Vulnerabilities > Tenda > M3 Firmware > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-12-26 CVE-2023-51094 OS Command Injection vulnerability in Tenda M3 Firmware 1.0.0.12(4856)
Tenda M3 V1.0.0.12(4856) was discovered to contain a Command Execution vulnerability via the function TendaTelnet.
network
low complexity
tenda CWE-78
critical
 9.8
9.8
2023-12-26 CVE-2023-51093 Out-of-bounds Write vulnerability in Tenda M3 Firmware 1.0.0.12(4856)
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function fromSetLocalVlanInfo.
network
low complexity
tenda CWE-787
critical
 9.8
9.8
2023-12-26 CVE-2023-51092 Out-of-bounds Write vulnerability in Tenda M3 Firmware 1.0.0.12(4856)
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function upgrade.
network
low complexity
tenda CWE-787
critical
 9.8
9.8
2023-12-26 CVE-2023-51091 Out-of-bounds Write vulnerability in Tenda M3 Firmware 1.0.0.12(4856)
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function R7WebsSecurityHandler.
network
low complexity
tenda CWE-787
critical
 9.8
9.8
2023-12-26 CVE-2023-51090 Out-of-bounds Write vulnerability in Tenda M3 Firmware 1.0.0.12(4856)
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function formGetWeiXinConfig.
network
low complexity
tenda CWE-787
critical
 9.8
9.8
2023-12-26 CVE-2023-51095 Out-of-bounds Write vulnerability in Tenda M3 Firmware 1.0.0.12(4856)
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function formDelWlRfPolicy.
network
low complexity
tenda CWE-787
critical
 9.8
9.8
2022-03-24 CVE-2022-27083 Command Injection vulnerability in Tenda M3 Firmware 1.0.0.12(4856)
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadAccessCodePic.
network
low complexity
tenda CWE-77
critical
 9.8
9.8
2022-03-24 CVE-2022-27082 Command Injection vulnerability in Tenda M3 Firmware 1.0.0.12(4856)
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetInternetLanInfo.
network
low complexity
tenda CWE-77
critical
 9.8
9.8
2022-03-24 CVE-2022-27081 Command Injection vulnerability in Tenda M3 Firmware 1.0.0.12(4856)
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetLanInfo.
network
low complexity
tenda CWE-77
critical
 9.8
9.8
2022-03-24 CVE-2022-27080 Command Injection vulnerability in Tenda M3 Firmware 1.0.0.12(4856)
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setWorkmode.
network
low complexity
tenda CWE-77
critical
 9.8
9.8