CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-37144
https://notcve.org/view.php?id=CVE-2023-37144
Tenda AC10 v15.03.06.26 was discovered to contain a command injection vulnerability via the mac parameter in the function formWriteFacMac. • https://github.com/DaDong-G/Vulnerability_info/blob/main/ac10_command_injection/Readme.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-26243
https://notcve.org/view.php?id=CVE-2022-26243
Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow in the setSmartPowerManagement function. Se ha detectado que Tenda AC10-1200 versión v15.03.06.23_ES, contiene un desbordamiento de búfer en la función setSmartPowerManagement • https://noob3xploiter.medium.com/hacking-the-tenda-ac10-1200-router-part-4-sscanf-buffer-overflow-75ae0e06abb6 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-38772
https://notcve.org/view.php?id=CVE-2021-38772
Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function. Se ha detectado que Tenda AC10-1200 versión v15.03.06.23_ES, contenía un desbordamiento de búfer por medio del parámetro list en la función fromSetIpMacBind • https://noob3xploiter.medium.com/hacking-the-tenda-ac10-1200-router-part-3-yet-another-buffer-overflow-4eb322f64823 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-38278
https://notcve.org/view.php?id=CVE-2021-38278
Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow via the urls parameter in the saveParentControlInfo function. Se ha detectado que Tenda AC10-1200 versión v15.03.06.23_ES, contenía un desbordamiento de búfer por medio del parámetro urls en la función saveParentControlInfo • https://noob3xploiter.medium.com/hacking-the-tenda-ac10-1200-router-part-2-strcpy-buffer-overflow-92cd88e1d503 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 1CVE-2018-16333
https://notcve.org/view.php?id=CVE-2018-16333
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server. While processing the ssid parameter for a POST request, the value is directly used in a sprintf call to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow. Se ha descubierto un problema en dispositivos Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN y AC18 V15.03.05.19(6318)_CN. Hay una vulnerabilidad de desbordamiento de búfer en el servidor web del router. • https://github.com/ZIllR0/Routers/blob/master/Tenda/oob1.md • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •