CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-37144
https://notcve.org/view.php?id=CVE-2023-37144
Tenda AC10 v15.03.06.26 was discovered to contain a command injection vulnerability via the mac parameter in the function formWriteFacMac. • https://github.com/DaDong-G/Vulnerability_info/blob/main/ac10_command_injection/Readme.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-26243
https://notcve.org/view.php?id=CVE-2022-26243
Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow in the setSmartPowerManagement function. Se ha detectado que Tenda AC10-1200 versión v15.03.06.23_ES, contiene un desbordamiento de búfer en la función setSmartPowerManagement • https://noob3xploiter.medium.com/hacking-the-tenda-ac10-1200-router-part-4-sscanf-buffer-overflow-75ae0e06abb6 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-38772
https://notcve.org/view.php?id=CVE-2021-38772
Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function. Se ha detectado que Tenda AC10-1200 versión v15.03.06.23_ES, contenía un desbordamiento de búfer por medio del parámetro list en la función fromSetIpMacBind • https://noob3xploiter.medium.com/hacking-the-tenda-ac10-1200-router-part-3-yet-another-buffer-overflow-4eb322f64823 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-38278
https://notcve.org/view.php?id=CVE-2021-38278
Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow via the urls parameter in the saveParentControlInfo function. Se ha detectado que Tenda AC10-1200 versión v15.03.06.23_ES, contenía un desbordamiento de búfer por medio del parámetro urls en la función saveParentControlInfo • https://noob3xploiter.medium.com/hacking-the-tenda-ac10-1200-router-part-2-strcpy-buffer-overflow-92cd88e1d503 • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 1CVE-2018-16334
https://notcve.org/view.php?id=CVE-2018-16334
An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection. "Se ha descubierto un problema en dispositivos Tenda AC9 V15.03.05.19(6318)_CN y AC10 V15.03.06.23_CN. El parámetro mac en una petición POST se emplea directamente en una llamada doSystemCmd, provocando la inyección de comandos del sistema operativo." • https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-04/tenda.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •