CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33181
https://notcve.org/view.php?id=CVE-2024-33181
16 Jul 2024 — Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceMac parameter at ip/goform/addWifiMacFilter. Se descubrió que Tenda AC18 V15.03.3.10_EN contiene una vulnerabilidad de desbordamiento del búfer basada en pila a través del parámetro deviceMac en ip/goform/addWifiMacFilter. • https://palm-vertebra-fe9.notion.site/addWifiMacFilter_2-0f7fab42d4254867b46fe92b25dc7c40 • CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2024-33182
https://notcve.org/view.php?id=CVE-2024-33182
16 Jul 2024 — Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/addWifiMacFilter. Se descubrió que Tenda AC18 V15.03.3.10_EN contiene una vulnerabilidad de desbordamiento del búfer basada en pila a través del parámetro deviceId en ip/goform/addWifiMacFilter. • https://palm-vertebra-fe9.notion.site/addWifiMacFilter_1-067fa6984f0d4933b88c63efd7486479 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2024-35338
https://notcve.org/view.php?id=CVE-2024-35338
16 Jul 2024 — Tenda i29V1.0 V1.0.0.5 was discovered to contain a hardcoded password for root. Se descubrió que Tenda i29V1.0 V1.0.0.5 contenía una contraseña codificada para root. • https://palm-vertebra-fe9.notion.site/hardcode_i29-e1ed38dde00145d9a6be1ad2b4581259 • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2024-40515
https://notcve.org/view.php?id=CVE-2024-40515
16 Jul 2024 — An issue in SHENZHEN TENDA TECHNOLOGY CO.,LTD Tenda AX2pro V16.03.29.48_cn allows a remote attacker to execute arbitrary code via the Routing functionality. Un problema en SHENZHEN TENDA TECHNOLOGY CO.,LTD Tenda AX2pro V16.03.29.48_cn permite a un atacante remoto ejecutar código arbitrario a través de la funcionalidad de enrutamiento. • https://gist.github.com/as-lky/410d6ae5c8ead88c2e0f5c641b2382ec • CWE-940: Improper Verification of Source of a Communication Channel •
CVSS: 10.0EPSS: 16%CPEs: 2EXPL: 1CVE-2024-36604
https://notcve.org/view.php?id=CVE-2024-36604
04 Jun 2024 — Tenda O3V2 v1.0.0.12(3880) was discovered to contain a Blind Command Injection via stpEn parameter in the SetStp function. This vulnerability allows attackers to execute arbitrary commands with root privileges. Se descubrió que Tenda O3V2 v1.0.0.12(3880) contenía una inyección de comando ciego a través del parámetro stpEn en la función SetStp. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios con privilegios de root. • https://exzettabyte.me/blind-command-injection-in-stp-service-on-tenda-o3v2 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30612
https://notcve.org/view.php?id=CVE-2024-30612
28 Mar 2024 — Tenda AC10U v15.03.06.48 has a stack overflow vulnerability in the deviceId, limitSpeed, limitSpeedUp parameter from formSetClientState function. Tenda AC10U v15.03.06.48 tiene una vulnerabilidad de desbordamiento de la región stack de la memoria en el parámetro deviceId, limitSpeed, limitSpeedUp de la función formSetClientState. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.48/more/formSetClientState.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24332
https://notcve.org/view.php?id=CVE-2023-24332
21 Feb 2024 — A stack overflow vulnerability in Tenda AC6 with firmware version US_AC6V5.0re_V03.03.02.01_cn_TDC01 allows attackers to run arbitrary commands via crafted POST request to /goform/PowerSaveSet. Una vulnerabilidad de desbordamiento en la región stack de la memoria en Tenda AC6 con la versión de firmware US_AC6V5.0re_V03.03.02.01_cn_TDC01 permite a los atacantes ejecutar comandos arbitrarios a través de una solicitud POST manipulada para /goform/PowerSaveSet. • https://github.com/caoyebo/CVE/tree/main/Tenda%20AC6%20-%20CVE-2023-24332 • CWE-121: Stack-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2024-24488
https://notcve.org/view.php?id=CVE-2024-24488
07 Feb 2024 — An issue in Shenzen Tenda Technology CP3V2.0 V11.10.00.2311090948 allows a local attacker to obtain sensitive information via the password component. Un problema en Shenzen Tenda Technology CP3V2.0 V11.10.00.2311090948 permite a un atacante local obtener información confidencial a través del componente de contraseña. • https://github.com/minj-ae/CVE-2024-24488 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-0932 – Tenda AC10U setSmartPowerManagement stack-based overflow
https://notcve.org/view.php?id=CVE-2024-0932
26 Jan 2024 — A vulnerability, which was classified as critical, has been found in Tenda AC10U 15.03.06.49_multi_TDE01. This issue affects the function setSmartPowerManagement. The manipulation of the argument time leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/setSmartPowerManagement.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-0931 – Tenda AC10U saveParentControlInfo stack-based overflow
https://notcve.org/view.php?id=CVE-2024-0931
26 Jan 2024 — A vulnerability classified as critical was found in Tenda AC10U 15.03.06.49_multi_TDE01. This vulnerability affects the function saveParentControlInfo. The manipulation of the argument deviceId/time/urls leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/saveParentControlInfo_1.md • CWE-121: Stack-based Buffer Overflow •