59 results (0.002 seconds)

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1

A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formSetSambaConf.md https://vuldb.com/?ctiid.257778 https://vuldb.com/?id.257778 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 6

A vulnerability classified as problematic was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function fromSysToolRestoreSet of the file /goform/SysToolRestoreSet. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/K3ysTr0K3R/CVE-2024-25600-EXPLOIT https://github.com/hy011121/CVE-2024-25600-wordpress-Exploit-RCE https://github.com/ivanbg2004/0BL1V10N-CVE-2024-25600-Bricks-Builder-plugin-for-WordPress https://github.com/Tornad0007/CVE-2024-25600-Bricks-Builder-plugin-for-WordPress https://github.com/X-Projetion/WORDPRESS-CVE-2024-25600-EXPLOIT-RCE https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/fromSysToolRestoreSet.md https://vuldb.com/?ctiid.257059 https://vuldb.com • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

A vulnerability classified as problematic has been found in Tenda AC18 15.03.05.05. Affected is the function fromSysToolReboot of the file /goform/SysToolReboot. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/fromSysToolReboot.md https://vuldb.com/?ctiid.257058 https://vuldb.com/?id.257058 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated as critical. This issue affects the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formexeCommand.md https://vuldb.com/?ctiid.257057 https://vuldb.com/?id.257057 • CWE-121: Stack-based Buffer Overflow •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in Tenda AC18 15.03.05.05 and classified as critical. Affected by this issue is the function R7WebsSecurityHandler. The manipulation of the argument password leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/R7WebsSecurityHandler.md https://vuldb.com/?ctiid.257000 https://vuldb.com/?id.257000 • CWE-121: Stack-based Buffer Overflow •