CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2019-19505
https://notcve.org/view.php?id=CVE-2019-19505
Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the "Wireless" section in the web-UI. By sending a specially crafted hostname, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. El extensor Tenda PA6 Wi-Fi Powerline versión 1.0.1.21, es vulnerable a un desbordamiento del búfer en la región stack de la memoria, causado por una comprobación incorrecta de límites mediante la sección "Wireless" ??en la Interfaz de Usuario Web. Mediante el envío de un nombre de host especialmente diseñado, un atacante remoto podría desbordar un búfer y ejecutar código arbitrario en el sistema o causar que la aplicación se bloquee • https://securityintelligence.com/posts/vulnerable-powerline-extenders-underline-lax-iot-security • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-19506
https://notcve.org/view.php?id=CVE-2019-19506
Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a denial of service, caused by an error in the "homeplugd" process. By sending a specially crafted UDP packet, an attacker could exploit this vulnerability to cause the device to reboot. El extensor Tenda PA6 Wi-Fi Powerline versión 1.0.1.21, es vulnerable a una denegación de servicio, causada por un error en el proceso "homeplugd". Mediante el envío de un paquete UDP especialmente diseñado, un atacante podría aprovechar esta vulnerabilidad para hacer que el dispositivo se reinicie • https://securityintelligence.com/posts/vulnerable-powerline-extenders-underline-lax-iot-security • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.0EPSS: 1%CPEs: 2EXPL: 1CVE-2019-16213
https://notcve.org/view.php?id=CVE-2019-16213
Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted string, an attacker could modify the device name of an attached PLC adapter to inject and execute arbitrary commands on the system with root privileges. El extensor Tenda PA6 Wi-Fi Powerline versión 1.0.1.21, podría permitir a un atacante autenticado remoto ejecutar comandos arbitrarios en el sistema. Mediante el envío de una cadena especialmente diseñada, un atacante podría modificar el nombre del dispositivo de un adaptador de PLC anexo para inyectar y ejecutar comandos arbitrarios sobre el sistema con privilegios root • https://securityintelligence.com/posts/vulnerable-powerline-extenders-underline-lax-iot-security • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 1CVE-2020-13389
https://notcve.org/view.php?id=CVE-2020-13389
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/openSchedWifi schedStartTime and schedEndTime parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. Se detectó un problema en dispositivos Tenda AC6 versiones V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, y AC18 V15.03.05.19 (6318_)_CN. • https://joel-malwarebenchmark.github.io https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13389-Tenda-vulnerability • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 2CVE-2020-13390
https://notcve.org/view.php?id=CVE-2020-13390
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/addressNat entrys and mitInterface parameters for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. Se detectó un problema en dispositivos Tenda AC6 versiones V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, y AC18 V15.03.05.19 (6318_)_CN. • https://joel-malwarebenchmark.github.io https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13390-Tenda-vulnerability • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •