29 results (0.007 seconds)

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in Tenda AX1806 1.0.0.1 and classified as critical. Affected by this issue is the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AX/AX1806/formSetRebootTimer.md https://vuldb.com/?ctiid.262130 https://vuldb.com/?id.262130 https://vuldb.com/?submit.319235 • CWE-121: Stack-based Buffer Overflow •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1

A vulnerability has been found in Tenda AX1806 1.0.0.1 and classified as critical. Affected by this vulnerability is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AX/AX1806/formSetDeviceName_devName.md https://vuldb.com/?ctiid.262129 https://vuldb.com/?id.262129 https://vuldb.com/?submit.319232 • CWE-121: Stack-based Buffer Overflow •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1

A vulnerability, which was classified as critical, was found in Tenda AX1806 1.0.0.1. Affected is the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AX/AX1806/R7WebsSecurityHandler.md https://vuldb.com/?ctiid.262128 https://vuldb.com/?id.262128 https://vuldb.com/?submit.319231 • CWE-121: Stack-based Buffer Overflow •

CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 1

Tenda AX1806 V1.0.0.1 contains a heap overflow vulnerability in setSchedWifi function, in which the src and v12 are directly obtained from http request parameter schedStartTime and schedEndTime without checking their size. Tenda AX1806 V1.0.0.1 contiene una vulnerabilidad de desbordamiento de montón en la función setSchedWifi, en la que src y v12 se obtienen directamente del parámetro de solicitud http schedStartTime y schedEndTime sin verificar su tamaño. • https://github.com/Anza2001/IOT_VULN/blob/main/Tenda/AX1806/setSchedWifi.md • CWE-787: Out-of-bounds Write •

CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 1

Tenda AX1806 V1.0.0.1 contains a stack overflow vulnerability in function sub_455D4, called by function fromSetWirelessRepeat. Tenda AX1806 V1.0.0.1 contiene una vulnerabilidad de desbordamiento de pila en la función sub_455D4, llamada por la función fromSetWirelessRepeat. • https://github.com/Anza2001/IOT_VULN/blob/main/Tenda/AX1806/fromSetWirelessRepeat.md • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •