CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 1CVE-2023-27240
https://notcve.org/view.php?id=CVE-2023-27240
Tenda AX3 V16.03.12.11 was discovered to contain a command injection vulnerability via the lanip parameter at /goform/AdvSetLanip. • https://github.com/yjzy00001/CVE/blob/main/vuln/rce/readme.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-27239
https://notcve.org/view.php?id=CVE-2023-27239
Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the shareSpeed parameter at /goform/WifiGuestSet. • https://github.com/yjzy00001/CVE/blob/main/vuln/WifiGuestSet/readme.md • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-24212
https://notcve.org/view.php?id=CVE-2023-24212
Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the timeType function at /goform/SetSysTimeCfg. • https://github.com/Venus-WQLab/bug_report/blob/main/Tenda/CVE-2023-24212.md https://github.com/w0x68y/cve-lists/blob/main/Tenda/vuln/readme.md • CWE-787: Out-of-bounds Write •