CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2018-14557
https://notcve.org/view.php?id=CVE-2018-14557
25 Apr 2019 — An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A buffer overflow vulnerability exists in the router's web server (httpd). When processing the page parameters for a post request, the value is directly written with sprintf to a local variable placed on the stack, which overrides the return address of the function, a causing buffer overflow. Se de... • https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-03/Tenda.md • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 67%CPEs: 6EXPL: 1CVE-2018-14558 – Tenda AC7, AC9, and AC10 Routers Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2018-14558
30 Oct 2018 — An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted goform/setUsbUnload request. This occurs because the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input. Se ha descubierto un problema en dispositivos Tenda AC7 con firmwa... • https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-01/Tenda.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 1CVE-2018-16333
https://notcve.org/view.php?id=CVE-2018-16333
02 Sep 2018 — An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server. While processing the ssid parameter for a POST request, the value is directly used in a sprintf call to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow. Se ha descubierto un problema en dispositivos Tenda AC7 V... • https://github.com/ZIllR0/Routers/blob/master/Tenda/oob1.md • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 12%CPEs: 4EXPL: 1CVE-2018-16334
https://notcve.org/view.php?id=CVE-2018-16334
02 Sep 2018 — An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection. "Se ha descubierto un problema en dispositivos Tenda AC9 V15.03.05.19(6318)_CN y AC10 V15.03.06.23_CN. El parámetro mac en una petición POST se emplea directamente en una llamada doSystemCmd, provocando la inyección de comandos del sistema operativo." • https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-04/tenda.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 1CVE-2018-14492
https://notcve.org/view.php?id=CVE-2018-14492
21 Jul 2018 — Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI. Los dispositivos Tenda AC7 hasta la versión V15.03.06.44_CN, AC9 hasta la versión V15.03.05.19(6318)_CN y AC10 hasta la versión V15.03.06.23_CN tienen un desbordamiento de búfer basado en pila mediante unos parámetros limitSpeed o limitSpeedup largos en un URI /goform sin especificar. • https://github.com/ZIllR0/Routers/blob/master/Tendaoob1.md • CWE-787: Out-of-bounds Write •