CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-27706
https://notcve.org/view.php?id=CVE-2021-27706
Buffer Overflow in Tenda G1 and G3 routers with firmware version V15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"IPMacBindIndex "request. This occurs because the "formIPMacBindDel" function directly passes the parameter "IPMacBindIndex" to strcpy without limit. Un desbordamiento de búfer en los enrutadores Tenda G1 y G3 con versión de firmware V15.11.0.17(9502) _CN permite a atacantes remotos ejecutar código arbitrario por medio de una petición diseñada action/"IPMacBindIndex". Esto ocurre porque la función "formIPMacBindDel" pasa directamente el parámetro "IPMacBindIndex" a strcpy sin límite • https://hackmd.io/BhzJ4H20TjqKUiBrDOIKaw • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-27705
https://notcve.org/view.php?id=CVE-2021-27705
Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"qosIndex "request. This occurs because the "formQOSRuleDel" function directly passes the parameter "qosIndex" to strcpy without limit. Un desbordamiento de búfer en los enrutadores Tenda versiones G1 y G3 con firmware v15.11.0.17(9502) _CN, permite a atacantes remotos ejecutar código arbitrario por medio de una petición diseñada action/"qosIndex". Esto ocurre porque la función "formQOSRuleDel" pasa directamente el parámetro "qosIndex" a strcpy sin límite • https://hackmd.io/Zb7lfFaNR0ScpaTssECFbg • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 3CVE-2021-3186 – Tenda AC5 AC1200 Wireless - 'WiFi Name & Password' Stored Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-3186
A Stored Cross-site scripting (XSS) vulnerability in /main.html Wifi Settings in Tenda AC5 AC1200 version V15.03.06.47_multi allows remote attackers to inject arbitrary web script or HTML via the Wifi Name parameter. Una vulnerabilidad de tipo Cross-site scripting (XSS) almacenado en Wifi Settings de /main.html en Tenda AC5 AC1200 versión V15.03.06.47_multi, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro Wifi Name Tenda AC5 AC1200 Wireless suffers from a persistent cross site scripting vulnerability. • https://www.exploit-db.com/exploits/49478 http://packetstormsecurity.com/files/161119/Tenda-AC5-AC1200-Wireless-Cross-Site-Scripting.html https://www.hackingarticles.in/exploiting-stored-cross-site-scripting-at-tenda-ac5-ac1200 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 3CVE-2020-35391 – Tenda N300 F3 12.01.01.48 - Malformed HTTP Request Header Processing
https://notcve.org/view.php?id=CVE-2020-35391
Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_passwd line) via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related issue to CVE-2017-14942. NOTE: the vulnerability report may suggest that either a ? character must be placed after the RouterCfm.cfg filename, or that the HTTP request headers must be unusual, but it is not known why these are relevant to the device's HTTP response behavior. Los dispositivos Tenda N300 F3 versión 12.01.01.48, permiten a atacantes remotos obtener información confidencial (posiblemente incluyendo una línea http_passwd) por medio de una petición directa de cgi-bin/DownloadCfg/RouterCfm.cfg, un problema relacionado con CVE-2017-14942. NOTA: el reporte de vulnerabilidad puede sugerir que un caracter ? • https://www.exploit-db.com/exploits/51317 https://github.com/H454NSec/CVE-2020-35391 https://github.com/dumitory-dev/CVE-2020-35391-POC http://packetstormsecurity.com/files/171773/Tenda-N300-F3-12.01.01.48-Header-Processing.html https://medium.com/%40signalhilltech/tenda-n300-authentication-bypass-via-malformed-http-request-header-5b8744ca685e • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-28095
https://notcve.org/view.php?id=CVE-2020-28095
On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, a large HTTP POST request sent to the change password API will trigger the router to crash and enter an infinite boot loop. En los dispositivos Tenda AC1200 (Modelo AC6) versión 15.03.06.51_multi, una petición HTTP POST grande enviada hacia la API de cambio de contraseña desencadenará que el enrutador se bloquee y entre en un bucle de arranque infinito. • https://github.com/cecada/Tenda-AC6-Root-Acces/blob/main/README.md • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •