CVE-2024-3874 – Tenda W20E SetRemoteWebManage formSetRemoteWebManage stack-based overflow
https://notcve.org/view.php?id=CVE-2024-3874
A vulnerability was found in Tenda W20E 15.11.0.6. It has been declared as critical. This vulnerability affects the function formSetRemoteWebManage of the file /goform/SetRemoteWebManage. The manipulation of the argument remoteIP leads to stack-based buffer overflow. The attack can be initiated remotely. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W20E/formSetRemoteWebManage.md https://vuldb.com/?ctiid.260908 https://vuldb.com/?id.260908 https://vuldb.com/?submit.312816 • CWE-121: Stack-based Buffer Overflow •
CVE-2023-26805
https://notcve.org/view.php?id=CVE-2023-26805
Tenda W20E v15.11.0.6 (US_W20EV4.0br_v15.11.0.6(1068_1546_841)_CN_TDC) is vulnerable to Buffer Overflow via function formIPMacBindModify. • https://github.com/Stevenbaga/fengsha/blob/main/W20E/formIPMacBindModify.md • CWE-787: Out-of-bounds Write •
CVE-2023-26806
https://notcve.org/view.php?id=CVE-2023-26806
Tenda W20E v15.11.0.6(US_W20EV4.0br_v15.11.0.6(1068_1546_841 is vulnerable to Buffer Overflow via function formSetSysTime, • https://github.com/Stevenbaga/fengsha/blob/main/W20E/SetSysTime.md • CWE-787: Out-of-bounds Write •
CVE-2022-48130
https://notcve.org/view.php?id=CVE-2022-48130
Tenda W20E v15.11.0.6 was discovered to contain multiple stack overflows in the function formSetStaticRoute via the parameters staticRouteNet, staticRouteMask, staticRouteGateway, staticRouteWAN. • https://github.com/Stevenbaga/fengsha/blob/main/W20E/formSetStaticRoute.md • CWE-787: Out-of-bounds Write •
CVE-2022-40855
https://notcve.org/view.php?id=CVE-2022-40855
Tenda W20E router V15.11.0.6 contains a stack overflow in the function formSetPortMapping with post request 'goform/setPortMapping/'. This vulnerability allows attackers to cause a Denial of Service (DoS) or Remote Code Execution (RCE) via the portMappingServer, portMappingProtocol, portMappingWan, porMappingtInternal, and portMappingExternal parameters. El router Tenda W20E versión V15.11.0.6, contiene un desbordamiento de pila en la función formSetPortMapping con la petición /goform/setPortMapping/. Esta vulnerabilidad permite a atacantes causar una Denegación de Servicio (DoS) o una Ejecución de Código Remota (RCE) por medio de los parámetros portMappingServer, portMappingProtocol, portMappingWan, porMappingtInternal y portMappingExternal. • https://github.com/CPSeek/Router-vuls/blob/main/Tenda/W20E/formSetPortMapping.md • CWE-787: Out-of-bounds Write •