Vulnerabilities > Tenda > AC6 Firmware

DATE CVE VULNERABILITY TITLE RISK
2023-08-07 CVE-2023-38931 Out-of-bounds Write vulnerability in Tenda products
Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and FH1203 V2.0.1.6 were discovered to contain a stack overflow via the list parameter in the setaccount function.
network
low complexity
tenda CWE-787
critical
 9.8
9.8
2023-08-07 CVE-2023-38933 Out-of-bounds Write vulnerability in Tenda products
Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6 and AC9 V3.0 V15.03.06.42_multi, and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function.
network
low complexity
tenda CWE-787
critical
 9.8
9.8
2023-08-07 CVE-2023-38936 Out-of-bounds Write vulnerability in Tenda products
Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6, AC9 V3.0 V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function.
network
low complexity
tenda CWE-787
critical
 9.8
9.8
2023-08-07 CVE-2023-38937 Out-of-bounds Write vulnerability in Tenda products
Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, AC9 V3.0 V15.03.06.42_multi and AC10 v4.0 V16.03.10.13 were discovered to contain a stack overflow via the list parameter in the formSetVirtualSer function.
network
low complexity
tenda CWE-787
critical
 9.8
9.8
2023-06-26 CVE-2022-40010 Cross-site Scripting vulnerability in Tenda AC6 Firmware 15.03.06.50Multi
Tenda AC6 AC1200 Smart Dual-Band WiFi Router 15.03.06.50_multi was discovered to contain a cross-site scripting (XSS) vulnerability via the deviceId parameter in the Parental Control module.
network
low complexity
tenda CWE-79
5.4
5.4
2023-05-27 CVE-2023-2923 Out-of-bounds Write vulnerability in Tenda AC6 Firmware Usac6V1.0Brv15.03.05.19
A vulnerability classified as critical was found in Tenda AC6 US_AC6V1.0BR_V15.03.05.19.
network
low complexity
tenda CWE-787
critical
 9.8
9.8
2023-04-04 CVE-2023-26976 Out-of-bounds Write vulnerability in Tenda AC6 Firmware 15.03.05.09
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.
network
low complexity
tenda CWE-787
7.5
7.5
2022-12-02 CVE-2022-45641 Classic Buffer Overflow vulnerability in Tenda AC6 Firmware 15.03.05.19
Tenda AC6V1.0 V15.03.05.19 is vulnerable to Buffer Overflow via formSetMacFilterCfg.
network
low complexity
tenda CWE-120
7.5
7.5
2022-12-02 CVE-2022-45673 Cross-Site Request Forgery (CSRF) vulnerability in Tenda AC6 Firmware 15.03.05.19
Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet.
network
low complexity
tenda CWE-352
6.5
6.5
2022-12-02 CVE-2022-45674 Cross-Site Request Forgery (CSRF) vulnerability in Tenda AC6 Firmware 15.03.05.19
Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.
network
low complexity
tenda CWE-352
6.5
6.5