CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2901 – Tenda AC7 openSchedWifi setSchedWifi stack-based overflow
https://notcve.org/view.php?id=CVE-2024-2901
A vulnerability has been found in Tenda AC7 15.03.06.44 and classified as critical. This vulnerability affects the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedEndTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/setSchedWifi.md https://vuldb.com/?ctiid.257944 https://vuldb.com/?id.257944 https://vuldb.com/?submit.300367 • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2900 – Tenda AC7 saveParentControlInfo stack-based overflow
https://notcve.org/view.php?id=CVE-2024-2900
A vulnerability, which was classified as critical, was found in Tenda AC7 15.03.06.44. This affects the function saveParentControlInfo of the file /goform/saveParentControlInfo. The manipulation of the argument deviceId/time/urls leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/saveParentControlInfo_deviceId.md https://vuldb.com/?ctiid.257943 https://vuldb.com/?id.257943 https://vuldb.com/?submit.300364 • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 5CVE-2024-2899 – Tenda AC7 WifiExtraSet fromSetWirelessRepeat stack-based overflow
https://notcve.org/view.php?id=CVE-2024-2899
A vulnerability, which was classified as critical, has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Stuub/CVE-2024-28995 https://github.com/HussainFathy/CVE-2024-28999 https://github.com/0xc4t/CVE-2024-28995 https://github.com/Praison001/CVE-2024-28995-SolarWinds-Serv-U https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/fromSetWirelessRepeat.md https://vuldb.com/?ctiid.257942 https://vuldb.com/?id.257942 https://vuldb.com/?submit.300362 • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2898 – Tenda AC7 SetStaticRouteCfg fromSetRouteStatic stack-based overflow
https://notcve.org/view.php?id=CVE-2024-2898
A vulnerability classified as critical was found in Tenda AC7 15.03.06.44. Affected by this vulnerability is the function fromSetRouteStatic of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/fromSetRouteStatic.md https://vuldb.com/?ctiid.257941 https://vuldb.com/?id.257941 https://vuldb.com/?submit.300361 • CWE-121: Stack-based Buffer Overflow •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2897 – Tenda AC7 WriteFacMac formWriteFacMac os command injection
https://notcve.org/view.php?id=CVE-2024-2897
A vulnerability classified as critical has been found in Tenda AC7 15.03.06.44. Affected is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/formWriteFacMac.md https://vuldb.com/?ctiid.257940 https://vuldb.com/?id.257940 https://vuldb.com/?submit.300360 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •