CVSS: 7.1EPSS: 0%CPEs: 22EXPL: 1CVE-2024-10280 – Tenda AC6/AC7/AC8/AC9/AC10/AC10U/AC15/AC18/AC500/AC1206 GetIPTV websReadEvent null pointer dereference
https://notcve.org/view.php?id=CVE-2024-10280
23 Oct 2024 — A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack may be initiated remotely. • https://github.com/JohenanLi/router_vuls/blob/main/websReadEvent/websReadEvent.md • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 6%CPEs: 1EXPL: 0CVE-2024-32281
https://notcve.org/view.php?id=CVE-2024-32281
17 Apr 2024 — Tenda AC7V1.0 v15.03.06.44 firmware contains a command injection vulnerablility in formexeCommand function via the cmdinput parameter. El firmware Tenda AC7V1.0 v15.03.06.44 contiene una vulnerabilidad de inyección de comandos en la función formexeCommand a través del parámetro cmdinput. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/formexecommand.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32301
https://notcve.org/view.php?id=CVE-2024-32301
17 Apr 2024 — Tenda AC7V1.0 v15.03.06.44 firmware has a stack overflow vulnerability via the PPW parameter in the fromWizardHandle function. El firmware Tenda AC7V1.0 v15.03.06.44 tiene una vulnerabilidad de desbordamiento de pila a través del parámetro PPW en la función fromWizardHandle. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/fromWizardHandle.md • CWE-121: Stack-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2023-41552
https://notcve.org/view.php?id=CVE-2023-41552
30 Aug 2023 — Tenda AC7 V1.0 V15.03.06.44 and Tenda AC9 V3.0 V15.03.06.42_multi were discovered to contain a stack overflow via parameter ssid at url /goform/fast_setting_wifi_set. • https://github.com/peris-navince/founded-0-days/blob/main/form_fast_setting_wifi_set/1.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-41555
https://notcve.org/view.php?id=CVE-2023-41555
30 Aug 2023 — Tenda AC7 V1.0 V15.03.06.44 was discovered to contain a stack overflow via parameter security_5g at url /goform/WifiBasicSet. • https://github.com/peris-navince/founded-0-days/blob/main/formWifiBasicSet/1.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 1CVE-2023-41556
https://notcve.org/view.php?id=CVE-2023-41556
30 Aug 2023 — Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter list at url /goform/SetIpMacBind. • https://github.com/peris-navince/founded-0-days/blob/main/fromSetIpMacBind/1.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2023-41557
https://notcve.org/view.php?id=CVE-2023-41557
30 Aug 2023 — Tenda AC7 V1.0 V15.03.06.44 and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter entrys and mitInterface at url /goform/addressNat. • https://github.com/peris-navince/founded-0-days/blob/main/fromAddressNat/1.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-41558
https://notcve.org/view.php?id=CVE-2023-41558
30 Aug 2023 — Tenda AC7 V1.0 V15.03.06.44 was discovered to contain a stack overflow via parameter timeZone at url /goform/SetSysTimeCfg. • https://github.com/peris-navince/founded-0-days/blob/main/fromSetSysTime/1.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 1CVE-2023-41559
https://notcve.org/view.php?id=CVE-2023-41559
30 Aug 2023 — Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter page at url /goform/NatStaticSetting. • https://github.com/peris-navince/founded-0-days/blob/main/fromNatStaticSetting/1.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 1CVE-2023-41562
https://notcve.org/view.php?id=CVE-2023-41562
30 Aug 2023 — Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter time at url /goform/PowerSaveSet. • https://github.com/peris-navince/founded-0-days/blob/main/setSmartPowerManagement/1.md • CWE-787: Out-of-bounds Write •