CVE-2023-30378
https://notcve.org/view.php?id=CVE-2023-30378
In Tenda AC15 V15.03.05.19, the function "sub_8EE8" contains a stack-based buffer overflow vulnerability. • https://github.com/2205794866/Tenda/blob/main/AC15/5.md • CWE-787: Out-of-bounds Write •
CVE-2022-44156
https://notcve.org/view.php?id=CVE-2022-44156
Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetIpMacBind. Tenda AC15 V15.03.05.19 es vulnerable al desbordamiento del búfer a través de la función formSetIpMacBind. • https://drive.google.com/file/d/1dbMwByl40uqMiSv_DOEW8pFjRhGX-j97/view?usp=sharing • CWE-787: Out-of-bounds Write •
CVE-2022-43259
https://notcve.org/view.php?id=CVE-2022-43259
Tenda AC15 V15.03.05.18 was discovered to contain a stack overflow via the timeZone parameter in the form_fast_setting_wifi_set function. Se ha detectado que Tenda AC15 versión V15.03.05.18, contiene un desbordamiento de pila por medio del parámetro timeZone en la función form_fast_setting_wifi_set • https://drive.google.com/file/d/1VjYjZKv7MJ69hGPG-xD0xublUw-taq4w/view?usp=sharing • CWE-787: Out-of-bounds Write •
CVE-2022-40851
https://notcve.org/view.php?id=CVE-2022-40851
Tenda AC15 V15.03.05.19 contained a stack overflow via the function fromAddressNat. Tenda AC15 versión V15.03.05.19, contiene un desbordamiento de pila por medio de la función fromAddressNat. • https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC15/addressNat.md • CWE-787: Out-of-bounds Write •
CVE-2020-15916
https://notcve.org/view.php?id=CVE-2020-15916
goform/AdvSetLanip endpoint on Tenda AC15 AC1900 15.03.05.19 devices allows remote attackers to execute arbitrary system commands via shell metacharacters in the lanIp POST parameter. El endpoint goform/AdvSetLanip en los dispositivos Tenda AC15 AC1900 versiones 15.03.05.19, permite a atacantes remotos ejecutar comandos arbitrarios del sistema por medio de metacaracteres de shell en el parámetro lanIp POST • https://github.com/geniuszlyy/CVE-2020-15916 https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •