CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-52273 – Denial of Service on Tenda AC6V2 Due To Stack Overflow
https://notcve.org/view.php?id=CVE-2024-52273
04 Dec 2024 — Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (setDoublePppoeConfig->guest_ip_check(overflow arg: mask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50 Vulnerabilidad de desbordamiento de búfer en la región stack de la memoria en los módulos Shenzhen Tenda Technology Co Tenda AC6V2 (setDoublePppoeConfig->guest_ip_check(overflow arg: mask) permite desbordamientos de búfer. Este problema afecta a Tenda AC6V2: hasta 15.03.06.50 • https://www.vulsec.org/advisories • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-52272 – Denial of Service on Tenda AC6V2 Due To Stack Overflow
https://notcve.org/view.php?id=CVE-2024-52272
04 Dec 2024 — Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (fromAdvSetLanip(overflow arg:lanMask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50 Vulnerabilidad de desbordamiento de búfer en la región stack de la memoria en Shenzhen Tenda Technology Co Tenda AC6V2 (fromAdvSetLanip(overflow arg:lanMask) modules) permite desbordamientos de búfer. Este problema afecta a Tenda AC6V2: hasta 15.03.06.50 • https://www.vulsec.org/advisories • CWE-121: Stack-based Buffer Overflow •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2024-12002 – Tenda FH451/FH1201/FH1202/FH1206 GetIPTV websReadEvent null pointer dereference
https://notcve.org/view.php?id=CVE-2024-12002
30 Nov 2024 — A vulnerability classified as problematic was found in Tenda FH451, FH1201, FH1202 and FH1206 up to 20241129. Affected by this vulnerability is the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Kalvin2077/tenda-fh-cve • CWE-404: Improper Resource Shutdown or Release CWE-476: NULL Pointer Dereference •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11745 – Tenda AC8 SetStaticRouteCfg route_static_check stack-based overflow
https://notcve.org/view.php?id=CVE-2024-11745
26 Nov 2024 — A vulnerability was found in Tenda AC8 16.03.34.09 and classified as critical. Affected by this issue is the function route_static_check of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://tasty-foxtrot-3a8.notion.site/Tenda-AC8v4-route_static_check-stack-overflow-1460448e6195803087a5d39755d2bb6b?pvs=74 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11650 – Tenda i9 GetIPTV websReadEvent null pointer dereference
https://notcve.org/view.php?id=CVE-2024-11650
25 Nov 2024 — A vulnerability was found in Tenda i9 1.0.0.8(3828) and classified as critical. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/xiaobor123/tenda-vul-i9 • CWE-404: Improper Resource Shutdown or Release CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52789
https://notcve.org/view.php?id=CVE-2024-52789
19 Nov 2024 — Tenda W30E v2.0 V16.01.0.8 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root. • https://colorful-meadow-5b9.notion.site/W30E_HardCode_vuln-13dc216a1c30805998f8d994f966760a • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11248 – Tenda AC10 SetSysAutoRebbotCfg formSetRebootTimer stack-based overflow
https://notcve.org/view.php?id=CVE-2024-11248
15 Nov 2024 — A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. Affected by this issue is the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://tasty-foxtrot-3a8.notion.site/Tenda-AC10v4-formSetRebootTimer-stack-overflow-13d0448e619580bf8ab1df7cfb6c018b • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50854
https://notcve.org/view.php?id=CVE-2024-50854
13 Nov 2024 — Tenda G3 v3.0 v15.11.0.20 was discovered to contain a stack overflow via the formSetPortMapping function. • https://github.com/zp9080/Tenda/blob/main/Tenda-G3v3.0%20V15.11.0.20-formSetPortMapping/overview.md • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11061 – Tenda AC10 fast_setting_wifi_set FUN_0044db3c stack-based overflow
https://notcve.org/view.php?id=CVE-2024-11061
11 Nov 2024 — A vulnerability classified as critical was found in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function FUN_0044db3c of the file /goform/fast_setting_wifi_set. The manipulation of the argument timeZone leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://tasty-foxtrot-3a8.notion.site/Tenda-AC10v4-FUN_0044db3c-stack-overflow-13a0448e619580ae96fee2899545e159 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11056 – Tenda AC10 WifiExtraSet FUN_0046AC38 stack-based overflow
https://notcve.org/view.php?id=CVE-2024-11056
10 Nov 2024 — A vulnerability, which was classified as critical, was found in Tenda AC10 16.03.10.13. Affected is the function FUN_0046AC38 of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://tasty-foxtrot-3a8.notion.site/Tenda-AC10v4-stack-overflow-1380448e619580409bb1e1ac85f45570 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •