CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-27061
https://notcve.org/view.php?id=CVE-2023-27061
Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the wifiFilterListRemark parameter in the modifyWifiFilterRules function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. • https://github.com/didi-zhiyuan/vuln/blob/main/iot/Tenda/W15EV1/formWifiFilterRulesModify.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-27064
https://notcve.org/view.php?id=CVE-2023-27064
Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the index parameter in the formDelDnsForward function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. • https://github.com/didi-zhiyuan/vuln/blob/main/iot/Tenda/W15EV1/formDelDnsForward.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-27063
https://notcve.org/view.php?id=CVE-2023-27063
Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the DNSDomainName parameter in the formModifyDnsForward function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. • https://github.com/didi-zhiyuan/vuln/blob/main/iot/Tenda/W15EV1/formModifyDnsForward.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1CVE-2022-45997
https://notcve.org/view.php?id=CVE-2022-45997
Tenda W20E V16.01.0.6(3392) is vulnerable to Buffer Overflow. Tenda W20E V16.01.0.6(3392) es vulnerable al desbordamiento de búfer. • https://github.com/bugfinder0/public_bug/tree/main/tenda/w20e/1 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1CVE-2022-45996
https://notcve.org/view.php?id=CVE-2022-45996
Tenda W20E V16.01.0.6(3392) is vulnerable to Command injection via cmd_get_ping_output. Tenda W20E V16.01.0.6(3392) es vulnerable a la inyección de comandos a través de cmd_get_ping_output. • https://github.com/bugfinder0/public_bug/tree/main/tenda/w20e/2 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •