CVE-2023-25220
https://notcve.org/view.php?id=CVE-2023-25220
Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the add_white_node function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. • https://github.com/DrizzlingSun/Tenda/blob/main/AC5/7/7.md https://www.dlink.com/en/security-bulletin • CWE-787: Out-of-bounds Write •
CVE-2021-44971
https://notcve.org/view.php?id=CVE-2021-44971
Multiple Tenda devices are affected by authentication bypass, such as AC15V1.0 Firmware V15.03.05.20_multi?AC5V1.0 Firmware V15.03.06.48_multi and so on. an attacker can obtain sensitive information, and even combine it with authenticated command injection to implement RCE. Múltiples dispositivos Tenda están afectados por una omisión de autenticación, como AC15V1.0 Firmware versión V15.03.05.20_multi... AC5V1.0 Firmware versión V15.03.06.48_multi, etc. un atacante puede obtener información confidencial, e incluso combinarla con una inyección de comandos autenticados para implementar RCE • http://ac15v10.com http://tenda.com https://github.com/21Gun5/my_cve/blob/main/tenda/bypass_auth.md • CWE-697: Incorrect Comparison •