CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-40860
https://notcve.org/view.php?id=CVE-2022-40860
23 Sep 2022 — Tenda AC15 router V15.03.05.19 contains a stack overflow vulnerability in the function formSetQosBand->FUN_0007dd20 with request /goform/SetNetControlList El router Tenda AC15 versión V15.03.05.19, contiene una vulnerabilidad de desbordamiento de pila en la función formSetQosBand-)FUN_0007dd20 con la petición /goform/SetNetControlList • https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC15/formSetQosBand.md • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 2CVE-2022-40862
https://notcve.org/view.php?id=CVE-2022-40862
23 Sep 2022 — Tenda AC15 and AC18 router V15.03.05.19 contains stack overflow vulnerability in the function fromNatStaticSetting with the request /goform/NatStaticSetting Los routers Tenda AC15 y AC18 versiones V15.03.05.19 contienen una vulnerabilidad de desbordamiento de pila en la función fromNatStaticSetting con la petición /goform/NatStaticSetting • https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC15/fromNatStaticSetting.md • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 2CVE-2022-40864
https://notcve.org/view.php?id=CVE-2022-40864
23 Sep 2022 — Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function setSmartPowerManagement with the request /goform/PowerSaveSet Los routers Tenda AC15 y AC18 versiones V15.03.05.19, contienen vulnerabilidades de desbordamiento de pila en la función setSmartPowerManagement con la petición /goform/PowerSaveSet • https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC15/setSmartPowerManagement.md • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 2CVE-2022-40865
https://notcve.org/view.php?id=CVE-2022-40865
23 Sep 2022 — Tenda AC15 and AC18 routers V15.03.05.19 contain heap overflow vulnerabilities in the function setSchedWifi with the request /goform/openSchedWifi/ Los routers Tenda AC15 y AC18 V15.03.05.19, contienen vulnerabilidades de desbordamiento de pila en la función setSchedWifi con la petición /goform/openSchedWifi/ • https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC15/setSchedWifi.md • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 2CVE-2022-40869
https://notcve.org/view.php?id=CVE-2022-40869
23 Sep 2022 — Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function fromDhcpListClient with a combined parameter "list*" ("%s%d","list"). Los routers Tenda AC15 y AC18 V15.03.05.19, contienen vulnerabilidades de desbordamiento de pila en la función fromDhcpListClient con un parámetro combinado "list*" ("%s%d", "list"). • https://github.com/CPSeek/Router-vuls/blob/main/Tenda/AC15/fromDhcpListClient-list.md • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-38326
https://notcve.org/view.php?id=CVE-2022-38326
15 Sep 2022 — Tenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router V15.03.05.19_multi were discovered to contain a buffer overflow via the page parameter at /goform/NatStaticSetting. Se ha detectado que los routers WiFi Tenda AC15 V15.03.05.19_multi y AC18 V15.03.05.19_multi, contienen un desbordamiento de búfer por medio del parámetro de página en /goform/NatStaticSetting • https://github.com/1160300418/Vuls/blob/main/Tenda/AC/Vul_NatStaticSetting.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-38325
https://notcve.org/view.php?id=CVE-2022-38325
15 Sep 2022 — Tenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router V15.03.05.19_multi were discovered to contain a buffer overflow via the filePath parameter at /goform/expandDlnaFile. Se ha detectado que los routers WiFi Tenda AC15 versión V15.03.05.19_multi y AC18 versión V15.03.05.19_multi, contienen un desbordamiento de búfer por medio del parámetro filePath en /goform/expandDlnaFile • https://github.com/1160300418/Vuls/blob/main/Tenda/AC/Vul_expandDlnaFile.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 26%CPEs: 2EXPL: 3CVE-2020-15916
https://notcve.org/view.php?id=CVE-2020-15916
23 Jul 2020 — goform/AdvSetLanip endpoint on Tenda AC15 AC1900 15.03.05.19 devices allows remote attackers to execute arbitrary system commands via shell metacharacters in the lanIp POST parameter. El endpoint goform/AdvSetLanip en los dispositivos Tenda AC15 AC1900 versiones 15.03.05.19, permite a atacantes remotos ejecutar comandos arbitrarios del sistema por medio de metacaracteres de shell en el parámetro lanIp POST • https://github.com/geniuszlyy/CVE-2020-15916 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 96%CPEs: 2EXPL: 1CVE-2020-10987 – Tenda AC1900 Router AC15 Model Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-10987
13 Jul 2020 — The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter. El endpoint goform/setUsbUnload de Tenda AC15 AC1900 versión 15.03.05.19, permite a atacantes remotos ejecutar comandos del sistema arbitrarios por medio del parámetro POST deviceName Tenda AC1900 Router AC15 Model contains an unspecified vulnerability that allows remote attackers to execute system commands via the deviceName POST parameter... • https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2020-10989
https://notcve.org/view.php?id=CVE-2020-10989
13 Jul 2020 — An XSS issue in the /goform/WifiBasicSet endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute malicious payloads via the WifiName POST parameter. Un problema de tipo XSS en el endpoint /goform/WifiBasicSet de Tenda AC15 AC1900 versión 15.03.05.19, permite a atacantes remotos ejecutar cargas maliciosas por medio del parámetro POST WifiName • https://blog.securityevaluators.com/tenda-ac1900-vulnerabilities-discovered-and-exploited-e8e26aa0bc68 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •