CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 2CVE-2024-2808 – Tenda AC15 QuickIndex formQuickIndex stack-based overflow
https://notcve.org/view.php?id=CVE-2024-2808
A vulnerability, which was classified as critical, has been found in Tenda AC15 15.03.05.18/15.03.20_multi. This issue affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/skyler-ferrante/CVE-2024-28085 https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formQuickIndex.md https://vuldb.com/?ctiid.257663 https://vuldb.com/?id.257663 • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2024-2807 – Tenda AC15 expandDlnaFile formExpandDlnaFile stack-based overflow
https://notcve.org/view.php?id=CVE-2024-2807
A vulnerability classified as critical was found in Tenda AC15 15.03.05.18/15.03.20_multi. This vulnerability affects the function formExpandDlnaFile of the file /goform/expandDlnaFile. The manipulation of the argument filePath leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formExpandDlnaFile.md https://vuldb.com/?ctiid.257662 https://vuldb.com/?id.257662 • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2024-2806 – Tenda AC15 addWifiMacFilter stack-based overflow
https://notcve.org/view.php?id=CVE-2024-2806
A vulnerability classified as critical has been found in Tenda AC15 15.03.05.18/15.03.20_multi. This affects the function addWifiMacFilter of the file /goform/addWifiMacFilter. The manipulation of the argument deviceId/deviceMac leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/addWifiMacFilter_deviceId.md https://vuldb.com/?ctiid.257661 https://vuldb.com/?id.257661 • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-39673
https://notcve.org/view.php?id=CVE-2023-39673
Tenda AC15 V1.0BR_V15.03.05.18_multi_TD01 was discovered to contain a buffer overflow via the function FUN_00010e34(). Se ha descubierto que Tenda AC15 V1.0BR_V15.03.05.18_multi_TD01 contiene un desbordamiento de búfer a través de la función FUN_00010e34(). • https://github.com/Davidteeri/Bug-Report/blob/main/Tenda/AC15%20Impoper%20Input%20Validation.md https://www.tendacn.com/download/list-3.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-28557
https://notcve.org/view.php?id=CVE-2022-28557
There is a command injection vulnerability at the /goform/setsambacfg interface of Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin device web, which can also cooperate with CVE-2021-44971 to cause unconditional arbitrary command execution Se presenta una vulnerabilidad de inyección de comandos en la interfaz /goform/setsambacfg de la web del dispositivo Tenda AC15 versión US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin, que también puede cooperar con CVE-2021-44971 para causar una ejecución de comandos arbitrarios incondicionales • https://github.com/doudoudedi/TendaAC15_vul/blob/main/TendaAC15-vul.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •