CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51409
https://notcve.org/view.php?id=CVE-2024-51409
06 Nov 2024 — Buffer Overflow vulnerability in Tenda O3 v.1.0.0.5 allows a remote attacker to cause a denial of service via a network packet in a fixed format to a router running the corresponding version of the firmware. • https://github.com/fireknight-hJ/Tenda-cve-pocs/blob/main/Tenda%20O3V1.0.0.5%284180%29/websReadEvent.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10750 – Tenda i22 SysToo websReadEvent null pointer dereference
https://notcve.org/view.php?id=CVE-2024-10750
04 Nov 2024 — A vulnerability has been found in Tenda i22 1.0.0.3(4687) and classified as problematic. Affected by this vulnerability is the function websReadEvent of the file /goform/GetIPTV?fgHPOST/goform/SysToo. The manipulation of the argument Content-Length leads to null pointer dereference. The attack can be launched remotely. • https://github.com/xiaobor123/tenda-vul-i22 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10698 – Tenda AC6 SetOnlineDevName formSetDeviceName stack-based overflow
https://notcve.org/view.php?id=CVE-2024-10698
02 Nov 2024 — A vulnerability was found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this issue is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/theRaz0r/iot-mycve/blob/main/tenda_ac6_stackflow_formSetDeviceName/tenda_ac6_stackflow_formSetDeviceName.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 77%CPEs: 1EXPL: 1CVE-2024-10697 – Tenda AC6 API Endpoint WriteFacMac formWriteFacMac command injection
https://notcve.org/view.php?id=CVE-2024-10697
02 Nov 2024 — A vulnerability has been found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac of the component API Endpoint. The manipulation of the argument The leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/theRaz0r/iot-mycve/blob/main/tenda_ac6_rce_WriteFacMac/tenda_ac6_rce_WriteFacMac.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10662 – Tenda AC15 SetOnlineDevName formSetDeviceName stack-based overflow
https://notcve.org/view.php?id=CVE-2024-10662
01 Nov 2024 — A vulnerability was found in Tenda AC15 15.03.05.19 and classified as critical. This issue affects the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/theRaz0r/iot-mycve/blob/main/tenda_ac15_stackflow_formSetDeviceName/tenda_ac15_stackflow_formSetDeviceName.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10661 – Tenda AC15 SetDlnaCfg stack-based overflow
https://notcve.org/view.php?id=CVE-2024-10661
01 Nov 2024 — A vulnerability has been found in Tenda AC15 15.03.05.19 and classified as critical. This vulnerability affects the function SetDlnaCfg of the file /goform/SetDlnaCfg. The manipulation of the argument scanList leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/theRaz0r/iot-mycve/blob/main/tenda_ac15_stackflow_formDLNAserver/tenda_ac15_stackflow_formDLNAserver.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10434 – Tenda AC1206 ate ate_Tenda_mfg_check_usb3 stack-based overflow
https://notcve.org/view.php?id=CVE-2024-10434
28 Oct 2024 — A vulnerability was found in Tenda AC1206 up to 20241027. It has been classified as critical. This affects the function ate_Tenda_mfg_check_usb/ate_Tenda_mfg_check_usb3 of the file /goform/ate. The manipulation of the argument arg leads to stack-based buffer overflow. It is possible to initiate the attack remotely. • https://github.com/physicszq/Routers/blob/main/Tenda/README.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10351 – Tenda RX9 Pro POST Request setMacFilterCfg sub_424CE0 stack-based overflow
https://notcve.org/view.php?id=CVE-2024-10351
24 Oct 2024 — A vulnerability was found in Tenda RX9 Pro 22.03.02.20. It has been rated as critical. This issue affects the function sub_424CE0 of the file /goform/setMacFilterCfg of the component POST Request Handler. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. • https://gitee.com/GXB0_0/iot-vul/blob/master/Tenda/RX9/20/setMacFilterCfg.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2024-10283 – Tenda RX9/RX9 Pro SetNetControlList sub_4337EC stack-based overflow
https://notcve.org/view.php?id=CVE-2024-10283
23 Oct 2024 — A vulnerability, which was classified as critical, has been found in Tenda RX9 and RX9 Pro 22.03.02.20. Affected by this issue is the function sub_4337EC of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://gitee.com/GXB0_0/iot-vul/blob/master/Tenda/RX9/20/SetNetControlList.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 1CVE-2024-10282 – Tenda RX9/RX9 Pro SetVirtualServerCfg sub_42EA38 stack-based overflow
https://notcve.org/view.php?id=CVE-2024-10282
23 Oct 2024 — A vulnerability classified as critical was found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. Affected by this vulnerability is the function sub_42EA38 of the file /goform/SetVirtualServerCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://gitee.com/GXB0_0/iot-vul/blob/master/Tenda/RX9/20/SetVirtualServerCfg.md • CWE-121: Stack-based Buffer Overflow •