CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2023-41563
https://notcve.org/view.php?id=CVE-2023-41563
30 Aug 2023 — Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter mac at url /goform/GetParentControlInfo. • https://github.com/peris-navince/founded-0-days/blob/main/GetParentControlInfo/1.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 1CVE-2023-38930
https://notcve.org/view.php?id=CVE-2023-38930
07 Aug 2023 — Tenda AC7 V1.0,V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0,V15.03.06.28, AC9 V3.0,V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function. • https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/addWifiMacFilter/README.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 18EXPL: 1CVE-2023-38933
https://notcve.org/view.php?id=CVE-2023-38933
07 Aug 2023 — Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6 and AC9 V3.0 V15.03.06.42_multi, and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function. • https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetClientState/README.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 1CVE-2023-38935
https://notcve.org/view.php?id=CVE-2023-38935
07 Aug 2023 — Tenda AC1206 V15.03.06.23, AC8 V4 V16.03.34.06, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and AC9 V3.0 V15.03.06.42_multi were discovered to contain a tack overflow via the list parameter in the formSetQosBand function. • https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetQosBand/README.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 18EXPL: 1CVE-2023-38936
https://notcve.org/view.php?id=CVE-2023-38936
07 Aug 2023 — Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6, AC9 V3.0 V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function. • https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetSpeedWan/README.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 16EXPL: 1CVE-2023-38937
https://notcve.org/view.php?id=CVE-2023-38937
07 Aug 2023 — Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, AC9 V3.0 V15.03.06.42_multi and AC10 v4.0 V16.03.10.13 were discovered to contain a stack overflow via the list parameter in the formSetVirtualSer function. • https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetVirtualSer/README.md • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2021-42659
https://notcve.org/view.php?id=CVE-2021-42659
24 May 2022 — There is a buffer overflow vulnerability in the Web server httpd of the router in Tenda router devices such as Tenda AC9 V1.0 V15.03.02.19(6318) and Tenda AC9 V3.0 V15.03.06.42_multi. When setting the virtual service, the httpd program will crash and exit when the super-long list parameter occurs. Se presenta una vulnerabilidad de desbordamiento de búfer en el servidor web httpd del router en los dispositivos de router Tenda, como Tenda AC9 versión V1.0 V15.03.02.19(6318) y Tenda AC9 versión V3.0 V15.03.06.... • https://github.com/Lyc-heng/routers/blob/main/routers/stack4.md • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 3%CPEs: 4EXPL: 2CVE-2020-26728
https://notcve.org/view.php?id=CVE-2020-26728
11 Feb 2022 — A vulnerability was discovered in Tenda AC9 v3.0 V15.03.06.42_multi and Tenda AC9 V1.0 V15.03.05.19(6318)_CN which allows for remote code execution via shell metacharacters in the guestuser field to the __fastcall function with a POST request. Se ha detectado una vulnerabilidad en Tenda AC9 versión v3.0 V15.03.06.42_multi y Tenda AC9 versión V1.0 V15.03.05.19(6318)_CN que permite una ejecución de código remota por medio de metacaracteres de shell en el campo guestuser a la función __fastcall con una petició... • https://github.com/Lyc-heng/Router/blob/main/Tenda/rce1.md •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-31627
https://notcve.org/view.php?id=CVE-2021-31627
29 Oct 2021 — Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the index parameter. Una vulnerabilidad de desbordamiento del búfer en Tenda versiones AC9 V1.0 hasta V15.03.05.19(6318), y AC9 V3.0 V15.03.06.42_multi, permite a atacantes ejecutar código arbitrario por medio del parámetro index • http://tenda.com • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-31624
https://notcve.org/view.php?id=CVE-2021-31624
29 Oct 2021 — Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the urls parameter. Una vulnerabilidad de desbordamiento del búfer en Tenda versiones AC9 V1.0 hasta V15.03.05.19(6318), y AC9 V3.0 V15.03.06.42_multi, permite a atacantes ejecutar código arbitrario por medio del parámetro urls • http://tenda.com • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •