CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10698 – Tenda AC6 SetOnlineDevName formSetDeviceName stack-based overflow
https://notcve.org/view.php?id=CVE-2024-10698
02 Nov 2024 — A vulnerability was found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this issue is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/theRaz0r/iot-mycve/blob/main/tenda_ac6_stackflow_formSetDeviceName/tenda_ac6_stackflow_formSetDeviceName.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 67%CPEs: 1EXPL: 1CVE-2024-10697 – Tenda AC6 API Endpoint WriteFacMac formWriteFacMac command injection
https://notcve.org/view.php?id=CVE-2024-10697
02 Nov 2024 — A vulnerability has been found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac of the component API Endpoint. The manipulation of the argument The leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/theRaz0r/iot-mycve/blob/main/tenda_ac6_rce_WriteFacMac/tenda_ac6_rce_WriteFacMac.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 4%CPEs: 10EXPL: 1CVE-2023-38823
https://notcve.org/view.php?id=CVE-2023-38823
20 Nov 2023 — Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 and v.1.0 allows a remote attacker to execute arbitrary code via the formSetCfm function in bin/httpd. Vulnerabilidad de desbordamiento del búfer en Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 y v.1.0 permite a un atacante remoto ejecutar código arbitrario a través de la función formSetCfm en bin/httpd. • https://github.com/nhtri2003gmail/CVE_report/blob/master/CVE-2023-38823.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-40830
https://notcve.org/view.php?id=CVE-2023-40830
03 Oct 2023 — Tenda AC6 v15.03.05.19 is vulnerable to Buffer Overflow as the Index parameter does not verify the length. Tenda AC6 v15.03.05.19 es vulnerable al desbordamiento del búfer ya que el parámetro Índice no verifica la longitud. • https://reference1.example.com/goform/WifiWpsOOB • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-45641
https://notcve.org/view.php?id=CVE-2022-45641
02 Dec 2022 — Tenda AC6V1.0 V15.03.05.19 is vulnerable to Buffer Overflow via formSetMacFilterCfg. Tenda AC6V1.0 V15.03.05.19 es vulnerable al desbordamiento de búfer a través de formSetMacFilterCfg. • https://github.com/Double-q1015/CVE-vulns/blob/main/tenda_ac6/formSetMacFilterCfg/formSetMacFilterCfg.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-45673
https://notcve.org/view.php?id=CVE-2022-45673
02 Dec 2022 — Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet. Tenda AC6V1.0 V15.03.05.19 es vulnerable a Cross-Site Request Forgery (CSRF) a través de la función de SysToolRestoreSet. • https://github.com/ConfusedChenSir/VulnerabilityProjectRecords/blob/main/fromSysToolRestoreSet/fromSysToolRestoreSet.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-45674
https://notcve.org/view.php?id=CVE-2022-45674
02 Dec 2022 — Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. Tenda AC6V1.0 V15.03.05.19 es vulnerable a Cross-Site Request Forgery (CSRF) a través de la función de SysToolReboot. • https://github.com/ConfusedChenSir/VulnerabilityProjectRecords/blob/main/fromSysToolReboot/fromSysToolReboot.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2022-45640
https://notcve.org/view.php?id=CVE-2022-45640
01 Dec 2022 — Tenda Tenda AC6V1.0 V15.03.05.19 is affected by buffer overflow. Causes a denial of service (local). Tenda Tenda AC6V1.0 V15.03.05.19 se ve afectado por un desbordamiento del búfer. Provoca una Denegación de Servicio (DoS) (local). • https://github.com/Double-q1015/CVE-vulns/blob/main/tenda_ac6v1.0_vuln/Tenda%20AC6V1.0%20V15.03.05.19%20Stack%20overflow%20vulnerability.md • CWE-787: Out-of-bounds Write •