CVSS: 10.0EPSS: 0%CPEs: 16EXPL: 1CVE-2023-37716
https://notcve.org/view.php?id=CVE-2023-37716
14 Jul 2023 — Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromNatStaticSetting. • https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/fromNatStaticSetting/report.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 16EXPL: 1CVE-2023-37717
https://notcve.org/view.php?id=CVE-2023-37717
14 Jul 2023 — Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromDhcpListClient. • https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/fromDhcpListClient/repot.md • CWE-787: Out-of-bounds Write •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 1CVE-2022-36571
https://notcve.org/view.php?id=CVE-2022-36571
31 Aug 2022 — Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the mask parameter at /goform/WanParameterSetting. Se ha detectado que Tenda AC9 versión V15.03.05.19, contiene un desbordamiento de pila por medio del parámetro mask en /goform/WanParameterSetting • https://github.com/CyberUnicornIoT/IoTvuln/blob/main/Tenda_ac9/2/tenda_ac9_WanParameterSetting.md • CWE-787: Out-of-bounds Write •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 1CVE-2022-36570
https://notcve.org/view.php?id=CVE-2022-36570
31 Aug 2022 — Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the time parameter at /goform/SetLEDCfg. Se ha detectado que Tenda AC9 versión V15.03.05.19, contenía un desbordamiento de pila por medio del parámetro time en /goform/SetLEDCfg • https://github.com/CyberUnicornIoT/IoTvuln/blob/main/Tenda_ac9/1/tenda_ac9_SetLEDCfg.md • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-36569
https://notcve.org/view.php?id=CVE-2022-36569
31 Aug 2022 — Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg. Se ha detectado que Tenda AC9 versión V15.03.05.19, contenía un desbordamiento de pila por el parámetro deviceList en /goform/setMacFilterCfg • https://github.com/CyberUnicornIoT/IoTvuln/blob/main/Tenda_ac9/4/tenda_ac9_setMacFilterCfg.md • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-36568
https://notcve.org/view.php?id=CVE-2022-36568
31 Aug 2022 — Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the list parameter at /goform/setPptpUserList. Se ha detectado que Tenda AC9 versión V15.03.05.19, contiene un desbordamiento de pila por medio del parámetro list en /goform/setPptpUserList • https://github.com/CyberUnicornIoT/IoTvuln/blob/main/Tenda_ac9/3/tenda_ac9_setPptpUserList.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2022-36273
https://notcve.org/view.php?id=CVE-2022-36273
16 Aug 2022 — Tenda AC9 V15.03.2.21_cn is vulnerable to command injection via goform/SetSysTimeCfg. Tenda AC9 versión V15.03.2.21_cn, es vulnerable a una inyección de comandos por medio de goform/SetSysTimeCfg. • https://github.com/F0und-icu/CVEIDs/tree/main/TendaAC9 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2021-42659
https://notcve.org/view.php?id=CVE-2021-42659
24 May 2022 — There is a buffer overflow vulnerability in the Web server httpd of the router in Tenda router devices such as Tenda AC9 V1.0 V15.03.02.19(6318) and Tenda AC9 V3.0 V15.03.06.42_multi. When setting the virtual service, the httpd program will crash and exit when the super-long list parameter occurs. Se presenta una vulnerabilidad de desbordamiento de búfer en el servidor web httpd del router en los dispositivos de router Tenda, como Tenda AC9 versión V1.0 V15.03.02.19(6318) y Tenda AC9 versión V3.0 V15.03.06.... • https://github.com/Lyc-heng/routers/blob/main/routers/stack4.md • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-28560
https://notcve.org/view.php?id=CVE-2022-28560
03 May 2022 — There is a stack overflow vulnerability in the goform/fast_setting_wifi_set function in the httpd service of Tenda ac9 15.03.2.21_cn router. An attacker can obtain a stable shell through a carefully constructed payload Se presenta una vulnerabilidad de desbordamiento de pila en la función goform/fast_setting_wifi_set del servicio httpd del router Tenda ac9 versión 15.03.2.21_cn. Un atacante puede obtener un shell estable mediante una carga útil cuidadosamente construida • https://github.com/iot-firmeware/-Router-vulnerability/tree/main/Tenda%20AC9 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-27022
https://notcve.org/view.php?id=CVE-2022-27022
07 Apr 2022 — There is a stack overflow vulnerability in the SetSysTimeCfg() function in the httpd service of Tenda AC9 V15.03.2.21_cn. The attacker can obtain a stable root shell through a constructed payload. Se presenta una vulnerabilidad de desbordamiento de pila en la función SetSysTimeCfg() del servicio httpd de Tenda AC9 versión V15.03.2.21_cn. El atacante puede obtener un shell de root estable mediante una carga útil construida • https://github.com/EPhaha/IOT_vuln/tree/main/Tenda/AC9/14 • CWE-787: Out-of-bounds Write •