CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 2CVE-2023-45480
https://notcve.org/view.php?id=CVE-2023-45480
29 Nov 2023 — Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the src parameter in the function sub_47D878. Se descubrió que la versión Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn contenía un desbordamiento de pila a través del parámetro src en la función sub_47D878. • https://github.com/l3m0nade/IOTvul/blob/master/assets/sub_47d878_code.png • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 2CVE-2023-45481
https://notcve.org/view.php?id=CVE-2023-45481
29 Nov 2023 — Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the firewallEn parameter in the function SetFirewallCfg. Se descubrió que la versión Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn contenía un desbordamiento de pila a través del parámetro firewallEn en la función SetFirewallCfg. • https://github.com/l3m0nade/IOTvul/blob/master/SetFirewallCfg.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 2CVE-2023-45482
https://notcve.org/view.php?id=CVE-2023-45482
29 Nov 2023 — Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the urls parameter in the function get_parentControl_list_Info. Se descubrió que la versión Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn contenía un desbordamiento de pila a través del parámetro urls en la función get_parentControl_list_Info. • https://github.com/l3m0nade/IOTvul/blob/master/assets/get_parentControl_list_Info_code.png • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 2CVE-2023-45483
https://notcve.org/view.php?id=CVE-2023-45483
29 Nov 2023 — Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the time parameter in the function compare_parentcontrol_time. Se descubrió que la versión Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn contenía un desbordamiento de pila a través del parámetro de tiempo en la función compare_parentcontrol_time. • https://github.com/l3m0nade/IOTvul/blob/master/assets/compare_parentcontrol_time_code.png • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 2CVE-2023-45484
https://notcve.org/view.php?id=CVE-2023-45484
29 Nov 2023 — Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGuestBasic. Se descubrió que la versión Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn contenía un desbordamiento de pila a través del parámetro shareSpeed en la función fromSetWifiGuestBasic. • https://github.com/l3m0nade/IOTvul/blob/master/assets/fromSetWifiGuestBasic_code.png • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-42320
https://notcve.org/view.php?id=CVE-2023-42320
18 Sep 2023 — Buffer Overflow vulnerability in Tenda AC10V4 v.US_AC10V4.0si_V16.03.10.13_cn_TDC01 allows a remote attacker to cause a denial of service via the mac parameter in the GetParentControlInfo function. La vulnerabilidad de Desbordamiento de Búfer en Tenda AC10V4 v.US_AC10V4.0si_V16.03.10.13_cn_TDC01 permite a un atacante remoto provocar una denegación de servicio a través del parámetro mac en la función GetParentControlInfo. • https://github.com/aixiao0621/Tenda/blob/main/AC10/0.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 18EXPL: 1CVE-2023-38931
https://notcve.org/view.php?id=CVE-2023-38931
07 Aug 2023 — Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and FH1203 V2.0.1.6 were discovered to contain a stack overflow via the list parameter in the setaccount function. • https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/cloudv2_setaccount/README.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 18EXPL: 1CVE-2023-38933
https://notcve.org/view.php?id=CVE-2023-38933
07 Aug 2023 — Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6 and AC9 V3.0 V15.03.06.42_multi, and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function. • https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetClientState/README.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 1CVE-2023-38935
https://notcve.org/view.php?id=CVE-2023-38935
07 Aug 2023 — Tenda AC1206 V15.03.06.23, AC8 V4 V16.03.34.06, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and AC9 V3.0 V15.03.06.42_multi were discovered to contain a tack overflow via the list parameter in the formSetQosBand function. • https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetQosBand/README.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 18EXPL: 1CVE-2023-38936
https://notcve.org/view.php?id=CVE-2023-38936
07 Aug 2023 — Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6, AC9 V3.0 V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function. • https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetSpeedWan/README.md • CWE-787: Out-of-bounds Write •