9 results (0.001 seconds)

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in Tenda RX9 Pro 22.03.02.20. It has been rated as critical. This issue affects the function sub_424CE0 of the file /goform/setMacFilterCfg of the component POST Request Handler. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. • https://gitee.com/GXB0_0/iot-vul/blob/master/Tenda/RX9/20/setMacFilterCfg.md https://vuldb.com/?ctiid.281699 https://vuldb.com/?id.281699 https://vuldb.com/?submit.427706 https://www.tenda.com.cn • CWE-121: Stack-based Buffer Overflow •

CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1

A vulnerability, which was classified as critical, has been found in Tenda RX9 and RX9 Pro 22.03.02.20. Affected by this issue is the function sub_4337EC of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://gitee.com/GXB0_0/iot-vul/blob/master/Tenda/RX9/20/SetNetControlList.md https://vuldb.com/?ctiid.281558 https://vuldb.com/?id.281558 https://vuldb.com/?submit.427064 https://www.tenda.com.cn • CWE-121: Stack-based Buffer Overflow •

CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 1

A vulnerability classified as critical was found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. Affected by this vulnerability is the function sub_42EA38 of the file /goform/SetVirtualServerCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://gitee.com/GXB0_0/iot-vul/blob/master/Tenda/RX9/20/SetVirtualServerCfg.md https://vuldb.com/?ctiid.281557 https://vuldb.com/?id.281557 https://vuldb.com/?submit.427066 https://www.tenda.com.cn • CWE-121: Stack-based Buffer Overflow •

CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 1

A vulnerability classified as critical has been found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. Affected is the function sub_42EEE0 of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://gitee.com/GXB0_0/iot-vul/blob/master/Tenda/RX9/20/SetStaticRouteCfg.md https://vuldb.com/?ctiid.281556 https://vuldb.com/?id.281556 https://vuldb.com/?submit.427065 https://www.tenda.com.cn • CWE-121: Stack-based Buffer Overflow •

CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 1

Missing error handling in the HTTP server component of Tenda RX9 Pro Firmware V22.03.02.20 allows authenticated attackers to arbitrarily lock the device. La falta de manejo de errores en el componente del servidor HTTP del Tenda RX9 Pro Firmware V22.03.02.20 permite a atacantes autenticados bloquear arbitrariamente el dispositivo. • https://blog.rtlcopymemory.com/tenda-rx9-pro • CWE-862: Missing Authorization •