CVSS: 9.8EPSS: 2%CPEs: 10EXPL: 2CVE-2020-13390
https://notcve.org/view.php?id=CVE-2020-13390
22 May 2020 — An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/addressNat entrys and mitInterface parameters for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An at... • https://joel-malwarebenchmark.github.io • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 2%CPEs: 10EXPL: 2CVE-2020-13391
https://notcve.org/view.php?id=CVE-2020-13391
22 May 2020 — An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/SetSpeedWan speed_dir parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can con... • https://joel-malwarebenchmark.github.io • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 2%CPEs: 10EXPL: 2CVE-2020-13392
https://notcve.org/view.php?id=CVE-2020-13392
22 May 2020 — An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/setcfm funcpara1 parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construc... • https://joel-malwarebenchmark.github.io • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 2%CPEs: 10EXPL: 2CVE-2020-13393
https://notcve.org/view.php?id=CVE-2020-13393
22 May 2020 — An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/saveParentControlInfo deviceId and time parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. A... • https://joel-malwarebenchmark.github.io • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 2%CPEs: 10EXPL: 2CVE-2020-13394
https://notcve.org/view.php?id=CVE-2020-13394
22 May 2020 — An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/SetNetControlList list parameter for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can con... • https://joel-malwarebenchmark.github.io • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 1CVE-2018-16333
https://notcve.org/view.php?id=CVE-2018-16333
02 Sep 2018 — An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server. While processing the ssid parameter for a POST request, the value is directly used in a sprintf call to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow. Se ha descubierto un problema en dispositivos Tenda AC7 V... • https://github.com/ZIllR0/Routers/blob/master/Tenda/oob1.md • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 1CVE-2018-14492
https://notcve.org/view.php?id=CVE-2018-14492
21 Jul 2018 — Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI. Los dispositivos Tenda AC7 hasta la versión V15.03.06.44_CN, AC9 hasta la versión V15.03.05.19(6318)_CN y AC10 hasta la versión V15.03.06.23_CN tienen un desbordamiento de búfer basado en pila mediante unos parámetros limitSpeed o limitSpeedup largos en un URI /goform sin especificar. • https://github.com/ZIllR0/Routers/blob/master/Tendaoob1.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 0CVE-2018-5768
https://notcve.org/view.php?id=CVE-2018-5768
20 Mar 2018 — A remote, unauthenticated attacker can gain remote code execution on the the Tenda AC15 router with a specially crafted password parameter for the COOKIE header. Un atacante remoto no autenticado puede obtener ejecución remota de código en el router Tenda AC15 con un parámetro de contraseña especialmente manipulado para la cabecera COOKIE. • https://www.fidusinfosec.com/tenda-ac15-hard-coded-accounts-cve-2018-5768 • CWE-798: Use of Hard-coded Credentials •
CVSS: 10.0EPSS: 3%CPEs: 2EXPL: 1CVE-2018-5770
https://notcve.org/view.php?id=CVE-2018-5770
20 Mar 2018 — An issue was discovered on Tenda AC15 devices. A remote, unauthenticated attacker can make a request to /goform/telnet, creating a telnetd service on the device. This service is password protected; however, several default accounts exist on the device that are root accounts, which can be used to log in. Se ha descubierto un problema en dispositivos Tenda AC15. Un atacante remoto no autenticado puede hacer una petición en /goform/telnet, creando un servicio telnetd en el dispositivo. • https://www.fidusinfosec.com/tenda-ac15-unauthenticated-telnetd-start-cve-2018-5770 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 9.8EPSS: 66%CPEs: 2EXPL: 4CVE-2018-5767 – Tenda AC15 Router - Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-5767
15 Feb 2018 — An issue was discovered on Tenda AC15 V15.03.1.16_multi devices. A remote, unauthenticated attacker can gain remote code execution on the device with a crafted password parameter for the COOKIE header. Hay una condición de carrera en xt_qtaguid.c debido a un bloqueo insuficiente. Esto podría llevar a una elevación de privilegios local sin necesitar privilegios de ejecución adicionales. No se necesita interacción del usuario para explotarlo. • https://www.exploit-db.com/exploits/44253 • CWE-20: Improper Input Validation •