Vulnerabilities > Tenda > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-05-03 CVE-2022-28560 Out-of-bounds Write vulnerability in Tenda AC9 Firmware 15.03.2.21Cn
There is a stack overflow vulnerability in the goform/fast_setting_wifi_set function in the httpd service of Tenda ac9 15.03.2.21_cn router.
network
low complexity
tenda CWE-787
critical
 9.8
9.8
2022-05-03 CVE-2022-28561 Out-of-bounds Write vulnerability in Tenda Ax12 Firmware 22.03.01.21Cn
There is a stack overflow vulnerability in the /goform/setMacFilterCfg function in the httpd service of Tenda ax12 22.03.01.21_cn router.
network
low complexity
tenda CWE-787
critical
 9.8
9.8
2022-04-07 CVE-2022-27022 Out-of-bounds Write vulnerability in Tenda AC9 Firmware 15.03.2.21Cn
There is a stack overflow vulnerability in the SetSysTimeCfg() function in the httpd service of Tenda AC9 V15.03.2.21_cn.
network
low complexity
tenda CWE-787
critical
 9.8
9.8
2022-04-07 CVE-2022-27016 Out-of-bounds Write vulnerability in Tenda AC9 Firmware 15.03.2.21Cn
There is a stack overflow vulnerability in the SetStaticRouteCfg() function in the httpd service of Tenda AC9 15.03.2.21_cn.
network
low complexity
tenda CWE-787
critical
 9.8
9.8
2022-03-28 CVE-2022-26278 Out-of-bounds Write vulnerability in Tenda AC9 Firmware 15.03.2.21Cn
Tenda AC9 v15.03.2.21_cn was discovered to contain a stack overflow via the time parameter in the PowerSaveSet function.
network
low complexity
tenda CWE-787
critical
 9.8
9.8
2022-03-24 CVE-2022-26289 OS Command Injection vulnerability in Tenda M3 Firmware 1.0.0.12(4856)
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/exeCommand.
network
low complexity
tenda CWE-78
critical
 9.8
9.8
2022-03-24 CVE-2022-26290 OS Command Injection vulnerability in Tenda M3 Firmware 1.0.0.12(4856)
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/WriteFacMac.
network
low complexity
tenda CWE-78
critical
 9.8
9.8
2022-03-24 CVE-2022-26536 Command Injection vulnerability in Tenda M3 Firmware 1.0.0.12(4856)
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setFixTools.
network
low complexity
tenda CWE-77
critical
 9.8
9.8
2022-03-24 CVE-2022-27076 Command Injection vulnerability in Tenda M3 Firmware 1.0.0.12(4856)
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/delAd.
network
low complexity
tenda CWE-77
critical
 9.8
9.8
2022-03-24 CVE-2022-27077 Command Injection vulnerability in Tenda M3 Firmware 1.0.0.12(4856)
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadWeiXinPic.
network
low complexity
tenda CWE-77
critical
 9.8
9.8