Vulnerabilities > Tenda > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-08-25 | CVE-2022-37814 | Out-of-bounds Write vulnerability in Tenda Ac1206 Firmware 15.03.06.23 Tenda AC1206 V15.03.06.23 was discovered to contain multiple stack overflows via the deviceMac and the device_id parameters in the function addWifiMacFilter. | 9.8 |
2022-08-25 | CVE-2022-37815 | Out-of-bounds Write vulnerability in Tenda Ac1206 Firmware 15.03.06.23 Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the PPPOEPassword parameter in the function formQuickIndex. | 9.8 |
2022-08-25 | CVE-2022-37816 | Out-of-bounds Write vulnerability in Tenda Ac1206 Firmware 15.03.06.23 Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function fromSetIpMacBind. | 9.8 |
2022-08-19 | CVE-2022-37175 | Out-of-bounds Write vulnerability in Tenda Ac15 Firmware 15.03.05.18 Tenda ac15 firmware V15.03.05.18 httpd server has stack buffer overflow in /goform/formWifiBasicSet. | 9.8 |
2022-08-19 | CVE-2022-35201 | Unspecified vulnerability in Tenda Ac18 Firmware 15.03.05.05 Tenda-AC18 V15.03.05.05 was discovered to contain a remote command execution (RCE) vulnerability. | 9.8 |
2022-08-16 | CVE-2022-36273 | OS Command Injection vulnerability in Tenda AC9 Firmware 15.03.2.21Cn Tenda AC9 V15.03.2.21_cn is vulnerable to command injection via goform/SetSysTimeCfg. | 9.8 |
2022-08-12 | CVE-2022-35555 | OS Command Injection vulnerability in Tenda W6 Firmware 1.0.0.9(4122) A command injection vulnerability exists in /goform/exeCommand in Tenda W6 V1.0.0.9(4122), which allows attackers to construct cmdinput parameters for arbitrary command execution. | 9.8 |
2022-08-12 | CVE-2022-35559 | Out-of-bounds Write vulnerability in Tenda W6 Firmware 1.0.0.9(4122) A stack overflow vulnerability exists in /goform/setAutoPing in Tenda W6 V1.0.0.9(4122), which allows an attacker to construct ping1 parameters and ping2 parameters for a stack overflow attack. | 9.8 |
2022-07-07 | CVE-2022-32054 | OS Command Injection vulnerability in Tenda Ac10 Firmware 15.03.06.26 Tenda AC10 US_AC10V1.0RTL_V15.03.06.26_multi_TD01 was discovered to contain a remote code execution (RCE) vulnerability via the lanIp parameter. | 9.8 |
2022-07-06 | CVE-2022-34595 | OS Command Injection vulnerability in Tenda Ax1803 Firmware 1.0.0.12890 Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function setipv6status. | 9.8 |