Vulnerabilities > Tenda > AX3 Firmware > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-04 | CVE-2023-51812 | Unspecified vulnerability in Tenda AX3 Firmware 16.03.12.11 Tenda AX3 v16.03.12.11 was discovered to contain a remote code execution (RCE) vulnerability via the list parameter at /goform/SetNetControlList. | 9.8 |
| 2023-12-07 | CVE-2023-49409 | Unspecified vulnerability in Tenda AX3 Firmware 16.03.12.11 Tenda AX3 V16.03.12.11 was discovered to contain a Command Execution vulnerability via the function /goform/telnet. | 9.8 |
| 2023-12-07 | CVE-2023-49408 | Out-of-bounds Write vulnerability in Tenda AX3 Firmware 16.03.12.11 Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the function set_device_name. | 9.8 |
| 2023-03-15 | CVE-2023-27240 | Command Injection vulnerability in Tenda AX3 Firmware 16.03.12.11 Tenda AX3 V16.03.12.11 was discovered to contain a command injection vulnerability via the lanip parameter at /goform/AdvSetLanip. | 9.8 |
| 2023-03-15 | CVE-2023-27239 | Out-of-bounds Write vulnerability in Tenda AX3 Firmware 16.03.12.11 Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the shareSpeed parameter at /goform/WifiGuestSet. | 9.8 |
| 2023-02-23 | CVE-2023-24212 | Out-of-bounds Write vulnerability in Tenda AX3 Firmware 16.03.12.11 Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the timeType function at /goform/SetSysTimeCfg. | 9.8 |
| 2022-03-10 | CVE-2022-24995 | Out-of-bounds Write vulnerability in Tenda AX3 Firmware 16.03.12.10Cn Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. | 9.8 |
| 2022-03-04 | CVE-2021-46394 | Out-of-bounds Write vulnerability in Tenda AX3 Firmware 16.03.12.10 There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. | 9.8 |
| 2022-03-04 | CVE-2021-46393 | Out-of-bounds Write vulnerability in Tenda AX3 Firmware 16.03.12.10 There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. | 9.8 |
| 2022-02-04 | CVE-2022-24150 | Command Injection vulnerability in Tenda AX3 Firmware 16.03.12.10Cn Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function formSetSafeWanWebMan. | 9.8 |