CVE-2021-45986
https://notcve.org/view.php?id=CVE-2021-45986
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetUSBShareInfo. This vulnerability allows attackers to execute arbitrary commands via the usbOrdinaryUserName parameter. Se ha detectado que los routers Tenda G1 y G3 versión v15.11.0.17(9502)_CN, contienen una vulnerabilidad de inyección de comandos en la función formSetUSBShareInfo. Esta vulnerabilidad permite a atacantes ejecutar comandos arbitrarios por medio del parámetro usbOrdinaryUserName • https://exchange.xforce.ibmcloud.com/vulnerabilities/218962 https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_2/2.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2021-45987
https://notcve.org/view.php?id=CVE-2021-45987
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetNetCheckTools. This vulnerability allows attackers to execute arbitrary commands via the hostName parameter. Se ha detectado que los routers Tenda G1 y G3 versión v15.11.0.17(9502)_CN, contienen una vulnerabilidad de inyección de comandos en la función formSetNetCheckTools. Esta vulnerabilidad permite a atacantes ejecutar comandos arbitrarios por medio del parámetro hostName • https://exchange.xforce.ibmcloud.com/vulnerabilities/218961 https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_3/3.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2021-45988
https://notcve.org/view.php?id=CVE-2021-45988
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formAddDnsForward. This vulnerability allows attackers to cause a Denial of Service (DoS) via the DnsForwardRule parameter. Se ha detectado que los routers Tenda G1 y G3 versión v15.11.0.17(9502)_CN, contienen un desbordamiento de pila en la función formAddDnsForward. Esta vulnerabilidad permite a atacantes causar una denegación de servicio (DoS) por medio del parámetro DnsForwardRule • https://exchange.xforce.ibmcloud.com/vulnerabilities/218960 https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_5/5.md • CWE-787: Out-of-bounds Write •
CVE-2021-45990
https://notcve.org/view.php?id=CVE-2021-45990
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function uploadPicture. This vulnerability allows attackers to execute arbitrary commands via the pic_name parameter. Se ha detectado que los routers Tenda G1 y G3 versión v15.11.0.17(9502)_CN, contienen una vulnerabilidad de inyección de comandos en la función uploadPicture. Esta vulnerabilidad permite a atacantes ejecutar comandos arbitrarios por medio del parámetro pic_name • https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_1/1.md https://www.tenable.com/cve/CVE-2021-45990 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2021-45989
https://notcve.org/view.php?id=CVE-2021-45989
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function guestWifiRuleRefresh. This vulnerability allows attackers to cause a Denial of Service (DoS) via the qosGuestUpstream and qosGuestDownstream parameters. Se ha detectado que los routers Tenda G1 y G3 versión v15.11.0.17(9502)_CN, contienen un desbordamiento de pila en la función guestWifiRuleRefresh. Esta vulnerabilidad permite a atacantes causar una denegación de servicio (DoS) por medio de los parámetros qosGuestUpstream y qosGuestDownstream • https://exchange.xforce.ibmcloud.com/vulnerabilities/218959 https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_4/4.md • CWE-787: Out-of-bounds Write •