CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-0995 – Tenda W6 httpd wifiSSIDset formwrlSSIDset stack-based overflow
https://notcve.org/view.php?id=CVE-2024-0995
A vulnerability was found in Tenda W6 1.0.0.9(4122). It has been rated as critical. Affected by this issue is the function formwrlSSIDset of the file /goform/wifiSSIDset of the component httpd. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. • https://jylsec.notion.site/Tenda-w6-has-stack-buffer-overflow-vulnerability-in-formwrlSSIDset-e283b41905934e97b4c65632a0018eba?pvs=4 https://vuldb.com/?ctiid.252260 https://vuldb.com/?id.252260 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-0994 – Tenda W6 httpd setcfm formSetCfm stack-based overflow
https://notcve.org/view.php?id=CVE-2024-0994
A vulnerability was found in Tenda W6 1.0.0.9(4122). It has been declared as critical. Affected by this vulnerability is the function formSetCfm of the file /goform/setcfm of the component httpd. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be launched remotely. • https://jylsec.notion.site/Tenda-W6-has-stack-buffer-overflow-vulnerability-in-formSetCfm-4fab28f92ca74f519245b606d8345821?pvs=4 https://vuldb.com/?ctiid.252259 https://vuldb.com/?id.252259 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-45504
https://notcve.org/view.php?id=CVE-2022-45504
An issue in the component tpi_systool_handle(0) (/goform/SysToolRestoreSet) of Tenda W6-S v1.0.0.4(510) allows unauthenticated attackers to arbitrarily reboot the device. Un problema en el componente tpi_systool_handle(0) (/goform/SysToolRestoreSet) de Tenda W6-S v1.0.0.4(510) permite a atacantes no autenticados reiniciar arbitrariamente el dispositivo. • https://github.com/z1r00/IOT_Vul/blob/main/Tenda/W6-S/SysToolRestoreSet/readme.md •
CVSS: 9.8EPSS: 5%CPEs: 2EXPL: 1CVE-2022-45497
https://notcve.org/view.php?id=CVE-2022-45497
Tenda W6-S v1.0.0.4(510) was discovered to contain a command injection vulnerability in the tpi_get_ping_output function at /goform/exeCommand. • https://github.com/z1r00/IOT_Vul/blob/main/Tenda/W6-S/exeCommand/readme.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-45503
https://notcve.org/view.php?id=CVE-2022-45503
Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the linkEn parameter at /goform/setAutoPing. Se descubrió que Tenda W6-S v1.0.0.4(510) contenía un desbordamiento de pila a través del parámetro linkEn en /goform/setAutoPing. • https://github.com/z1r00/IOT_Vul/blob/main/Tenda/W6-S/setAutoPing/readme.md • CWE-787: Out-of-bounds Write •