CVE-2023-38936
https://notcve.org/view.php?id=CVE-2023-38936
Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6, AC9 V3.0 V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function. • https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetSpeedWan/README.md • CWE-787: Out-of-bounds Write •
CVE-2023-38937
https://notcve.org/view.php?id=CVE-2023-38937
Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, AC9 V3.0 V15.03.06.42_multi and AC10 v4.0 V16.03.10.13 were discovered to contain a stack overflow via the list parameter in the formSetVirtualSer function. • https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetVirtualSer/README.md • CWE-787: Out-of-bounds Write •
CVE-2022-40010 – Tenda AC6 AC1200 15.03.06.50_multi Cross Site Scripting
https://notcve.org/view.php?id=CVE-2022-40010
Tenda AC6 AC1200 Smart Dual-Band WiFi Router 15.03.06.50_multi was discovered to contain a cross-site scripting (XSS) vulnerability via the deviceId parameter in the Parental Control module. Tenda AC6 AC1200 version 15.03.06.50_multi suffers from a persistent cross site scripting vulnerability. • http://packetstormsecurity.com/files/173029/Tenda-AC6-AC1200-15.03.06.50_multi-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-2923 – Tenda AC6 fromDhcpListClient stack-based overflow
https://notcve.org/view.php?id=CVE-2023-2923
A vulnerability classified as critical was found in Tenda AC6 US_AC6V1.0BR_V15.03.05.19. Affected by this vulnerability is the function fromDhcpListClient. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/GleamingEyes/vul/blob/main/1.md https://vuldb.com/?ctiid.230077 https://vuldb.com/?id.230077 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2023-26976
https://notcve.org/view.php?id=CVE-2023-26976
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function. • https://github.com/FzBacon/CVE-2023-26976_tenda_AC6_stack_overflow https://github.com/Funcy33/Vluninfo_Repo/tree/main/CNVDs/AC6/205_1 • CWE-787: Out-of-bounds Write •