CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 2CVE-2018-14497 – Tenda ADSL Router D152 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-14497
Tenda D152 ADSL routers allow XSS via a crafted SSID. Los routers ADSL Tenda D152 permiten Cross-Site Scripting (XSS) mediante un SSID manipulado. Tenda ADSL router D152 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/45336 https://sandipdeyhack7.blogspot.com/2018/07/cve-2018-14497-tenda-d152-adsl-routers_24.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 1CVE-2018-14492
https://notcve.org/view.php?id=CVE-2018-14492
Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI. Los dispositivos Tenda AC7 hasta la versión V15.03.06.44_CN, AC9 hasta la versión V15.03.05.19(6318)_CN y AC10 hasta la versión V15.03.06.23_CN tienen un desbordamiento de búfer basado en pila mediante unos parámetros limitSpeed o limitSpeedup largos en un URI /goform sin especificar. • https://github.com/ZIllR0/Routers/blob/master/Tendaoob1.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2018-5768
https://notcve.org/view.php?id=CVE-2018-5768
A remote, unauthenticated attacker can gain remote code execution on the the Tenda AC15 router with a specially crafted password parameter for the COOKIE header. Un atacante remoto no autenticado puede obtener ejecución remota de código en el router Tenda AC15 con un parámetro de contraseña especialmente manipulado para la cabecera COOKIE. • https://www.fidusinfosec.com/tenda-ac15-hard-coded-accounts-cve-2018-5768 • CWE-798: Use of Hard-coded Credentials •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2018-5770
https://notcve.org/view.php?id=CVE-2018-5770
An issue was discovered on Tenda AC15 devices. A remote, unauthenticated attacker can make a request to /goform/telnet, creating a telnetd service on the device. This service is password protected; however, several default accounts exist on the device that are root accounts, which can be used to log in. Se ha descubierto un problema en dispositivos Tenda AC15. Un atacante remoto no autenticado puede hacer una petición en /goform/telnet, creando un servicio telnetd en el dispositivo. • https://www.fidusinfosec.com/tenda-ac15-unauthenticated-telnetd-start-cve-2018-5770 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2018-7561
https://notcve.org/view.php?id=CVE-2018-7561
Stack-based Buffer Overflow in httpd on Tenda AC9 devices V15.03.05.14_EN allows remote attackers to cause a denial of service or possibly have unspecified other impact. Desbordamiento de búfer basado en pila en httpd en dispositivos Tenda AC9 V15.03.05.14_EN permite que atacantes remotos provoquen una denegación de servicio (DoS) u otro tipo de impacto sin especificar. • https://github.com/VulDetailsPublication/Poc/tree/master/Tenda/AC9 • CWE-787: Out-of-bounds Write •