7 results (0.016 seconds)

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1

Tenda AC10 v15.03.06.26 was discovered to contain a command injection vulnerability via the mac parameter in the function formWriteFacMac. • https://github.com/DaDong-G/Vulnerability_info/blob/main/ac10_command_injection/Readme.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1

Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow in the setSmartPowerManagement function. Se ha detectado que Tenda AC10-1200 versión v15.03.06.23_ES, contiene un desbordamiento de búfer en la función setSmartPowerManagement • https://noob3xploiter.medium.com/hacking-the-tenda-ac10-1200-router-part-4-sscanf-buffer-overflow-75ae0e06abb6 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1

Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function. Se ha detectado que Tenda AC10-1200 versión v15.03.06.23_ES, contenía un desbordamiento de búfer por medio del parámetro list en la función fromSetIpMacBind • https://noob3xploiter.medium.com/hacking-the-tenda-ac10-1200-router-part-3-yet-another-buffer-overflow-4eb322f64823 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1

Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow via the urls parameter in the saveParentControlInfo function. Se ha detectado que Tenda AC10-1200 versión v15.03.06.23_ES, contenía un desbordamiento de búfer por medio del parámetro urls en la función saveParentControlInfo • https://noob3xploiter.medium.com/hacking-the-tenda-ac10-1200-router-part-2-strcpy-buffer-overflow-92cd88e1d503 • CWE-787: Out-of-bounds Write •

CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 1

An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection. "Se ha descubierto un problema en dispositivos Tenda AC9 V15.03.05.19(6318)_CN y AC10 V15.03.06.23_CN. El parámetro mac en una petición POST se emplea directamente en una llamada doSystemCmd, provocando la inyección de comandos del sistema operativo." • https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-04/tenda.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •