Vulnerabilities > Tenda > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-08-25 CVE-2022-37814 Out-of-bounds Write vulnerability in Tenda Ac1206 Firmware 15.03.06.23
Tenda AC1206 V15.03.06.23 was discovered to contain multiple stack overflows via the deviceMac and the device_id parameters in the function addWifiMacFilter.
network
low complexity
tenda CWE-787
critical
9.8
2022-08-25 CVE-2022-37815 Out-of-bounds Write vulnerability in Tenda Ac1206 Firmware 15.03.06.23
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the PPPOEPassword parameter in the function formQuickIndex.
network
low complexity
tenda CWE-787
critical
9.8
2022-08-25 CVE-2022-37816 Out-of-bounds Write vulnerability in Tenda Ac1206 Firmware 15.03.06.23
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function fromSetIpMacBind.
network
low complexity
tenda CWE-787
critical
9.8
2022-08-19 CVE-2022-37175 Out-of-bounds Write vulnerability in Tenda Ac15 Firmware 15.03.05.18
Tenda ac15 firmware V15.03.05.18 httpd server has stack buffer overflow in /goform/formWifiBasicSet.
network
low complexity
tenda CWE-787
critical
9.8
2022-08-19 CVE-2022-35201 Unspecified vulnerability in Tenda Ac18 Firmware 15.03.05.05
Tenda-AC18 V15.03.05.05 was discovered to contain a remote command execution (RCE) vulnerability.
network
low complexity
tenda
critical
9.8
2022-08-16 CVE-2022-36273 OS Command Injection vulnerability in Tenda AC9 Firmware 15.03.2.21Cn
Tenda AC9 V15.03.2.21_cn is vulnerable to command injection via goform/SetSysTimeCfg.
network
low complexity
tenda CWE-78
critical
9.8
2022-08-12 CVE-2022-35555 OS Command Injection vulnerability in Tenda W6 Firmware 1.0.0.9(4122)
A command injection vulnerability exists in /goform/exeCommand in Tenda W6 V1.0.0.9(4122), which allows attackers to construct cmdinput parameters for arbitrary command execution.
network
low complexity
tenda CWE-78
critical
9.8
2022-08-12 CVE-2022-35559 Out-of-bounds Write vulnerability in Tenda W6 Firmware 1.0.0.9(4122)
A stack overflow vulnerability exists in /goform/setAutoPing in Tenda W6 V1.0.0.9(4122), which allows an attacker to construct ping1 parameters and ping2 parameters for a stack overflow attack.
network
low complexity
tenda CWE-787
critical
9.8
2022-07-07 CVE-2022-32054 OS Command Injection vulnerability in Tenda Ac10 Firmware 15.03.06.26
Tenda AC10 US_AC10V1.0RTL_V15.03.06.26_multi_TD01 was discovered to contain a remote code execution (RCE) vulnerability via the lanIp parameter.
network
low complexity
tenda CWE-78
critical
9.8
2022-07-06 CVE-2022-34595 OS Command Injection vulnerability in Tenda Ax1803 Firmware 1.0.0.12890
Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function setipv6status.
network
low complexity
tenda CWE-78
critical
9.8