Filtered by vendor Tenda
Subscribe
Total
609 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-4744 | 1 Tenda | 2 Ac8, Ac8 Firmware | 2024-05-17 | 10.0 HIGH | 9.8 CRITICAL |
A vulnerability was found in Tenda AC8 16.03.34.06_cn_TDC01. It has been declared as critical. Affected by this vulnerability is the function formSetDeviceName. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-238633 was assigned to this vulnerability. | |||||
CVE-2023-2923 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2024-05-17 | 6.5 MEDIUM | 9.8 CRITICAL |
A vulnerability classified as critical was found in Tenda AC6 US_AC6V1.0BR_V15.03.05.19. Affected by this vulnerability is the function fromDhcpListClient. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230077 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2023-2649 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2024-05-17 | 8.3 HIGH | 8.8 HIGH |
A vulnerability was found in Tenda AC23 16.03.07.45_cn. It has been declared as critical. This vulnerability affects unknown code of the file /bin/ate of the component Service Port 7329. The manipulation of the argument v2 leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-228778 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2023-0782 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2024-05-17 | 8.3 HIGH | 9.8 CRITICAL |
A vulnerability was found in Tenda AC23 16.03.07.45 and classified as critical. Affected by this issue is the function formSetSysToolDDNS/formGetSysToolDDNS of the file /bin/httpd. The manipulation leads to out-of-bounds write. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220640. | |||||
CVE-2024-24543 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2024-02-14 | N/A | 9.8 CRITICAL |
Buffer Overflow vulnerability in the function setSchedWifi in Tenda AC9 v.3.0, firmware version v.15.03.06.42_multi allows a remote attacker to cause a denial of service or run arbitrary code via crafted overflow data. | |||||
CVE-2022-35201 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2024-02-14 | N/A | 9.8 CRITICAL |
Tenda-AC18 V15.03.05.05 was discovered to contain a remote command execution (RCE) vulnerability. | |||||
CVE-2021-44971 | 1 Tenda | 4 Ac15, Ac15 Firmware, Ac5 and 1 more | 2024-02-14 | 7.5 HIGH | 9.8 CRITICAL |
Multiple Tenda devices are affected by authentication bypass, such as AC15V1.0 Firmware V15.03.05.20_multi?AC5V1.0 Firmware V15.03.06.48_multi and so on. an attacker can obtain sensitive information, and even combine it with authenticated command injection to implement RCE. | |||||
CVE-2022-45506 | 1 Tenda | 2 W30e, W30e Firmware | 2024-02-05 | N/A | 9.8 CRITICAL |
Tenda W30E v1.0.1.25(633) was discovered to contain a command injection vulnerability via the fileNameMit parameter at /goform/delFileName. | |||||
CVE-2023-51098 | 1 Tenda | 2 W9, W9 Firmware | 2024-02-05 | N/A | 9.8 CRITICAL |
Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formSetDiagnoseInfo . | |||||
CVE-2023-49047 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2024-02-05 | N/A | 7.5 HIGH |
Tenda AX1803 v1.0.0.1 contains a stack overflow via the devName parameter in the function formSetDeviceName. | |||||
CVE-2023-49431 | 1 Tenda | 2 Ax9, Ax9 Firmware | 2024-02-05 | N/A | 9.8 CRITICAL |
Tenda AX9 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac' parameter at /goform/SetOnlineDevName. | |||||
CVE-2023-45483 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2024-02-05 | N/A | 9.8 CRITICAL |
Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the time parameter in the function compare_parentcontrol_time. | |||||
CVE-2023-51099 | 1 Tenda | 2 W9, W9 Firmware | 2024-02-05 | N/A | 9.8 CRITICAL |
Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formexeCommand . | |||||
CVE-2023-51090 | 1 Tenda | 2 M3, M3 Firmware | 2024-02-05 | N/A | 9.8 CRITICAL |
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function formGetWeiXinConfig. | |||||
CVE-2023-49406 | 1 Tenda | 2 W30e, W30e Firmware | 2024-02-05 | N/A | 9.8 CRITICAL |
Tenda W30E V16.01.0.12(4843) was discovered to contain a Command Execution vulnerability via the function /goform/telnet. | |||||
CVE-2023-49999 | 1 Tenda | 2 W30e, W30e Firmware | 2024-02-05 | N/A | 9.8 CRITICAL |
Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setUmountUSBPartition. | |||||
CVE-2023-50002 | 1 Tenda | 2 W30e, W30e Firmware | 2024-02-05 | N/A | 9.8 CRITICAL |
Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formRebootMeshNode. | |||||
CVE-2023-49402 | 1 Tenda | 2 W30e, W30e Firmware | 2024-02-05 | N/A | 9.8 CRITICAL |
Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function localMsg. | |||||
CVE-2023-49433 | 1 Tenda | 2 Ax9, Ax9 Firmware | 2024-02-05 | N/A | 9.8 CRITICAL |
Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetVirtualServerCfg. | |||||
CVE-2023-49426 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2024-02-05 | N/A | 9.8 CRITICAL |
Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetStaticRouteCfg. |