Vulnerabilities > Tenda > High

DATE CVE VULNERABILITY TITLE RISK
2023-11-20 CVE-2023-48109 Out-of-bounds Write vulnerability in Tenda Ax1803 Firmware 1.0.0.1
Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow via the deviceId parameter in the function saveParentControlInfo .
network
low complexity
tenda CWE-787
7.5
7.5
2023-11-20 CVE-2023-48110 Out-of-bounds Write vulnerability in Tenda Ax1803 Firmware 1.0.0.1
Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow via the urls parameter in the function saveParentControlInfo .
network
low complexity
tenda CWE-787
7.5
7.5
2023-11-20 CVE-2023-48111 Out-of-bounds Write vulnerability in Tenda Ax1803 Firmware 1.0.0.1
Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the time parameter in the function saveParentControlInfo .
network
low complexity
tenda CWE-787
7.5
7.5
2023-11-14 CVE-2022-45781 Out-of-bounds Write vulnerability in Tenda Ax1803 Firmware 1.0.0.1/1.0.0.12890
Buffer Overflow vulnerability in Tenda AX1803 v1.0.0.1_2994 and earlier allows attackers to run arbitrary code via /goform/SetOnlineDevName.
network
low complexity
tenda CWE-787
8.8
8.8
2023-11-07 CVE-2023-43885 Missing Authorization vulnerability in Tenda RX9 PRO Firmware 22.03.02.10
Missing error handling in the HTTP server component of Tenda RX9 Pro Firmware V22.03.02.20 allows authenticated attackers to arbitrarily lock the device.
network
low complexity
tenda CWE-862
8.1
8.1
2023-11-07 CVE-2023-43886 Out-of-bounds Write vulnerability in Tenda RX9 PRO Firmware 22.03.02.10
A buffer overflow in the HTTP server component of Tenda RX9 Pro v22.03.02.20 might allow an authenticated attacker to overwrite memory.
network
low complexity
tenda CWE-787
7.1
7.1
2023-08-25 CVE-2023-40797 Improper Input Validation vulnerability in Tenda Ac23 Firmware 16.03.07.45Cn
In Tenda AC23 v16.03.07.45_cn, the sub_4781A4 function does not validate the parameters entered by the user, resulting in a post-authentication stack overflow vulnerability.
network
low complexity
tenda CWE-20
8.8
8.8
2023-08-25 CVE-2023-40798 Improper Input Validation vulnerability in Tenda Ac23 Firmware 16.03.07.45Cn
In Tenda AC23 v16.03.07.45_cn, the formSetIPv6status and formGetWanParameter functions do not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability.
network
low complexity
tenda CWE-20
8.8
8.8
2023-08-25 CVE-2023-40800 Improper Input Validation vulnerability in Tenda Ac23 Firmware 16.03.07.45Cn
The compare_parentcontrol_time function does not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn.
network
low complexity
tenda CWE-20
8.8
8.8
2023-08-25 CVE-2023-40801 Improper Input Validation vulnerability in Tenda Ac23
The sub_451784 function does not validate the parameters entered by the user, resulting in a stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn
network
low complexity
tenda CWE-20
8.8
8.8