notcve.org/view.php?id=CVE-2023-38931
Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and FH1203 V2.0.1.6 were discovered to contain a stack overflow via the list parameter in the setaccount function. • https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/cloudv2_setaccount/README.md • CWE-787: Out-of-bounds Write •
CVE-2023-38935
https://notcve.org/view.php?id=CVE-2023-38935
Tenda AC1206 V15.03.06.23, AC8 V4 V16.03.34.06, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and AC9 V3.0 V15.03.06.42_multi were discovered to contain a tack overflow via the list parameter in the formSetQosBand function. • https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetQosBand/README.md • CWE-787: Out-of-bounds Write •