CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10123 – Tenda AC8 saveParentControlInfo compare_parentcontrol_time stack-based overflow
https://notcve.org/view.php?id=CVE-2024-10123
18 Oct 2024 — A vulnerability was found in Tenda AC8 16.03.34.06. It has been declared as critical. Affected by this vulnerability is the function compare_parentcontrol_time of the file /goform/saveParentControlInfo. The manipulation of the argument time leads to stack-based buffer overflow. The attack can be launched remotely. • https://github.com/JohenanLi/router_vuls/blob/main/ac8v4/compare_parentcontrol_time_vul.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48192
https://notcve.org/view.php?id=CVE-2024-48192
17 Oct 2024 — Tenda G3 v15.01.0.5(2848_755)_EN was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root • https://colorful-meadow-5b9.notion.site/G3_HardCode_vuln-6b5ae19473b745d7abe5e01b4529caf8?pvs=4 • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 1%CPEs: 24EXPL: 1CVE-2024-9793 – Tenda AC1206 ate ate_ifconfig_set command injection
https://notcve.org/view.php?id=CVE-2024-9793
10 Oct 2024 — A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. This vulnerability affects the function ate_iwpriv_set/ate_ifconfig_set of the file /goform/ate. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/ixout/iotVuls/blob/main/Tenda/ac1206_003/report.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46628
https://notcve.org/view.php?id=CVE-2024-46628
26 Sep 2024 — Tenda G3 Router firmware v15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function. • https://github.com/Question-h/vuln/blob/master/Remote%20Code%20Execution%20Vulnerability%20in%20Tenda%20G3%20Router.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46652
https://notcve.org/view.php?id=CVE-2024-46652
20 Sep 2024 — Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability in the fromAdvSetMacMtuWan function. • https://github.com/zp9080/Tenda/blob/main/Tenda-AC8v4%20V16.03.34.06-fromAdvSetMacMtuWan/overview.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46044
https://notcve.org/view.php?id=CVE-2024-46044
13 Sep 2024 — CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the fromqossetting function. • https://github.com/BenJpopo/V/blob/main/Tenda/CH22/fromqossetting.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46045
https://notcve.org/view.php?id=CVE-2024-46045
13 Sep 2024 — Tenda CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the frmL7PlotForm function. • https://github.com/BenJpopo/V/blob/main/Tenda/CH22/frmL7PlotForm.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46046
https://notcve.org/view.php?id=CVE-2024-46046
13 Sep 2024 — Tenda FH451 v1.0.0.9 has a stack overflow vulnerability located in the RouteStatic function. • https://github.com/BenJpopo/V/blob/main/Tenda/FH451/RouteStatic.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46047
https://notcve.org/view.php?id=CVE-2024-46047
13 Sep 2024 — Tenda FH451 v1.0.0.9 has a stack overflow vulnerability in the fromDhcpListClient function. • https://github.com/BenJpopo/V/blob/main/Tenda/FH451/DhcpListClient.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 14%CPEs: 1EXPL: 0CVE-2024-46048
https://notcve.org/view.php?id=CVE-2024-46048
13 Sep 2024 — Tenda FH451 v1.0.0.9 has a command injection vulnerability in the formexeCommand function i • https://github.com/BenJpopo/V/blob/main/Tenda/FH451/formexeCommand.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •