CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 1CVE-2023-38932
https://notcve.org/view.php?id=CVE-2023-38932
07 Aug 2023 — Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the page parameter in the SafeEmailFilter function. • https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/formSafeEmailFilter • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 1CVE-2023-38938
https://notcve.org/view.php?id=CVE-2023-38938
07 Aug 2023 — Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the page parameter at /L7Im. • https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/frmL7ImForm • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2023-38939
https://notcve.org/view.php?id=CVE-2023-38939
07 Aug 2023 — Tenda F1202 V1.2.0.9 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the mit_ssid parameter in the formWrlsafeset function. • https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/formWrlsafeset • CWE-787: Out-of-bounds Write •
CVSS: 8.0EPSS: 0%CPEs: 6EXPL: 0CVE-2017-9138
https://notcve.org/view.php?id=CVE-2017-9138
21 May 2017 — There is a debug-interface vulnerability on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). After connecting locally to a router in a wired or wireless manner, one can bypass intended access restrictions by sending shell commands directly and reading their results, or by entering shell commands that change this router's username and password. Hay una vulnerabilidad de la interfaz de depuración en algunos routers Tenda (FH1202/F1202/F1200: versiones anteriores a 1.2.0.20). Después de conec... • http://www.tendacn.com/en/2017.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 3.5EPSS: 0%CPEs: 6EXPL: 0CVE-2017-9139
https://notcve.org/view.php?id=CVE-2017-9139
21 May 2017 — There is a stack-based buffer overflow on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). Crafted POST requests to an unspecified URL result in DoS, interrupting the HTTP service (used to login to the web UI of a router) for 1 to 2 seconds. Hay desbordamiento de búfer en la región stack de la memoria en algunos routers Tenda (FH1202/F1202/F1200: versiones anteriores a 1.2.0.20). Las peticiones POST diseñadas a una dirección URL no especificada dan como resultado una DoS, interrumpiendo el... • http://www.tendacn.com/en/2017.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •