CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 1CVE-2023-38823
https://notcve.org/view.php?id=CVE-2023-38823
Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 and v.1.0 allows a remote attacker to execute arbitrary code via the formSetCfm function in bin/httpd. Vulnerabilidad de desbordamiento del búfer en Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 y v.1.0 permite a un atacante remoto ejecutar código arbitrario a través de la función formSetCfm en bin/httpd. • https://github.com/nhtri2003gmail/CVE_report/blob/master/CVE-2023-38823.md https://github.com/johnathanhuutri/CVE_report/blob/master/CVE-2023-38823/README.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-40837
https://notcve.org/view.php?id=CVE-2023-40837
Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_ADD50' contains a command execution vulnerability. In the "formSetIptv" function, obtaining the "list" and "vlanId" fields, unfiltered passing these two fields as parameters to the "sub_ADD50" function to execute commands. La función "sub_ADD50" de Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin contiene una vulnerabilidad de ejecución de comandos. En la función "formSetIptv", al obtener los campos "list" y "vlanId", sin filtrar pasa estos dos campos como parámetros a la función "sub_ADD50" para ejecutar comandos. • https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/cmd/2/2.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-40838
https://notcve.org/view.php?id=CVE-2023-40838
Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_3A1D0' contains a command execution vulnerability. La función 'sub_3A1D0' de Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin contiene una vulnerabilidad de ejecución de comandos. • https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/cmd/1/1.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-40839
https://notcve.org/view.php?id=CVE-2023-40839
Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_ADF3C' contains a command execution vulnerability. In the "formSetIptv" function, obtaining the "list" and "vlanId" fields, unfiltered passing these two fields as parameters to the "sub_ADF3C" function to execute commands. La función "sub_ADF3C" de Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin contiene una vulnerabilidad de ejecución de comandos. En la función "formSetIptv", al obtener los campos "list" y "vlanId", sin filtrar pasa estos dos campos como parámetros a la función "sub_ADF3C" para ejecutar comandos. • https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/cmd/3/3.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-40840
https://notcve.org/view.php?id=CVE-2023-40840
Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function "fromGetWirelessRepeat." Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin es vulnerable al desbordamiento del búfer a través de la función "fromGetWirelessRepeat". • https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/6/6.md • CWE-787: Out-of-bounds Write •