Vulnerabilities > Tenda > Ax1803 Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-20 | CVE-2023-48110 | Out-of-bounds Write vulnerability in Tenda Ax1803 Firmware 1.0.0.1 Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow via the urls parameter in the function saveParentControlInfo . | 7.5 |
| 2023-11-20 | CVE-2023-48111 | Out-of-bounds Write vulnerability in Tenda Ax1803 Firmware 1.0.0.1 Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the time parameter in the function saveParentControlInfo . | 7.5 |
| 2023-11-14 | CVE-2022-45781 | Out-of-bounds Write vulnerability in Tenda Ax1803 Firmware 1.0.0.1/1.0.0.12890 Buffer Overflow vulnerability in Tenda AX1803 v1.0.0.1_2994 and earlier allows attackers to run arbitrary code via /goform/SetOnlineDevName. | 8.8 |
| 2022-10-27 | CVE-2022-40876 | Out-of-bounds Write vulnerability in Tenda Ax1803 Firmware 1.0.0.1 In Tenda ax1803 v1.0.0.1, the http requests handled by the fromAdvSetMacMtuWan functions, wanSpeed, cloneType, mac, can cause a stack overflow and enable remote code execution (RCE). | 9.8 |
| 2022-10-27 | CVE-2022-40874 | Out-of-bounds Write vulnerability in Tenda Ax1803 Firmware 1.0.0.1 Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow vulnerability in the GetParentControlInfo function, which can cause a denial of service attack through a carefully constructed http request. | 7.5 |
| 2022-10-27 | CVE-2022-40875 | Out-of-bounds Write vulnerability in Tenda Ax1803 Firmware 1.0.0.1 Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow in the function GetParentControlInfo. | 7.5 |
| 2022-10-12 | CVE-2022-42086 | Cross-Site Request Forgery (CSRF) vulnerability in Tenda Ax1803 Firmware 1.0.0.12994Cnzgyd014 Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function TendaAteMode. | 6.5 |
| 2022-10-12 | CVE-2022-42087 | Cross-Site Request Forgery (CSRF) vulnerability in Tenda Ax1803 Firmware 1.0.0.12994Cnzgyd014 Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. | 6.5 |
| 2022-07-06 | CVE-2022-34595 | OS Command Injection vulnerability in Tenda Ax1803 Firmware 1.0.0.12890 Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function setipv6status. | 9.8 |
| 2022-07-06 | CVE-2022-34596 | OS Command Injection vulnerability in Tenda Ax1803 Firmware 1.0.0.12890 Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function WanParameterSetting. | 9.8 |