CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4236 – Tenda AX1803 SetDDNSCfg formSetSysToolDDNS stack-based overflow
https://notcve.org/view.php?id=CVE-2024-4236
26 Apr 2024 — A vulnerability, which was classified as critical, has been found in Tenda AX1803 1.0.0.1. This issue affects the function formSetSysToolDDNS of the file /goform/SetDDNSCfg. The manipulation of the argument serverName/ddnsUser/ddnsPwd/ddnsDomain leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AX/AX1803/formSetSysToolDDNS.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-30620
https://notcve.org/view.php?id=CVE-2024-30620
02 Apr 2024 — Tenda AX1803 v1.0.0.1 contains a stack overflow via the serviceName parameter in the function fromAdvSetMacMtuWan. Tenda AX1803 v1.0.0.1 contiene un desbordamiento de pila a través del parámetro serviceName en la función fromAdvSetMacMtuWan. • https://github.com/re1wn/IoT_vuln/blob/main/Tenda_AX1803_v1.0.0.1_contains_a_stack_overflow_via_the_serviceName_parameter_in_the_function_fromAdvSetMacMtuWan.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-30621
https://notcve.org/view.php?id=CVE-2024-30621
02 Apr 2024 — Tenda AX1803 v1.0.0.1 contains a stack overflow via the serverName parameter in the function fromAdvSetMacMtuWan. Tenda AX1803 v1.0.0.1 contiene un desbordamiento de pila a través del parámetro serverName en la función fromAdvSetMacMtuWan. • https://github.com/re1wn/IoT_vuln/blob/main/Tenda_AX1803_v1.0.0.1_contains_a_stack_overflow_via_the_serverName_parameter_in_the_function_fromAdvSetMacMtuWan.md • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-51958
https://notcve.org/view.php?id=CVE-2023-51958
10 Jan 2024 — Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formGetIptv. Tenda AX1803 v1.0.0.1 contiene un desbordamiento de pila a través del parámetro iptv.stb.port en la función formGetIptv. • https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-formGetIptv-0fcc584fcda44b1c837e42d5d732957a • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-51969
https://notcve.org/view.php?id=CVE-2023-51969
10 Jan 2024 — Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function getIptvInfo. Tenda AX1803 v1.0.0.1 contiene un desbordamiento de pila a través del parámetro iptv.city.vlan en la función getIptvInfo. • https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-getIptvInfo-f5918cc2828c49e78554f456bf7d4b36 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-51966
https://notcve.org/view.php?id=CVE-2023-51966
10 Jan 2024 — Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function setIptvInfo. Tenda AX1803 v1.0.0.1 contiene un desbordamiento de pila a través del parámetro adv.iptv.stballvlans en la función setIptvInfo. • https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-setIptvInfo-944beaf189db4bf49f99a7a7418c7bdd • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-51971
https://notcve.org/view.php?id=CVE-2023-51971
10 Jan 2024 — Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function getIptvInfo. Tenda AX1803 v1.0.0.1 contiene un desbordamiento de pila a través del parámetro adv.iptv.stbpvid en la función getIptvInfo. • https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-getIptvInfo-f5918cc2828c49e78554f456bf7d4b36 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-51957
https://notcve.org/view.php?id=CVE-2023-51957
10 Jan 2024 — Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formGetIptv. Tenda AX1803 v1.0.0.1 contiene un desbordamiento de pila a través del parámetro iptv.stb.mode en la función formGetIptv. • https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-formGetIptv-0fcc584fcda44b1c837e42d5d732957a • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-51970
https://notcve.org/view.php?id=CVE-2023-51970
10 Jan 2024 — Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv. Tenda AX1803 v1.0.0.1 contiene un desbordamiento de pila a través del parámetro iptv.stb.mode en la función formSetIptv. • https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-getIptvInfo-f5918cc2828c49e78554f456bf7d4b36 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-51956
https://notcve.org/view.php?id=CVE-2023-51956
10 Jan 2024 — Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formSetIptv Tenda AX1803 v1.0.0.1 contiene un desbordamiento de pila a través del parámetro iptv.city.vlan en la función formSetIptv • https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-formSetIptv-d758f5dba8f646afaf5cddc6f8d3ec70 • CWE-787: Out-of-bounds Write •