Vulnerabilities > Tenda

DATE CVE VULNERABILITY TITLE RISK
2022-12-16 CVE-2022-46109 Out-of-bounds Write vulnerability in Tenda Ac10 Firmware 15.03.06.23
Tenda AC15 V15.03.06.23 is vulnerable to Buffer Overflow via function formSetClientState.
network
low complexity
tenda CWE-787
7.5
7.5
2022-12-12 CVE-2022-45996 OS Command Injection vulnerability in Tenda W20E Firmware 16.01.0.6(3392)
Tenda W20E V16.01.0.6(3392) is vulnerable to Command injection via cmd_get_ping_output.
network
low complexity
tenda CWE-78
7.2
7.2
2022-12-12 CVE-2022-45997 Classic Buffer Overflow vulnerability in Tenda W20E Firmware 16.01.0.6(3392)
Tenda W20E V16.01.0.6(3392) is vulnerable to Buffer Overflow.
network
low complexity
tenda CWE-120
7.2
7.2
2022-12-12 CVE-2022-45043 OS Command Injection vulnerability in Tenda Ax12 Firmware 22.03.01.16Cn
Tenda AX12 V22.03.01.16_cn is vulnerable to command injection via goform/fast_setting_internet_set.
network
low complexity
tenda CWE-78
8.8
8.8
2022-12-12 CVE-2022-45977 OS Command Injection vulnerability in Tenda Ax12 Firmware 22.03.01.21Cn
Tenda AX12 V22.03.01.21_CN was found to have a command injection vulnerability via /goform/setMacFilterCfg function.
network
low complexity
tenda CWE-78
8.8
8.8
2022-12-12 CVE-2022-45979 Out-of-bounds Write vulnerability in Tenda Ax12 Firmware 22.03.01.21Cn
Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the ssid parameter at /goform/fast_setting_wifi_set .
network
low complexity
tenda CWE-787
7.5
7.5
2022-12-12 CVE-2022-45980 Cross-Site Request Forgery (CSRF) vulnerability in Tenda Ax12 Firmware 22.03.01.21Cn
Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via /goform/SysToolRestoreSet .
network
low complexity
tenda CWE-352
8.8
8.8
2022-12-08 CVE-2022-44931 Out-of-bounds Write vulnerability in Tenda A18 Firmware 15.13.07.09
Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the security_5g parameter at /goform/WifiBasicSet.
network
low complexity
tenda CWE-787
7.5
7.5
2022-12-08 CVE-2022-44932 Unspecified vulnerability in Tenda A18 Firmware 15.13.07.09
An access control issue in Tenda A18 v15.13.07.09 allows unauthenticated attackers to access the Telnet service.
network
low complexity
tenda
7.5
7.5
2022-12-08 CVE-2022-45497 OS Command Injection vulnerability in Tenda W6-S Firmware 1.0.0.4(510)
Tenda W6-S v1.0.0.4(510) was discovered to contain a command injection vulnerability in the tpi_get_ping_output function at /goform/exeCommand.
network
low complexity
tenda CWE-78
critical
 9.8
9.8