CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2024-33180
https://notcve.org/view.php?id=CVE-2024-33180
16 Jul 2024 — Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/saveParentControlInfo. Se descubrió que Tenda AC18 V15.03.3.10_EN contiene una vulnerabilidad de desbordamiento del búfer basada en pila a través del parámetro deviceId en ip/goform/saveParentControlInfo. • https://palm-vertebra-fe9.notion.site/saveParentControlInfo_1-7c9695d0251945ae8006db705b9b80ac • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2024-33182
https://notcve.org/view.php?id=CVE-2024-33182
16 Jul 2024 — Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/addWifiMacFilter. Se descubrió que Tenda AC18 V15.03.3.10_EN contiene una vulnerabilidad de desbordamiento del búfer basada en pila a través del parámetro deviceId en ip/goform/addWifiMacFilter. • https://palm-vertebra-fe9.notion.site/addWifiMacFilter_1-067fa6984f0d4933b88c63efd7486479 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 13%CPEs: 2EXPL: 1CVE-2024-2854 – Tenda AC18 setsambacfg formSetSambaConf os command injection
https://notcve.org/view.php?id=CVE-2024-2854
24 Mar 2024 — A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formSetSambaConf.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-28535
https://notcve.org/view.php?id=CVE-2024-28535
12 Mar 2024 — Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the mitInterface parameter of fromAddressNat function. Tenda AC18 V15.03.05.05 tiene una vulnerabilidad de desbordamiento de pila en el parámetro mitInterface de la función fromAddressNat. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/fromAddressNat_mitInterface.md • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-28553
https://notcve.org/view.php?id=CVE-2024-28553
12 Mar 2024 — Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the entrys parameter fromAddressNat function. Tenda AC18 V15.03.05.05 tiene una vulnerabilidad de desbordamiento de pila en el parámetro de entradas de la función AddressNat. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/fromAddressNat_entrys.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 10EXPL: 1CVE-2023-38823
https://notcve.org/view.php?id=CVE-2023-38823
20 Nov 2023 — Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 and v.1.0 allows a remote attacker to execute arbitrary code via the formSetCfm function in bin/httpd. Vulnerabilidad de desbordamiento del búfer en Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 y v.1.0 permite a un atacante remoto ejecutar código arbitrario a través de la función formSetCfm en bin/httpd. • https://github.com/nhtri2003gmail/CVE_report/blob/master/CVE-2023-38823.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 29%CPEs: 2EXPL: 1CVE-2023-30135
https://notcve.org/view.php?id=CVE-2023-30135
05 May 2023 — Tenda AC18 v15.03.05.19(6318_)_cn was discovered to contain a command injection vulnerability via the deviceName parameter in the setUsbUnload function. • https://github.com/DrizzlingSun/Tenda/blob/main/AC18/8/8.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-24164
https://notcve.org/view.php?id=CVE-2023-24164
26 Jan 2023 — Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_000c2318. • https://github.com/DrizzlingSun/Tenda/blob/main/AC18/4/4.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-24165
https://notcve.org/view.php?id=CVE-2023-24165
26 Jan 2023 — Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/initIpAddrInfo. Tenda AC18 V15.03.05.19 es vulnerable al desbordamiento del búfer a través de /goform/initIpAddrInfo. • https://github.com/DrizzlingSun/Tenda/blob/main/AC18/7/7.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-24166
https://notcve.org/view.php?id=CVE-2023-24166
26 Jan 2023 — Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/formWifiBasicSet. Tenda AC18 V15.03.05.19 es vulnerable al desbordamiento del búfer a través de /goform/formWifiBasicSet. • https://github.com/DrizzlingSun/Tenda/blob/main/AC18/2/2.md • CWE-787: Out-of-bounds Write •