CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-28094
https://notcve.org/view.php?id=CVE-2020-28094
28 Dec 2020 — On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, the default settings for the router speed test contain links to download malware named elive or CNKI E-Learning. En los dispositivos Tenda AC1200 (Modelo AC6) versión 15.03.06.51_multi, la configuración predeterminada para la prueba de velocidad del enrutador contiene enlaces para descargar malware llamado elive o CNKI E-Learning • https://github.com/cecada/Tenda-AC6-Root-Acces/blob/main/README.md •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1CVE-2020-28093
https://notcve.org/view.php?id=CVE-2020-28093
28 Dec 2020 — On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, admin, support, user, and nobody have a password of 1234. En los dispositivos Tenda AC1200 (modelo AC6) versión 15.03.06.51_multi, admin, support, user, y nadie presenta una contraseña de 1234 • https://github.com/cecada/Tenda-AC6-Root-Acces/blob/main/README.md •
CVSS: 9.8EPSS: 2%CPEs: 4EXPL: 0CVE-2020-24987
https://notcve.org/view.php?id=CVE-2020-24987
04 Sep 2020 — Tenda AC18 Router through V15.03.05.05_EN and through V15.03.05.19(6318) CN devices could cause a remote code execution due to incorrect authentication handling of vulnerable logincheck() function in /usr/lib/lua/ngx_authserver/ngx_wdas.lua file if the administrator UI Interface is set to "radius". El enrutador Tenda AC18 versiones hasta V15.03.05.05_EN y versiones hasta V15.03.05.19(6318), los dispositivos CN podrían causar una ejecución remota de código debido a un manejo de autenticación incorrecto de la... • https://cwe.mitre.org/data/definitions/287.html • CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 5%CPEs: 2EXPL: 1CVE-2019-19505
https://notcve.org/view.php?id=CVE-2019-19505
25 Jun 2020 — Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the "Wireless" section in the web-UI. By sending a specially crafted hostname, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. El extensor Tenda PA6 Wi-Fi Powerline versión 1.0.1.21, es vulnerable a un desbordamiento del búfer en la región stack de la memoria, causado por una comprobación incorrecta de límites ... • https://securityintelligence.com/posts/vulnerable-powerline-extenders-underline-lax-iot-security • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-19506
https://notcve.org/view.php?id=CVE-2019-19506
25 Jun 2020 — Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a denial of service, caused by an error in the "homeplugd" process. By sending a specially crafted UDP packet, an attacker could exploit this vulnerability to cause the device to reboot. El extensor Tenda PA6 Wi-Fi Powerline versión 1.0.1.21, es vulnerable a una denegación de servicio, causada por un error en el proceso "homeplugd". Mediante el envío de un paquete UDP especialmente diseñado, un atacante podría aprovechar esta vulnerabilidad para h... • https://securityintelligence.com/posts/vulnerable-powerline-extenders-underline-lax-iot-security • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.0EPSS: 3%CPEs: 2EXPL: 1CVE-2019-16213
https://notcve.org/view.php?id=CVE-2019-16213
25 Jun 2020 — Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted string, an attacker could modify the device name of an attached PLC adapter to inject and execute arbitrary commands on the system with root privileges. El extensor Tenda PA6 Wi-Fi Powerline versión 1.0.1.21, podría permitir a un atacante autenticado remoto ejecutar comandos arbitrarios en el sistema. Mediante el envío de una cadena especialmente... • https://securityintelligence.com/posts/vulnerable-powerline-extenders-underline-lax-iot-security • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 2%CPEs: 10EXPL: 1CVE-2020-13389
https://notcve.org/view.php?id=CVE-2020-13389
22 May 2020 — An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/openSchedWifi schedStartTime and schedEndTime parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a funct... • https://joel-malwarebenchmark.github.io • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 2%CPEs: 10EXPL: 2CVE-2020-13390
https://notcve.org/view.php?id=CVE-2020-13390
22 May 2020 — An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/addressNat entrys and mitInterface parameters for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An at... • https://joel-malwarebenchmark.github.io • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 2%CPEs: 10EXPL: 2CVE-2020-13391
https://notcve.org/view.php?id=CVE-2020-13391
22 May 2020 — An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/SetSpeedWan speed_dir parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can con... • https://joel-malwarebenchmark.github.io • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 2%CPEs: 10EXPL: 2CVE-2020-13392
https://notcve.org/view.php?id=CVE-2020-13392
22 May 2020 — An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/setcfm funcpara1 parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construc... • https://joel-malwarebenchmark.github.io • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •