CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10351 – Tenda RX9 Pro POST Request setMacFilterCfg sub_424CE0 stack-based overflow
https://notcve.org/view.php?id=CVE-2024-10351
24 Oct 2024 — A vulnerability was found in Tenda RX9 Pro 22.03.02.20. It has been rated as critical. This issue affects the function sub_424CE0 of the file /goform/setMacFilterCfg of the component POST Request Handler. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. • https://gitee.com/GXB0_0/iot-vul/blob/master/Tenda/RX9/20/setMacFilterCfg.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2024-10283 – Tenda RX9/RX9 Pro SetNetControlList sub_4337EC stack-based overflow
https://notcve.org/view.php?id=CVE-2024-10283
23 Oct 2024 — A vulnerability, which was classified as critical, has been found in Tenda RX9 and RX9 Pro 22.03.02.20. Affected by this issue is the function sub_4337EC of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://gitee.com/GXB0_0/iot-vul/blob/master/Tenda/RX9/20/SetNetControlList.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 1CVE-2024-10282 – Tenda RX9/RX9 Pro SetVirtualServerCfg sub_42EA38 stack-based overflow
https://notcve.org/view.php?id=CVE-2024-10282
23 Oct 2024 — A vulnerability classified as critical was found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. Affected by this vulnerability is the function sub_42EA38 of the file /goform/SetVirtualServerCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://gitee.com/GXB0_0/iot-vul/blob/master/Tenda/RX9/20/SetVirtualServerCfg.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 1CVE-2024-10281 – Tenda RX9/RX9 Pro SetStaticRouteCfg sub_42EEE0 stack-based overflow
https://notcve.org/view.php?id=CVE-2024-10281
23 Oct 2024 — A vulnerability classified as critical has been found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. Affected is the function sub_42EEE0 of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://gitee.com/GXB0_0/iot-vul/blob/master/Tenda/RX9/20/SetStaticRouteCfg.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-43885
https://notcve.org/view.php?id=CVE-2023-43885
07 Nov 2023 — Missing error handling in the HTTP server component of Tenda RX9 Pro Firmware V22.03.02.20 allows authenticated attackers to arbitrarily lock the device. La falta de manejo de errores en el componente del servidor HTTP del Tenda RX9 Pro Firmware V22.03.02.20 permite a atacantes autenticados bloquear arbitrariamente el dispositivo. • https://blog.rtlcopymemory.com/tenda-rx9-pro • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-43886
https://notcve.org/view.php?id=CVE-2023-43886
07 Nov 2023 — A buffer overflow in the HTTP server component of Tenda RX9 Pro v22.03.02.20 might allow an authenticated attacker to overwrite memory. Un desbordamiento de búfer en el componente del servidor HTTP de Tenda RX9 Pro v22.03.02.20 podría permitir que un atacante autenticado sobrescriba la memoria. • https://blog.rtlcopymemory.com/tenda-rx9-pro • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-38829
https://notcve.org/view.php?id=CVE-2022-38829
16 Sep 2022 — Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/setMacFilterCfg. Tenda RX9_Pro V22.03.02.10 es vulnerable al desbordamiento del búfer por medio de httpd/setMacFilterCfg • https://github.com/whiter6666/CVE/blob/main/Tenda_RX9_Pro/setMacFilterCfg.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-38830
https://notcve.org/view.php?id=CVE-2022-38830
16 Sep 2022 — Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/setIPv6Status. Tenda RX9_Pro V22.03.02.10 es vulnerable al desbordamiento del búfer por medio de httpd/setIPv6Status • https://github.com/whiter6666/CVE/blob/main/Tenda_RX9_Pro/setIPv6Status.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-38831
https://notcve.org/view.php?id=CVE-2022-38831
16 Sep 2022 — Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/SetNetControlList Tenda RX9_Pro V22.03.02.10 es vulnerable al desbordamiento del búfer por medio de httpd/SetNetControlList • https://github.com/whiter6666/CVE/blob/main/Tenda_RX9_Pro/SetNetControlList.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •