Vulnerabilities > Tenda

DATE CVE VULNERABILITY TITLE RISK
2022-02-11 CVE-2020-26728 Unspecified vulnerability in Tenda AC9 Firmware 15.03.05.19(6318)Cn/15.03.06.42Multi
A vulnerability was discovered in Tenda AC9 v3.0 V15.03.06.42_multi and Tenda AC9 V1.0 V15.03.05.19(6318)_CN which allows for remote code execution via shell metacharacters in the guestuser field to the __fastcall function with a POST request.
network
low complexity
tenda
critical
 9.8
9.8
2022-02-04 CVE-2022-24142 Out-of-bounds Write vulnerability in Tenda AX3 Firmware 16.03.12.10Cn
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetFirewallCfg.
network
low complexity
tenda CWE-787
7.5
7.5
2022-02-04 CVE-2022-24143 Out-of-bounds Write vulnerability in Tenda Ax12 Firmware and AX3 Firmware
Tenda AX3 v16.03.12.10_CN and AX12 22.03.01.2_CN was discovered to contain a stack overflow in the function form_fast_setting_wifi_set.
network
low complexity
tenda CWE-787
7.5
7.5
2022-02-04 CVE-2022-24144 Command Injection vulnerability in Tenda AX3 Firmware 16.03.12.10Cn
Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function WanParameterSetting.
network
low complexity
tenda CWE-77
critical
 9.8
9.8
2022-02-04 CVE-2022-24145 Out-of-bounds Write vulnerability in Tenda AX3 Firmware 16.03.12.10Cn
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formWifiBasicSet.
network
low complexity
tenda CWE-787
7.5
7.5
2022-02-04 CVE-2022-24146 Out-of-bounds Write vulnerability in Tenda AX3 Firmware 16.03.12.10Cn
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetQosBand.
network
low complexity
tenda CWE-787
7.5
7.5
2022-02-04 CVE-2022-24147 Out-of-bounds Write vulnerability in Tenda AX3 Firmware 16.03.12.10Cn
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromAdvSetMacMtuWan.
network
low complexity
tenda CWE-787
7.5
7.5
2022-02-04 CVE-2022-24148 Command Injection vulnerability in Tenda AX3 Firmware 16.03.12.10Cn
Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function mDMZSetCfg.
network
low complexity
tenda CWE-77
critical
 9.8
9.8
2022-02-04 CVE-2022-24149 Out-of-bounds Write vulnerability in Tenda AX3 Firmware 16.03.12.10Cn
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetWirelessRepeat.
network
low complexity
tenda CWE-787
7.5
7.5
2022-02-04 CVE-2022-24150 Command Injection vulnerability in Tenda AX3 Firmware 16.03.12.10Cn
Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function formSetSafeWanWebMan.
network
low complexity
tenda CWE-77
critical
 9.8
9.8