CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2024-2806 – Tenda AC15 addWifiMacFilter stack-based overflow
https://notcve.org/view.php?id=CVE-2024-2806
22 Mar 2024 — A vulnerability classified as critical has been found in Tenda AC15 15.03.05.18/15.03.20_multi. This affects the function addWifiMacFilter of the file /goform/addWifiMacFilter. The manipulation of the argument deviceId/deviceMac leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/addWifiMacFilter_deviceId.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-39673
https://notcve.org/view.php?id=CVE-2023-39673
18 Aug 2023 — Tenda AC15 V1.0BR_V15.03.05.18_multi_TD01 was discovered to contain a buffer overflow via the function FUN_00010e34(). Se ha descubierto que Tenda AC15 V1.0BR_V15.03.05.18_multi_TD01 contiene un desbordamiento de búfer a través de la función FUN_00010e34(). • https://github.com/Davidteeri/Bug-Report/blob/main/Tenda/AC15%20Impoper%20Input%20Validation.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-44168
https://notcve.org/view.php?id=CVE-2022-44168
21 Nov 2022 — Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function fromSetRouteStatic.. Tenda AC15 V15.03.05.18 es vulnerable al desbordamiento del búfer mediante la función fromSetRouteStatic. • https://github.com/RobinWang825/IoT_vuln/tree/main/Tenda/AC15/fromSetRouteStatic • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-44167
https://notcve.org/view.php?id=CVE-2022-44167
21 Nov 2022 — Tenda AC15 V15.03.05.18 is avulnerable to Buffer Overflow via function formSetPPTPServer. Tenda AC15 V15.03.05.18 es vulnerable al desbordamiento del búfer mediante la función formSetPPTPServer. • https://drive.google.com/file/d/1Jq8Tm_2FDS4WDD_afdhg1LnA3VcvZdjS/view?usp=sharing • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-44169
https://notcve.org/view.php?id=CVE-2022-44169
21 Nov 2022 — Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function formSetVirtualSer. Tenda AC15 V15.03.05.18 es vulnerable al desbordamiento del búfer a través de la función formSetVirtualSer. • https://github.com/RobinWang825/IoT_vuln/tree/main/Tenda/AC15/formSetVirtualSer • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-43259
https://notcve.org/view.php?id=CVE-2022-43259
18 Oct 2022 — Tenda AC15 V15.03.05.18 was discovered to contain a stack overflow via the timeZone parameter in the form_fast_setting_wifi_set function. Se ha detectado que Tenda AC15 versión V15.03.05.18, contiene un desbordamiento de pila por medio del parámetro timeZone en la función form_fast_setting_wifi_set • https://drive.google.com/file/d/1VjYjZKv7MJ69hGPG-xD0xublUw-taq4w/view?usp=sharing • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-37175
https://notcve.org/view.php?id=CVE-2022-37175
19 Aug 2022 — Tenda ac15 firmware V15.03.05.18 httpd server has stack buffer overflow in /goform/formWifiBasicSet. Tenda ac15 firmware V15.03.05.18, el servidor httpd presenta desbordamiento de búfer de pila en /goform/formWifiBasicSet. • https://drive.google.com/file/d/16hshiCHS8j3YaFPkQD3xajVuwu_QVBe3/view • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-44352
https://notcve.org/view.php?id=CVE-2021-44352
03 Dec 2021 — A Stack-based Buffer Overflow vulnerability exists in the Tenda AC15 V15.03.05.18_multi device via the list parameter in a post request in goform/SetIpMacBind. Existe una vulnerabilidad de desbordamiento del búfer basada en la pila en el dispositivo Tenda AC15 V15.03.05.18_multi a través del parámetro list en una solicitud posterior en goform/SetIpMacBind • https://github.com/zhlu32/cve/blob/main/tenda/Tenda-ac15-buffer-overflow.md • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 1CVE-2018-14492
https://notcve.org/view.php?id=CVE-2018-14492
21 Jul 2018 — Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI. Los dispositivos Tenda AC7 hasta la versión V15.03.06.44_CN, AC9 hasta la versión V15.03.05.19(6318)_CN y AC10 hasta la versión V15.03.06.23_CN tienen un desbordamiento de búfer basado en pila mediante unos parámetros limitSpeed o limitSpeedup largos en un URI /goform sin especificar. • https://github.com/ZIllR0/Routers/blob/master/Tendaoob1.md • CWE-787: Out-of-bounds Write •