Vulnerabilities > Tenda

DATE CVE VULNERABILITY TITLE RISK
2022-12-12 CVE-2022-45043 OS Command Injection vulnerability in Tenda Ax12 Firmware 22.03.01.16Cn
Tenda AX12 V22.03.01.16_cn is vulnerable to command injection via goform/fast_setting_internet_set.
network
low complexity
tenda CWE-78
8.8
8.8
2022-12-12 CVE-2022-45977 OS Command Injection vulnerability in Tenda Ax12 Firmware 22.03.01.21Cn
Tenda AX12 V22.03.01.21_CN was found to have a command injection vulnerability via /goform/setMacFilterCfg function.
network
low complexity
tenda CWE-78
8.8
8.8
2022-12-12 CVE-2022-45979 Out-of-bounds Write vulnerability in Tenda Ax12 Firmware 22.03.01.21Cn
Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the ssid parameter at /goform/fast_setting_wifi_set .
network
low complexity
tenda CWE-787
7.5
7.5
2022-12-12 CVE-2022-45980 Cross-Site Request Forgery (CSRF) vulnerability in Tenda Ax12 Firmware 22.03.01.21Cn
Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via /goform/SysToolRestoreSet .
network
low complexity
tenda CWE-352
8.8
8.8
2022-12-08 CVE-2022-44931 Out-of-bounds Write vulnerability in Tenda A18 Firmware 15.13.07.09
Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the security_5g parameter at /goform/WifiBasicSet.
network
low complexity
tenda CWE-787
7.5
7.5
2022-12-08 CVE-2022-44932 Unspecified vulnerability in Tenda A18 Firmware 15.13.07.09
An access control issue in Tenda A18 v15.13.07.09 allows unauthenticated attackers to access the Telnet service.
network
low complexity
tenda
7.5
7.5
2022-12-08 CVE-2022-45497 OS Command Injection vulnerability in Tenda W6-S Firmware 1.0.0.4(510)
Tenda W6-S v1.0.0.4(510) was discovered to contain a command injection vulnerability in the tpi_get_ping_output function at /goform/exeCommand.
network
low complexity
tenda CWE-78
critical
 9.8
9.8
2022-12-08 CVE-2022-45498 Unspecified vulnerability in Tenda W6-S Firmware 1.0.0.4(510)
An issue in the component tpi_systool_handle(0) (/goform/SysToolReboot) of Tenda W6-S v1.0.0.4(510) allows unauthenticated attackers to arbitrarily reboot the device.
network
low complexity
tenda
7.5
7.5
2022-12-08 CVE-2022-45499 Out-of-bounds Write vulnerability in Tenda W6-S Firmware 1.0.0.4(510)
Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /goform/WifiMacFilterGet.
network
low complexity
tenda CWE-787
7.5
7.5
2022-12-08 CVE-2022-45501 Out-of-bounds Write vulnerability in Tenda W6-S Firmware 1.0.0.4(510)
Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /goform/wifiSSIDset.
network
low complexity
tenda CWE-787
7.5
7.5