Filtered by vendor Tendacn
Subscribe
Total
106 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-5770 | 1 Tendacn | 2 Ac15, Ac15 Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered on Tenda AC15 devices. A remote, unauthenticated attacker can make a request to /goform/telnet, creating a telnetd service on the device. This service is password protected; however, several default accounts exist on the device that are root accounts, which can be used to log in. | |||||
CVE-2018-5767 | 1 Tendacn | 2 Ac15, Ac15 Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered on Tenda AC15 V15.03.1.16_multi devices. A remote, unauthenticated attacker can gain remote code execution on the device with a crafted password parameter for the COOKIE header. | |||||
CVE-2018-7561 | 2 Tenda, Tendacn | 2 Ac9, Ac9 Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Stack-based Buffer Overflow in httpd on Tenda AC9 devices V15.03.05.14_EN allows remote attackers to cause a denial of service or possibly have unspecified other impact. | |||||
CVE-2018-5768 | 1 Tendacn | 2 Ac15, Ac15 Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
A remote, unauthenticated attacker can gain remote code execution on the the Tenda AC15 router with a specially crafted password parameter for the COOKIE header. | |||||
CVE-2017-9138 | 1 Tendacn | 6 F1200, F1200 Firmware, F1202 and 3 more | 2024-02-04 | 7.7 HIGH | 8.0 HIGH |
There is a debug-interface vulnerability on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). After connecting locally to a router in a wired or wireless manner, one can bypass intended access restrictions by sending shell commands directly and reading their results, or by entering shell commands that change this router's username and password. | |||||
CVE-2017-9139 | 1 Tendacn | 6 F1200, F1200 Firmware, F1202 and 3 more | 2024-02-04 | 2.7 LOW | 3.5 LOW |
There is a stack-based buffer overflow on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). Crafted POST requests to an unspecified URL result in DoS, interrupting the HTTP service (used to login to the web UI of a router) for 1 to 2 seconds. |