CVE-2024-7581 – Tenda A301 WifiBasicSet formWifiBasicSet stack-based overflow
https://notcve.org/view.php?id=CVE-2024-7581
A vulnerability classified as critical has been found in Tenda A301 15.13.08.12. This affects the function formWifiBasicSet of the file /goform/WifiBasicSet. The manipulation of the argument security leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/BeaCox/IoT_vuln/tree/main/tenda/A301/WifiBasicSet_bof https://vuldb.com/?ctiid.273861 https://vuldb.com/?id.273861 https://vuldb.com/?submit.382745 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2024-33180
https://notcve.org/view.php?id=CVE-2024-33180
Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/saveParentControlInfo. Se descubrió que Tenda AC18 V15.03.3.10_EN contiene una vulnerabilidad de desbordamiento del búfer basada en pila a través del parámetro deviceId en ip/goform/saveParentControlInfo. • https://palm-vertebra-fe9.notion.site/saveParentControlInfo_1-7c9695d0251945ae8006db705b9b80ac • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVE-2024-33182
https://notcve.org/view.php?id=CVE-2024-33182
Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/addWifiMacFilter. Se descubrió que Tenda AC18 V15.03.3.10_EN contiene una vulnerabilidad de desbordamiento del búfer basada en pila a través del parámetro deviceId en ip/goform/addWifiMacFilter. • https://palm-vertebra-fe9.notion.site/addWifiMacFilter_1-067fa6984f0d4933b88c63efd7486479 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2024-35338
https://notcve.org/view.php?id=CVE-2024-35338
Tenda i29V1.0 V1.0.0.5 was discovered to contain a hardcoded password for root. Se descubrió que Tenda i29V1.0 V1.0.0.5 contenía una contraseña codificada para root. • https://palm-vertebra-fe9.notion.site/hardcode_i29-e1ed38dde00145d9a6be1ad2b4581259 • CWE-798: Use of Hard-coded Credentials •
CVE-2024-36604
https://notcve.org/view.php?id=CVE-2024-36604
Tenda O3V2 v1.0.0.12(3880) was discovered to contain a Blind Command Injection via stpEn parameter in the SetStp function. This vulnerability allows attackers to execute arbitrary commands with root privileges. Se descubrió que Tenda O3V2 v1.0.0.12(3880) contenía una inyección de comando ciego a través del parámetro stpEn en la función SetStp. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios con privilegios de root. • https://exzettabyte.me/blind-command-injection-in-stp-service-on-tenda-o3v2 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •