CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3874 – Tenda W20E SetRemoteWebManage formSetRemoteWebManage stack-based overflow
https://notcve.org/view.php?id=CVE-2024-3874
A vulnerability was found in Tenda W20E 15.11.0.6. It has been declared as critical. This vulnerability affects the function formSetRemoteWebManage of the file /goform/SetRemoteWebManage. The manipulation of the argument remoteIP leads to stack-based buffer overflow. The attack can be initiated remotely. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W20E/formSetRemoteWebManage.md https://vuldb.com/?ctiid.260908 https://vuldb.com/?id.260908 https://vuldb.com/?submit.312816 • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-26805
https://notcve.org/view.php?id=CVE-2023-26805
Tenda W20E v15.11.0.6 (US_W20EV4.0br_v15.11.0.6(1068_1546_841)_CN_TDC) is vulnerable to Buffer Overflow via function formIPMacBindModify. • https://github.com/Stevenbaga/fengsha/blob/main/W20E/formIPMacBindModify.md • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-26806
https://notcve.org/view.php?id=CVE-2023-26806
Tenda W20E v15.11.0.6(US_W20EV4.0br_v15.11.0.6(1068_1546_841 is vulnerable to Buffer Overflow via function formSetSysTime, • https://github.com/Stevenbaga/fengsha/blob/main/W20E/SetSysTime.md • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-48130
https://notcve.org/view.php?id=CVE-2022-48130
Tenda W20E v15.11.0.6 was discovered to contain multiple stack overflows in the function formSetStaticRoute via the parameters staticRouteNet, staticRouteMask, staticRouteGateway, staticRouteWAN. • https://github.com/Stevenbaga/fengsha/blob/main/W20E/formSetStaticRoute.md • CWE-787: Out-of-bounds Write •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1CVE-2022-45997
https://notcve.org/view.php?id=CVE-2022-45997
Tenda W20E V16.01.0.6(3392) is vulnerable to Buffer Overflow. Tenda W20E V16.01.0.6(3392) es vulnerable al desbordamiento de búfer. • https://github.com/bugfinder0/public_bug/tree/main/tenda/w20e/1 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •