CVSS: 7.1EPSS: 0%CPEs: 22EXPL: 1CVE-2024-10280 – Tenda AC6/AC7/AC8/AC9/AC10/AC10U/AC15/AC18/AC500/AC1206 GetIPTV websReadEvent null pointer dereference
https://notcve.org/view.php?id=CVE-2024-10280
23 Oct 2024 — A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack may be initiated remotely. • https://github.com/JohenanLi/router_vuls/blob/main/websReadEvent/websReadEvent.md • CWE-476: NULL Pointer Dereference •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3910 – Tenda AC500 DhcpListClient fromDhcpListClient stack-based overflow
https://notcve.org/view.php?id=CVE-2024-3910
17 Apr 2024 — A vulnerability, which was classified as critical, has been found in Tenda AC500 2.0.1.9(1307). Affected by this issue is the function fromDhcpListClient of the file /goform/DhcpListClient. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC500/fromDhcpListClient_page.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3909 – Tenda AC500 execCommand formexeCommand stack-based overflow
https://notcve.org/view.php?id=CVE-2024-3909
17 Apr 2024 — A vulnerability classified as critical was found in Tenda AC500 2.0.1.9(1307). Affected by this vulnerability is the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC500/formexeCommand.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3908 – Tenda AC500 WriteFacMac formWriteFacMac command injection
https://notcve.org/view.php?id=CVE-2024-3908
17 Apr 2024 — A vulnerability classified as critical has been found in Tenda AC500 2.0.1.9(1307). Affected is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC500/formWriteFacMac.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3907 – Tenda AC500 setcfm formSetCfm stack-based overflow
https://notcve.org/view.php?id=CVE-2024-3907
17 Apr 2024 — A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been rated as critical. This issue affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack may be initiated remotely. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC500/formSetCfm.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3906 – Tenda AC500 QuickIndex formQuickIndex stack-based overflow
https://notcve.org/view.php?id=CVE-2024-3906
17 Apr 2024 — A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been declared as critical. This vulnerability affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack can be initiated remotely. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC500/formQuickIndex.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3905 – Tenda AC500 execCommand R7WebsSecurityHandler stack-based overflow
https://notcve.org/view.php?id=CVE-2024-3905
17 Apr 2024 — A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been classified as critical. This affects the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to initiate the attack remotely. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC500/R7WebsSecurityHandler.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46060
https://notcve.org/view.php?id=CVE-2023-46060
17 Apr 2024 — A Buffer Overflow vulnerability in Tenda AC500 v.2.0.1.9 allows a remote attacker to cause a denial of service via the port parameter at the goform/setVlanInfo component. Una vulnerabilidad de desbordamiento de búfer en Tenda AC500 v.2.0.1.9 permite a un atacante remoto provocar una denegación de servicio a través del parámetro de puerto en el componente goform/setVlanInfo. • https://github.com/peris-navince/founded-0-days/blob/main/Tenda/ac500/fromSetVlanInfo/1.md •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32314
https://notcve.org/view.php?id=CVE-2024-32314
17 Apr 2024 — Tenda AC500 V2.0.1.9(1307) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter. El firmware Tenda AC500 V2.0.1.9(1307) contiene una vulnerabilidad de inyección de comandos en la función formexeCommand a través del parámetro cmdinput. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC500/formexecommand_cmdi.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32316
https://notcve.org/view.php?id=CVE-2024-32316
17 Apr 2024 — Tenda AC500 V2.0.1.9(1307) firmware has a stack overflow vulnerability in the fromDhcpListClient function. El firmware Tenda AC500 V2.0.1.9(1307) tiene una vulnerabilidad de desbordamiento de pila en la función fromDhcpListClient. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC500/fromDhcpListClient_list1.md • CWE-121: Stack-based Buffer Overflow •