CVSS: 9.8EPSS: 2%CPEs: 4EXPL: 0CVE-2020-24987
https://notcve.org/view.php?id=CVE-2020-24987
04 Sep 2020 — Tenda AC18 Router through V15.03.05.05_EN and through V15.03.05.19(6318) CN devices could cause a remote code execution due to incorrect authentication handling of vulnerable logincheck() function in /usr/lib/lua/ngx_authserver/ngx_wdas.lua file if the administrator UI Interface is set to "radius". El enrutador Tenda AC18 versiones hasta V15.03.05.05_EN y versiones hasta V15.03.05.19(6318), los dispositivos CN podrían causar una ejecución remota de código debido a un manejo de autenticación incorrecto de la... • https://cwe.mitre.org/data/definitions/287.html • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 2%CPEs: 10EXPL: 1CVE-2020-13389
https://notcve.org/view.php?id=CVE-2020-13389
22 May 2020 — An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/openSchedWifi schedStartTime and schedEndTime parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a funct... • https://joel-malwarebenchmark.github.io • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 2%CPEs: 10EXPL: 2CVE-2020-13390
https://notcve.org/view.php?id=CVE-2020-13390
22 May 2020 — An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/addressNat entrys and mitInterface parameters for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An at... • https://joel-malwarebenchmark.github.io • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 2%CPEs: 10EXPL: 2CVE-2020-13391
https://notcve.org/view.php?id=CVE-2020-13391
22 May 2020 — An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/SetSpeedWan speed_dir parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can con... • https://joel-malwarebenchmark.github.io • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 2%CPEs: 10EXPL: 2CVE-2020-13392
https://notcve.org/view.php?id=CVE-2020-13392
22 May 2020 — An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/setcfm funcpara1 parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construc... • https://joel-malwarebenchmark.github.io • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 2%CPEs: 10EXPL: 2CVE-2020-13393
https://notcve.org/view.php?id=CVE-2020-13393
22 May 2020 — An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/saveParentControlInfo deviceId and time parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. A... • https://joel-malwarebenchmark.github.io • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 2%CPEs: 10EXPL: 2CVE-2020-13394
https://notcve.org/view.php?id=CVE-2020-13394
22 May 2020 — An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/SetNetControlList list parameter for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can con... • https://joel-malwarebenchmark.github.io • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 1CVE-2018-16333
https://notcve.org/view.php?id=CVE-2018-16333
02 Sep 2018 — An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server. While processing the ssid parameter for a POST request, the value is directly used in a sprintf call to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow. Se ha descubierto un problema en dispositivos Tenda AC7 V... • https://github.com/ZIllR0/Routers/blob/master/Tenda/oob1.md • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 1CVE-2018-14492
https://notcve.org/view.php?id=CVE-2018-14492
21 Jul 2018 — Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI. Los dispositivos Tenda AC7 hasta la versión V15.03.06.44_CN, AC9 hasta la versión V15.03.05.19(6318)_CN y AC10 hasta la versión V15.03.06.23_CN tienen un desbordamiento de búfer basado en pila mediante unos parámetros limitSpeed o limitSpeedup largos en un URI /goform sin especificar. • https://github.com/ZIllR0/Routers/blob/master/Tendaoob1.md • CWE-787: Out-of-bounds Write •