CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52789
https://notcve.org/view.php?id=CVE-2024-52789
19 Nov 2024 — Tenda W30E v2.0 V16.01.0.8 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root. • https://colorful-meadow-5b9.notion.site/W30E_HardCode_vuln-13dc216a1c30805998f8d994f966760a • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2024-4171 – Tenda W30E WizardHandle fromWizardHandle stack-based overflow
https://notcve.org/view.php?id=CVE-2024-4171
25 Apr 2024 — A vulnerability classified as critical has been found in Tenda W30E 1.0/1.0.1.25. Affected is the function fromWizardHandle of the file /goform/WizardHandle. The manipulation of the argument PPW leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W30E/fromWizardHandle.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32290
https://notcve.org/view.php?id=CVE-2024-32290
17 Apr 2024 — Tenda W30E v1.0 v1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in the fromAddressNat function. El firmware Tenda W30E v1.0 v1.0.1.25(633) tiene una vulnerabilidad de desbordamiento de pila a través del parámetro de página en la función fromAddressNat. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W30E/fromAddressNat_page.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32288
https://notcve.org/view.php?id=CVE-2024-32288
17 Apr 2024 — Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page parameter in the fromwebExcptypemanFilter function. El firmware Tenda W30E v1.0 V1.0.1.25(633) tiene una vulnerabilidad de desbordamiento de pila ubicada a través del parámetro de página en la función fromwebExcptypemanFilter. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W30E/fromwebExcptypemanFilter.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32285
https://notcve.org/view.php?id=CVE-2024-32285
17 Apr 2024 — Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the password parameter in the formaddUserName function. El firmware Tenda W30E v1.0 V1.0.1.25(633) tiene una vulnerabilidad de desbordamiento de pila a través del parámetro de contraseña en la función formaddUserName. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W30E/formaddUserName.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32286
https://notcve.org/view.php?id=CVE-2024-32286
17 Apr 2024 — Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page parameter in the fromVirtualSer function. El firmware Tenda W30E v1.0 V1.0.1.25(633) tiene una vulnerabilidad de desbordamiento de pila ubicada a través del parámetro de página en la función fromVirtualSer. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W30E/fromVirtualSer.md • CWE-121: Stack-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32287
https://notcve.org/view.php?id=CVE-2024-32287
17 Apr 2024 — Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the qos parameter in the fromqossetting function. El firmware Tenda W30E v1.0 V1.0.1.25(633) tiene una vulnerabilidad de desbordamiento de pila a través del parámetro qos en la función fromqossetting. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W30E/fromqossetting.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-32291
https://notcve.org/view.php?id=CVE-2024-32291
17 Apr 2024 — Tenda W30E v1.0 firmware v1.0.1.25(633) has a stack overflow vulnerability via the page parameter in the fromNatlimit function. El firmware v1.0.1.25(633) de Tenda W30E v1.0 tiene una vulnerabilidad de desbordamiento de pila a través del parámetro de página en la función fromNatlimit. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W30E/fromNatlimit.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32292
https://notcve.org/view.php?id=CVE-2024-32292
17 Apr 2024 — Tenda W30E v1.0 V1.0.1.25(633) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter. El firmware Tenda W30E v1.0 V1.0.1.25(633) contiene una vulnerabilidad de inyección de comando en la función formexeCommand a través del parámetro cmdinput. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W30E/formexecommand_cmdi.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.0EPSS: 5%CPEs: 1EXPL: 0CVE-2024-32293
https://notcve.org/view.php?id=CVE-2024-32293
17 Apr 2024 — Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in the fromDhcpListClient function. El firmware Tenda W30E v1.0 V1.0.1.25(633) tiene una vulnerabilidad de desbordamiento de pila a través del parámetro de página en la función fromDhcpListClient. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W30E/fromDhcpListClient_page.md • CWE-121: Stack-based Buffer Overflow •