Vulnerabilities > Tenda > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-07-13 CVE-2020-10987 OS Command Injection vulnerability in Tenda Ac15 Firmware 15.03.05.19
The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter.
network
low complexity
tenda CWE-78
critical
 9.8
9.8
2018-10-30 CVE-2018-14558 OS Command Injection vulnerability in Tenda Ac10 Firmware, AC7 Firmware and AC9 Firmware
An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10).
network
low complexity
tenda CWE-78
critical
 9.8
9.8
2018-10-29 CVE-2018-18729 Out-of-bounds Write vulnerability in Tenda products
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices.
network
low complexity
tenda CWE-787
critical
 9.8
9.8
2018-10-29 CVE-2018-18728 OS Command Injection vulnerability in Tenda Ac15 Firmware, Ac18 Firmware and AC9 Firmware
An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices.
network
low complexity
tenda CWE-78
critical
 9.8
9.8
2015-12-31 CVE-2015-5995 Permissions, Privileges, and Access Controls vulnerability in multiple products
Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote attackers to obtain administrative access via a certain admin substring in an HTTP Cookie header.
network
low complexity
tenda mediabridge CWE-264
critical
 9.8
9.8