CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-46393
https://notcve.org/view.php?id=CVE-2021-46393
There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v10 variable is directly retrieved from the http request parameter startIp. Then v10 will be splice to stack by function sscanf without any security check,which causes stack overflow. By POSTing the page /goform/SetPptpServerCfg with proper startIp, the attacker can easily perform remote code execution with carefully crafted overflow data. Se presenta una vulnerabilidad de desbordamiento del buffer de pila en la función formSetPPTPServer del router Tenda-AX3 versión V16.03.12.10_CN. • https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX3/3 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-25418
https://notcve.org/view.php?id=CVE-2022-25418
Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function openSchedWifi. Se ha detectado que Tenda AC9 versión V15.03.2.21_cn, contiene un desbordamiento de pila por medio de la función openSchedWifi • https://github.com/EPhaha/IOT_vuln/tree/main/Tenda/AC9/2 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-25417
https://notcve.org/view.php?id=CVE-2022-25417
Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function saveparentcontrolinfo. Se ha detectado que Tenda AC9 versión V15.03.2.21_cn, contiene un desbordamiento de pila por medio de la función saveparentcontrolinfo • https://github.com/EPhaha/IOT_vuln/tree/main/Tenda/AC9/3 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-25414
https://notcve.org/view.php?id=CVE-2022-25414
Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the parameter NPTR. Se ha detectado que Tenda AC9 versión V15.03.2.21_cn, contiene un desbordamiento de pila por medio del parámetro NPTR • https://github.com/EPhaha/IOT_vuln/tree/main/Tenda/AC9/1 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-45391
https://notcve.org/view.php?id=CVE-2021-45391
A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01.21_CN in the sub_422CE4 function in the goform/setIPv6Status binary file /usr/sbin/httpd via the conType parameter, which causes a Denial of Service. Se presenta una vulnerabilidad de desbordamiento de búfer en Tenda Router AX12 versión V22.03.01.21_CN en la función sub_422CE4 del archivo binario goform/setIPv6Status /usr/sbin/httpd por medio del parámetro conType, que causa una Denegación de Servicio • http://tendawifi.com/index.html https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX12/1 https://www.tenda.com.cn https://www.tenda.com.cn/product/AX12.html • CWE-787: Out-of-bounds Write •