CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4236 – Tenda AX1803 SetDDNSCfg formSetSysToolDDNS stack-based overflow
https://notcve.org/view.php?id=CVE-2024-4236
A vulnerability, which was classified as critical, has been found in Tenda AX1803 1.0.0.1. This issue affects the function formSetSysToolDDNS of the file /goform/SetDDNSCfg. The manipulation of the argument serverName/ddnsUser/ddnsPwd/ddnsDomain leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AX/AX1803/formSetSysToolDDNS.md https://vuldb.com/?ctiid.262127 https://vuldb.com/?id.262127 https://vuldb.com/?submit.319230 • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-30620
https://notcve.org/view.php?id=CVE-2024-30620
Tenda AX1803 v1.0.0.1 contains a stack overflow via the serviceName parameter in the function fromAdvSetMacMtuWan. Tenda AX1803 v1.0.0.1 contiene un desbordamiento de pila a través del parámetro serviceName en la función fromAdvSetMacMtuWan. • https://github.com/re1wn/IoT_vuln/blob/main/Tenda_AX1803_v1.0.0.1_contains_a_stack_overflow_via_the_serviceName_parameter_in_the_function_fromAdvSetMacMtuWan.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-30621
https://notcve.org/view.php?id=CVE-2024-30621
Tenda AX1803 v1.0.0.1 contains a stack overflow via the serverName parameter in the function fromAdvSetMacMtuWan. Tenda AX1803 v1.0.0.1 contiene un desbordamiento de pila a través del parámetro serverName en la función fromAdvSetMacMtuWan. • https://github.com/re1wn/IoT_vuln/blob/main/Tenda_AX1803_v1.0.0.1_contains_a_stack_overflow_via_the_serverName_parameter_in_the_function_fromAdvSetMacMtuWan.md • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-51966
https://notcve.org/view.php?id=CVE-2023-51966
Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function setIptvInfo. Tenda AX1803 v1.0.0.1 contiene un desbordamiento de pila a través del parámetro adv.iptv.stballvlans en la función setIptvInfo. • https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-setIptvInfo-944beaf189db4bf49f99a7a7418c7bdd • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-51954
https://notcve.org/view.php?id=CVE-2023-51954
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formSetIptv. Tenda AX1803 v1.0.0.1 contiene un desbordamiento de pila a través del parámetro iptv.stb.port en la función formSetIptv. • https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-formSetIptv-d758f5dba8f646afaf5cddc6f8d3ec70 • CWE-787: Out-of-bounds Write •