Vulnerabilities > Tenda > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-07-06 CVE-2022-34597 OS Command Injection vulnerability in Tenda Ax1806 Firmware 1.0.0.1
Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability via the function WanParameterSetting.
network
low complexity
tenda CWE-78
critical
 9.8
9.8
2022-07-01 CVE-2022-32032 Out-of-bounds Write vulnerability in Tenda Ax1806 Firmware 1.0.0.1
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the deviceList parameter in the function formAddMacfilterRule.
network
low complexity
tenda CWE-787
critical
 9.8
9.8
2022-05-26 CVE-2022-30472 Out-of-bounds Write vulnerability in Tenda Ac18 Firmware 15.03.05.19(6318)
Tenda AC Seris Router AC18_V15.03.05.19(6318) has a stack-based buffer overflow vulnerability in function fromAddressNat
network
low complexity
tenda CWE-787
critical
 9.8
9.8
2022-05-26 CVE-2022-30474 Out-of-bounds Write vulnerability in Tenda Ac18 Firmware 15.03.05.19(6318)
Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a heap overflow in the httpd module when handling /goform/saveParentControlInfo request.
network
low complexity
tenda CWE-787
critical
 9.8
9.8
2022-05-26 CVE-2022-30476 Out-of-bounds Write vulnerability in Tenda Ac18 Firmware 15.03.05.19(6318)
Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetFirewallCfg request.
network
low complexity
tenda CWE-787
critical
 9.8
9.8
2022-05-26 CVE-2022-30477 Out-of-bounds Write vulnerability in Tenda Ac18 Firmware 15.03.05.19(6318)
Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetClientState request.
network
low complexity
tenda CWE-787
critical
 9.8
9.8
2022-05-10 CVE-2022-29591 Classic Buffer Overflow vulnerability in Tenda TX9 PRO Firmware 22.03.02.10
Tenda TX9 Pro 22.03.02.10 devices have a SetNetControlList buffer overflow.
network
low complexity
tenda CWE-120
critical
 9.8
9.8
2022-05-05 CVE-2022-29592 OS Command Injection vulnerability in Tenda TX9 PRO Firmware 22.03.02.10
Tenda TX9 Pro 22.03.02.10 devices allow OS command injection via set_route (called by doSystemCmd_route).
network
low complexity
tenda CWE-78
critical
 9.8
9.8
2022-05-04 CVE-2022-28557 OS Command Injection vulnerability in Tenda Ac15 Firmware 15.03.05.20Multitde01
There is a command injection vulnerability at the /goform/setsambacfg interface of Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin device web, which can also cooperate with CVE-2021-44971 to cause unconditional arbitrary command execution
network
low complexity
tenda CWE-78
critical
 9.8
9.8
2022-05-04 CVE-2022-28082 Out-of-bounds Write vulnerability in Tenda Ax12 Firmware 22.03.01.21Cn
Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the list parameter at /goform/SetNetControlList.
network
low complexity
tenda CWE-787
critical
 9.8
9.8