CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 1CVE-2023-49437
https://notcve.org/view.php?id=CVE-2023-49437
Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList. Se ha descubierto que Tenda AX12 V22.03.01.46 contiene una vulnerabilidad de inyección de comandos en el parámetro 'lista' en /goform/SetNetControlList. • https://github.com/ef4tless/vuln/blob/master/iot/AX12/SetNetControlList-3.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-45995
https://notcve.org/view.php?id=CVE-2022-45995
There is an unauthorized buffer overflow vulnerability in Tenda AX12 v22.03.01.21 _ cn. This vulnerability can cause the web service not to restart or even execute arbitrary code. It is a different vulnerability from CVE-2022-2414. Existe una vulnerabilidad de desbordamiento de búfer no autorizado en Tenda AX12 v22.03.01.21 _ cn. Esta vulnerabilidad puede hacer que el servicio web no se reinicie o incluso ejecute código arbitrario. • https://github.com/bugfinder0/public_bug/tree/main/tenda/ax12/1 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-45979
https://notcve.org/view.php?id=CVE-2022-45979
Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the ssid parameter at /goform/fast_setting_wifi_set . Se descubrió que Tenda AX12 v22.03.01.21_CN contenía un desbordamiento de pila a través del parámetro ssid en /goform/fast_setting_wifi_set. • https://github.com/The-Itach1/IOT-CVE/tree/master/Tenda/AX12/4 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-45043
https://notcve.org/view.php?id=CVE-2022-45043
Tenda AX12 V22.03.01.16_cn is vulnerable to command injection via goform/fast_setting_internet_set. Tenda AX12 V22.03.01.16_cn es vulnerable a la inyección de comandos a través de goform/fast_setting_internet_set. • https://github.com/The-Itach1/IOT-CVE/tree/master/Tenda/AX12/2 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-45980
https://notcve.org/view.php?id=CVE-2022-45980
Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via /goform/SysToolRestoreSet . Se descubrió que Tenda AX12 V22.03.01.21_CN contenía Cross-Site Request Forgery (CSRF) a través de /goform/SysToolRestoreSet. • https://github.com/The-Itach1/IOT-CVE/tree/master/Tenda/AX12/6 • CWE-352: Cross-Site Request Forgery (CSRF) •