CVSS: 9.8EPSS: 13%CPEs: 2EXPL: 1CVE-2024-2854 – Tenda AC18 setsambacfg formSetSambaConf os command injection
https://notcve.org/view.php?id=CVE-2024-2854
24 Mar 2024 — A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formSetSambaConf.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-28535
https://notcve.org/view.php?id=CVE-2024-28535
12 Mar 2024 — Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the mitInterface parameter of fromAddressNat function. Tenda AC18 V15.03.05.05 tiene una vulnerabilidad de desbordamiento de pila en el parámetro mitInterface de la función fromAddressNat. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/fromAddressNat_mitInterface.md • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-28553
https://notcve.org/view.php?id=CVE-2024-28553
12 Mar 2024 — Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the entrys parameter fromAddressNat function. Tenda AC18 V15.03.05.05 tiene una vulnerabilidad de desbordamiento de pila en el parámetro de entradas de la función AddressNat. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/fromAddressNat_entrys.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-44174
https://notcve.org/view.php?id=CVE-2022-44174
21 Nov 2022 — Tenda AC18 V15.03.05.05 is vulnerable to Buffer Overflow via function formSetDeviceName. Tenda AC18 V15.03.05.05 es vulnerable al desbordamiento del búfer a través de la función formSetDeviceName. • https://github.com/RobinWang825/IoT_vuln/blob/main/Tenda/AC18/formSetDeviceName_05/Tenda_AC18_V15.03.05.05_Vuln_devName.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2022-38313
https://notcve.org/view.php?id=CVE-2022-38313
07 Sep 2022 — Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the time parameter at /goform/saveParentControlInfo. Se ha detectado que Tenda AC18 router versiones v15.03.05.19 y v15.03.05.05, contiene un desbordamiento de pila por el parámetro time en /goform/saveParentControlInfo • https://github.com/rickytriky/NWPU_Projct/tree/main/Tenda/AC18/2 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2022-38312
https://notcve.org/view.php?id=CVE-2022-38312
07 Sep 2022 — Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the list parameter at /goform/SetIpMacBind. Se ha detectado que Tenda AC18 router versiones v15.03.05.19 y v15.03.05.05, contiene un desbordamiento de pila por el parámetro list en /goform/SetIpMacBind • https://github.com/rickytriky/NWPU_Projct/tree/main/Tenda/AC18/3 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2022-38311
https://notcve.org/view.php?id=CVE-2022-38311
07 Sep 2022 — Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the time parameter at /goform/PowerSaveSet. Se ha detectado que Tenda AC18 router versiones v15.03.05.19 y v15.03.05.05, contiene un desbordamiento de pila por medio del parámetro time en /goform/PowerSaveSet • https://github.com/rickytriky/NWPU_Projct/tree/main/Tenda/AC18/5 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2022-38310
https://notcve.org/view.php?id=CVE-2022-38310
07 Sep 2022 — Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the list parameter at /goform/SetStaticRouteCfg. Se ha detectado que Tenda AC18 router versiones v15.03.05.19 y v15.03.05.05, contiene un desbordamiento de pila por el parámetro list en /goform/SetStaticRouteCfg • https://github.com/rickytriky/NWPU_Projct/tree/main/Tenda/AC18/6 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2022-38309
https://notcve.org/view.php?id=CVE-2022-38309
07 Sep 2022 — Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg. Se ha detectado que Tenda AC18 router versiones v15.03.05.19 y v15.03.05.05, contiene un desbordamiento de pila por medio del parámetro list en /goform/SetVirtualServerCfg • https://github.com/rickytriky/NWPU_Projct/tree/main/Tenda/AC18/4 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2022-38314
https://notcve.org/view.php?id=CVE-2022-38314
07 Sep 2022 — Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the urls parameter at /goform/saveParentControlInfo. Se ha detectado que Tenda AC18 router versiones v15.03.05.19 y v15.03.05.05, contiene un desbordamiento de pila por medio del parámetro urls en /goform/saveParentControlInfo • https://github.com/rickytriky/NWPU_Projct/tree/main/Tenda/AC18/1 • CWE-787: Out-of-bounds Write •