CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4239 – Tenda AX1806 SetRebootTimer formSetRebootTimer stack-based overflow
https://notcve.org/view.php?id=CVE-2024-4239
26 Apr 2024 — A vulnerability was found in Tenda AX1806 1.0.0.1 and classified as critical. Affected by this issue is the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AX/AX1806/formSetRebootTimer.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4238 – Tenda AX1806 SetOnlineDevName formSetDeviceName stack-based overflow
https://notcve.org/view.php?id=CVE-2024-4238
26 Apr 2024 — A vulnerability has been found in Tenda AX1806 1.0.0.1 and classified as critical. Affected by this vulnerability is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AX/AX1806/formSetDeviceName_devName.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4237 – Tenda AX1806 execCommand R7WebsSecurityHandler stack-based overflow
https://notcve.org/view.php?id=CVE-2024-4237
26 Apr 2024 — A vulnerability, which was classified as critical, was found in Tenda AX1806 1.0.0.1. Affected is the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AX/AX1806/R7WebsSecurityHandler.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 1CVE-2023-47455
https://notcve.org/view.php?id=CVE-2023-47455
07 Nov 2023 — Tenda AX1806 V1.0.0.1 contains a heap overflow vulnerability in setSchedWifi function, in which the src and v12 are directly obtained from http request parameter schedStartTime and schedEndTime without checking their size. Tenda AX1806 V1.0.0.1 contiene una vulnerabilidad de desbordamiento de montón en la función setSchedWifi, en la que src y v12 se obtienen directamente del parámetro de solicitud http schedStartTime y schedEndTime sin verificar su tamaño. • https://github.com/Anza2001/IOT_VULN/blob/main/Tenda/AX1806/setSchedWifi.md • CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 1CVE-2023-47456
https://notcve.org/view.php?id=CVE-2023-47456
07 Nov 2023 — Tenda AX1806 V1.0.0.1 contains a stack overflow vulnerability in function sub_455D4, called by function fromSetWirelessRepeat. Tenda AX1806 V1.0.0.1 contiene una vulnerabilidad de desbordamiento de pila en la función sub_455D4, llamada por la función fromSetWirelessRepeat. • https://github.com/Anza2001/IOT_VULN/blob/main/Tenda/AX1806/fromSetWirelessRepeat.md • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-34597
https://notcve.org/view.php?id=CVE-2022-34597
06 Jul 2022 — Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability via the function WanParameterSetting. Se ha detectado que Tenda AX1806 versión v1.0.0.1, contiene una vulnerabilidad de inyección de comandos por medio de la función WanParameterSetting • https://github.com/zhefox/IOT_Vul/blob/main/Tenda/TendaAX1806/readme_en.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-32030
https://notcve.org/view.php?id=CVE-2022-32030
01 Jul 2022 — Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function formSetQosBand. Se ha detectado que Tenda AX1806 versión v1.0.0.1, contiene un desbordamiento de pila por medio del parámetro list en la función formSetQosBand • https://github.com/d1tto/IoT-vuln/tree/main/Tenda/AX1806/formSetQosBand • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-32031
https://notcve.org/view.php?id=CVE-2022-32031
01 Jul 2022 — Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function fromSetRouteStatic. Se ha detectado que Tenda AX1806 versión v1.0.0.1, contiene un desbordamiento de pila por medio del parámetro list en la función fromSetRouteStatic • https://github.com/d1tto/IoT-vuln/tree/main/Tenda/AX1806/fromSetRouteStatic • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-32032
https://notcve.org/view.php?id=CVE-2022-32032
01 Jul 2022 — Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the deviceList parameter in the function formAddMacfilterRule. Se ha detectado que Tenda AX1806 versión v1.0.0.1, contiene un desbordamiento de pila por medio del parámetro deviceList en la función formAddMacfilterRule • https://github.com/d1tto/IoT-vuln/tree/main/Tenda/A18/formAddMacfilterRule • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-32033
https://notcve.org/view.php?id=CVE-2022-32033
01 Jul 2022 — Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the function formSetVirtualSer. Se ha detectado que Tenda AX1806 versión v1.0.0.1, contiene un desbordamiento de pila por medio de la función formSetVirtualSer • https://github.com/d1tto/IoT-vuln/tree/main/Tenda/AX1806/formSetVirtualSer • CWE-787: Out-of-bounds Write •