CVE-2024-2854 – Tenda AC18 setsambacfg formSetSambaConf os command injection
https://notcve.org/view.php?id=CVE-2024-2854
A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formSetSambaConf.md https://vuldb.com/?ctiid.257778 https://vuldb.com/?id.257778 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2024-28553
https://notcve.org/view.php?id=CVE-2024-28553
Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the entrys parameter fromAddressNat function. Tenda AC18 V15.03.05.05 tiene una vulnerabilidad de desbordamiento de pila en el parámetro de entradas de la función AddressNat. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/fromAddressNat_entrys.md • CWE-787: Out-of-bounds Write •
CVE-2024-28535
https://notcve.org/view.php?id=CVE-2024-28535
Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the mitInterface parameter of fromAddressNat function. Tenda AC18 V15.03.05.05 tiene una vulnerabilidad de desbordamiento de pila en el parámetro mitInterface de la función fromAddressNat. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/fromAddressNat_mitInterface.md • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2022-44174
https://notcve.org/view.php?id=CVE-2022-44174
Tenda AC18 V15.03.05.05 is vulnerable to Buffer Overflow via function formSetDeviceName. Tenda AC18 V15.03.05.05 es vulnerable al desbordamiento del búfer a través de la función formSetDeviceName. • https://github.com/RobinWang825/IoT_vuln/blob/main/Tenda/AC18/formSetDeviceName_05/Tenda_AC18_V15.03.05.05_Vuln_devName.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2022-38313
https://notcve.org/view.php?id=CVE-2022-38313
Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the time parameter at /goform/saveParentControlInfo. Se ha detectado que Tenda AC18 router versiones v15.03.05.19 y v15.03.05.05, contiene un desbordamiento de pila por el parámetro time en /goform/saveParentControlInfo • https://github.com/rickytriky/NWPU_Projct/tree/main/Tenda/AC18/2 • CWE-787: Out-of-bounds Write •