CVSS: 7.1EPSS: 0%CPEs: 22EXPL: 1CVE-2024-10280 – Tenda AC6/AC7/AC8/AC9/AC10/AC10U/AC15/AC18/AC500/AC1206 GetIPTV websReadEvent null pointer dereference
https://notcve.org/view.php?id=CVE-2024-10280
23 Oct 2024 — A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack may be initiated remotely. • https://github.com/JohenanLi/router_vuls/blob/main/websReadEvent/websReadEvent.md • CWE-476: NULL Pointer Dereference •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32317
https://notcve.org/view.php?id=CVE-2024-32317
17 Apr 2024 — Tenda AC10 v4.0 V16.03.10.13 and V16.03.10.20 firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting function. El firmware Tenda AC10 v4.0 V16.03.10.13 y V16.03.10.20 tiene una vulnerabilidad de desbordamiento de pila a través del parámetro adslPwd en la función formWanParameterSetting. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10/V16.03.10.13/formWanParameterSetting.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2024-2856 – Tenda AC10 SetSysTimeCfg fromSetSysTime stack-based overflow
https://notcve.org/view.php?id=CVE-2024-2856
24 Mar 2024 — A vulnerability, which was classified as critical, has been found in Tenda AC10 16.03.10.13/16.03.10.20. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument timeZone leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10/V16.03.10.13/fromSetSysTime.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 2CVE-2023-45479
https://notcve.org/view.php?id=CVE-2023-45479
29 Nov 2023 — Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the list parameter in the function sub_49E098. Se descubrió que la versión Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn contenía un desbordamiento de pila a través del parámetro de lista en la función sub_49E098. • https://github.com/l3m0nade/IOTvul/blob/master/assets/sub_49E098_code.png • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 2CVE-2023-45480
https://notcve.org/view.php?id=CVE-2023-45480
29 Nov 2023 — Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the src parameter in the function sub_47D878. Se descubrió que la versión Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn contenía un desbordamiento de pila a través del parámetro src en la función sub_47D878. • https://github.com/l3m0nade/IOTvul/blob/master/assets/sub_47d878_code.png • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 2CVE-2023-45481
https://notcve.org/view.php?id=CVE-2023-45481
29 Nov 2023 — Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the firewallEn parameter in the function SetFirewallCfg. Se descubrió que la versión Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn contenía un desbordamiento de pila a través del parámetro firewallEn en la función SetFirewallCfg. • https://github.com/l3m0nade/IOTvul/blob/master/SetFirewallCfg.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 2CVE-2023-45482
https://notcve.org/view.php?id=CVE-2023-45482
29 Nov 2023 — Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the urls parameter in the function get_parentControl_list_Info. Se descubrió que la versión Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn contenía un desbordamiento de pila a través del parámetro urls en la función get_parentControl_list_Info. • https://github.com/l3m0nade/IOTvul/blob/master/assets/get_parentControl_list_Info_code.png • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 2CVE-2023-45483
https://notcve.org/view.php?id=CVE-2023-45483
29 Nov 2023 — Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the time parameter in the function compare_parentcontrol_time. Se descubrió que la versión Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn contenía un desbordamiento de pila a través del parámetro de tiempo en la función compare_parentcontrol_time. • https://github.com/l3m0nade/IOTvul/blob/master/assets/compare_parentcontrol_time_code.png • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 2CVE-2023-45484
https://notcve.org/view.php?id=CVE-2023-45484
29 Nov 2023 — Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGuestBasic. Se descubrió que la versión Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn contenía un desbordamiento de pila a través del parámetro shareSpeed en la función fromSetWifiGuestBasic. • https://github.com/l3m0nade/IOTvul/blob/master/assets/fromSetWifiGuestBasic_code.png • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-42320
https://notcve.org/view.php?id=CVE-2023-42320
18 Sep 2023 — Buffer Overflow vulnerability in Tenda AC10V4 v.US_AC10V4.0si_V16.03.10.13_cn_TDC01 allows a remote attacker to cause a denial of service via the mac parameter in the GetParentControlInfo function. La vulnerabilidad de Desbordamiento de Búfer en Tenda AC10V4 v.US_AC10V4.0si_V16.03.10.13_cn_TDC01 permite a un atacante remoto provocar una denegación de servicio a través del parámetro mac en la función GetParentControlInfo. • https://github.com/aixiao0621/Tenda/blob/main/AC10/0.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •