Vulnerabilities > Tenda

DATE CVE VULNERABILITY TITLE RISK
2023-05-11 CVE-2023-2649 Unspecified vulnerability in Tenda Ac23 Firmware 16.03.07.45Cn
A vulnerability was found in Tenda AC23 16.03.07.45_cn.
network
low complexity
tenda
8.8
2023-05-10 CVE-2023-30351 Inadequate Encryption Strength vulnerability in Tenda CP3 Firmware 11.10.00.2211041355
Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for root which is stored using weak encryption.
network
low complexity
tenda CWE-326
7.5
2023-05-10 CVE-2023-30352 Use of Hard-coded Credentials vulnerability in Tenda CP3 Firmware 11.10.00.2211041355
Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for the RTSP feed.
network
low complexity
tenda CWE-798
critical
9.8
2023-05-10 CVE-2023-30353 Command Injection vulnerability in Tenda CP3 Firmware 11.10.00.2211041355
Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 allows unauthenticated remote code execution via an XML document.
network
low complexity
tenda CWE-77
critical
9.8
2023-05-10 CVE-2023-30354 Cleartext Transmission of Sensitive Information vulnerability in Tenda CP3 Firmware 11.10.00.2211041355
Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 does not defend against physical access to U-Boot via the UART: the Wi-Fi password is shown, and the hardcoded boot password can be inserted for console access.
network
low complexity
tenda CWE-319
critical
9.8
2023-05-10 CVE-2023-30356 Improper Validation of Integrity Check Value vulnerability in Tenda CP3 Firmware 11.10.00.2211041355
Missing Support for an Integrity Check in Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 allows attackers to update the device with crafted firmware
network
low complexity
tenda CWE-354
7.5
2023-05-05 CVE-2023-30135 Command Injection vulnerability in Tenda Ac18 Firmware 15.03.05.19(6318)Cn
Tenda AC18 v15.03.05.19(6318_)_cn was discovered to contain a command injection vulnerability via the deviceName parameter in the setUsbUnload function.
network
low complexity
tenda CWE-77
critical
9.8
2023-05-01 CVE-2023-29680 Cleartext Transmission of Sensitive Information vulnerability in Tenda N301 Firmware 12.03.01.06Pt
Cleartext Transmission in set-cookie:ecos_pw: Tenda N301 v6.0, Firmware v12.02.01.61_multi allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password.
low complexity
tenda CWE-319
5.7
2023-05-01 CVE-2023-29681 Cleartext Transmission of Sensitive Information vulnerability in Tenda N301 Firmware 12.02.01.61Multi
Cleartext Transmission in cookie:ecos_pw: in Tenda N301 v6.0, firmware v12.03.01.06_pt allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password.
low complexity
tenda CWE-319
5.7
2023-04-24 CVE-2023-30370 Out-of-bounds Write vulnerability in Tenda Ac15 Firmware 15.03.05.19
In Tenda AC15 V15.03.05.19, the function GetValue contains a stack-based buffer overflow vulnerability.
network
low complexity
tenda CWE-787
critical
9.8