16 results (0.005 seconds)

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1

A vulnerability has been found in Tenda i22 1.0.0.3(4687) and classified as problematic. Affected by this vulnerability is the function websReadEvent of the file /goform/GetIPTV?fgHPOST/goform/SysToo. The manipulation of the argument Content-Length leads to null pointer dereference. The attack can be launched remotely. • https://github.com/xiaobor123/tenda-vul-i22 https://vuldb.com/?ctiid.282919 https://vuldb.com/?id.282919 https://vuldb.com/?submit.435407 https://www.tenda.com.cn • CWE-476: NULL Pointer Dereference •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1

A vulnerability has been found in Tenda i22 1.0.0.3(4687) and classified as critical. Affected by this vulnerability is the function formApPortalWebAuth of the file /goform/apPortalAuth. The manipulation of the argument webUserName/webUserPassword leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/BeaCox/IoT_vuln/tree/main/tenda/i22/ApPortalWebAuth https://vuldb.com/?ctiid.273865 https://vuldb.com/?id.273865 https://vuldb.com/?submit.382837 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1

A vulnerability, which was classified as critical, was found in Tenda i22 1.0.0.3(4687). Affected is the function formApPortalPhoneAuth of the file /goform/apPortalPhoneAuth. The manipulation of the argument data leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/BeaCox/IoT_vuln/tree/main/tenda/i22/ApPortalPhoneAuth https://vuldb.com/?ctiid.273864 https://vuldb.com/?id.273864 https://vuldb.com/?submit.382836 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1

A vulnerability, which was classified as critical, has been found in Tenda i22 1.0.0.3(4687). This issue affects the function formApPortalOneKeyAuth of the file /goform/apPortalOneKeyAuth. The manipulation of the argument data leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/BeaCox/IoT_vuln/tree/main/tenda/i22/ApPortalOneKeyAuth https://vuldb.com/?ctiid.273863 https://vuldb.com/?id.273863 https://vuldb.com/?submit.382835 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1

A vulnerability classified as critical was found in Tenda i22 1.0.0.3(4687). This vulnerability affects the function formApPortalAccessCodeAuth of the file /goform/apPortalAccessCodeAuth. The manipulation of the argument accessCode/data/acceInfo leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/BeaCox/IoT_vuln/tree/main/tenda/i22/ApPortalAccessCodeAuth https://vuldb.com/?ctiid.273862 https://vuldb.com/?id.273862 https://vuldb.com/?submit.382834 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •