Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2025-01-16 CVE-2024-57575 Out-of-bounds Write vulnerability in Tenda Ac18 Firmware 15.03.05.19
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.
network
low complexity
tenda CWE-787
critical
 9.8
9.8
2025-01-16 CVE-2024-57579 Out-of-bounds Write vulnerability in Tenda Ac18 Firmware 15.03.05.19
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the limitSpeedUp parameter in the formSetClientState function.
network
low complexity
tenda CWE-787
critical
 9.8
9.8
2025-01-16 CVE-2024-57580 Out-of-bounds Write vulnerability in Tenda Ac18 Firmware 15.03.05.19
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function.
network
low complexity
tenda CWE-787
critical
 9.8
9.8
2025-01-16 CVE-2024-57581 Out-of-bounds Write vulnerability in Tenda Ac18 Firmware 15.03.05.19
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function.
network
low complexity
tenda CWE-787
critical
 9.8
9.8
2025-01-16 CVE-2024-57582 Out-of-bounds Write vulnerability in Tenda Ac18 Firmware 15.03.05.19
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the startIP parameter in the formSetPPTPServer function.
network
low complexity
tenda CWE-787
critical
 9.8
9.8
2025-01-16 CVE-2024-57583 Command Injection vulnerability in Tenda Ac18 Firmware 15.03.05.19
Tenda AC18 V15.03.05.19 was discovered to contain a command injection vulnerability via the usbName parameter in the formSetSambaConf function.
network
low complexity
tenda CWE-77
critical
 9.8
9.8
2025-01-16 CVE-2024-50563 Unspecified vulnerability in Fortinet products
A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack.
network
low complexity
fortinet
critical
 9.8
9.8
2025-01-16 CVE-2024-48885 Path Traversal vulnerability in Fortinet products
A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiRecorder versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4, FortiWeb versions 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10, 6.4.0 through 6.4.3, FortiVoice versions 7.0.0 through 7.0.4, 6.4.0 through 6.4.9, 6.0.0 through 6.0.12 allows attacker to escalate privilege via specially crafted packets.
network
low complexity
fortinet CWE-22
critical
 9.1
9.1
2025-01-16 CVE-2025-0455 The airPASS from NetVision Information has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
network
low complexity
CWE-89
critical
 9.8
9.8
2025-01-16 CVE-2025-0456 The airPASS from NetVision Information has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access the specific administrative functionality to retrieve * all accounts and passwords.
network
low complexity
CWE-306
critical
 9.8
9.8