CVSS: 7.1EPSS: 0%CPEs: 22EXPL: 1CVE-2024-10280 – Tenda AC6/AC7/AC8/AC9/AC10/AC10U/AC15/AC18/AC500/AC1206 GetIPTV websReadEvent null pointer dereference
https://notcve.org/view.php?id=CVE-2024-10280
23 Oct 2024 — A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack may be initiated remotely. • https://github.com/JohenanLi/router_vuls/blob/main/websReadEvent/websReadEvent.md • CWE-476: NULL Pointer Dereference •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32306
https://notcve.org/view.php?id=CVE-2024-32306
17 Apr 2024 — Tenda AC10U v1.0 Firmware v15.03.06.49 has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function. Tenda AC10U v1.0 Firmware v15.03.06.49 tiene una vulnerabilidad de desbordamiento de pila ubicada a través del parámetro PPW en la función fromWizardHandle. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.48/fromWizardHandle.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2024-2853 – Tenda AC10U setsambacfg formSetSambaConf os command injection
https://notcve.org/view.php?id=CVE-2024-2853
24 Mar 2024 — A vulnerability was found in Tenda AC10U 15.03.06.48/15.03.06.49. It has been rated as critical. This issue affects the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. The attack may be initiated remotely. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.48/more/formSetSambaConf.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2764 – Tenda AC10U SetPptpServerCfg formSetPPTPServer stack-based overflow
https://notcve.org/view.php?id=CVE-2024-2764
21 Mar 2024 — A vulnerability, which was classified as critical, was found in Tenda AC10U 15.03.06.48. This affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument endIP leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.48/more/formSetPPTPServer.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 4CVE-2024-2763 – Tenda AC10U setcfm formSetCfm stack-based overflow
https://notcve.org/view.php?id=CVE-2024-2763
21 Mar 2024 — A vulnerability, which was classified as critical, has been found in Tenda AC10U 15.03.06.48. Affected by this issue is the function formSetCfm of the file goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/ally-petitt/CVE-2024-27632 • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2711 – Tenda AC10U addWifiMacFilter stack-based overflow
https://notcve.org/view.php?id=CVE-2024-2711
20 Mar 2024 — A vulnerability was found in Tenda AC10U 15.03.06.48. It has been rated as critical. Affected by this issue is the function addWifiMacFilter of the file /goform/addWifiMacFilter. The manipulation of the argument deviceMac leads to stack-based buffer overflow. The attack may be launched remotely. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.48/more/addWifiMacFilter_deviceMac.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2710 – Tenda AC10U openSchedWifi setSchedWifi stack-based overflow
https://notcve.org/view.php?id=CVE-2024-2710
20 Mar 2024 — A vulnerability was found in Tenda AC10U 15.03.06.49. It has been declared as critical. Affected by this vulnerability is the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime leads to stack-based buffer overflow. The attack can be launched remotely. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/setSchedWifi_start.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2709 – Tenda AC10U SetStaticRouteCfg fromSetRouteStatic stack-based overflow
https://notcve.org/view.php?id=CVE-2024-2709
20 Mar 2024 — A vulnerability was found in Tenda AC10U 15.03.06.49. It has been classified as critical. Affected is the function fromSetRouteStatic of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to launch the attack remotely. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/fromSetRouteStatic.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2708 – Tenda AC10U execCommand formexeCommand stack-based overflow
https://notcve.org/view.php?id=CVE-2024-2708
20 Mar 2024 — A vulnerability was found in Tenda AC10U 15.03.06.49 and classified as critical. This issue affects the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/formexeCommand.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2707 – Tenda AC10U WriteFacMac formWriteFacMac os command injection
https://notcve.org/view.php?id=CVE-2024-2707
20 Mar 2024 — A vulnerability has been found in Tenda AC10U 15.03.06.49 and classified as critical. This vulnerability affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/formWriteFacMac.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •