Vulnerabilities > Tenda > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-06-08 CVE-2023-34568 Out-of-bounds Write vulnerability in Tenda Ac10 Firmware Usac10V4.0Siv16.03.10.13Cn
Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter time at /goform/PowerSaveSet.
local
low complexity
tenda CWE-787
6.7
2023-06-08 CVE-2023-34569 Out-of-bounds Write vulnerability in Tenda Ac10 Firmware Usac10V4.0Siv16.03.10.13Cn
Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list at /goform/SetNetControlList.
local
low complexity
tenda CWE-787
6.7
2023-06-08 CVE-2023-34570 Out-of-bounds Write vulnerability in Tenda Ac10 Firmware Usac10V4.0Siv16.03.10.13Cn
Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter devName at /goform/SetOnlineDevName.
local
low complexity
tenda CWE-787
6.7
2023-06-08 CVE-2023-34571 Out-of-bounds Write vulnerability in Tenda Ac10 Firmware Usac10V4.0Siv16.03.10.13Cn
Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter shareSpeed at /goform/WifiGuestSet.
local
low complexity
tenda CWE-787
6.7
2023-05-01 CVE-2023-29680 Cleartext Transmission of Sensitive Information vulnerability in Tenda N301 Firmware 12.03.01.06Pt
Cleartext Transmission in set-cookie:ecos_pw: Tenda N301 v6.0, Firmware v12.02.01.61_multi allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password.
low complexity
tenda CWE-319
5.7
2023-05-01 CVE-2023-29681 Cleartext Transmission of Sensitive Information vulnerability in Tenda N301 Firmware 12.02.01.61Multi
Cleartext Transmission in cookie:ecos_pw: in Tenda N301 v6.0, firmware v12.03.01.06_pt allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password.
low complexity
tenda CWE-319
5.7
2022-12-02 CVE-2022-45667 Cross-Site Request Forgery (CSRF) vulnerability in Tenda I22 Firmware 1.0.0.3(4687)
Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet.
network
low complexity
tenda CWE-352
6.5
2022-12-02 CVE-2022-45668 Cross-Site Request Forgery (CSRF) vulnerability in Tenda I22 Firmware 1.0.0.3(4687)
Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.
network
low complexity
tenda CWE-352
6.5
2022-12-02 CVE-2022-45673 Cross-Site Request Forgery (CSRF) vulnerability in Tenda AC6 Firmware 15.03.05.19
Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet.
network
low complexity
tenda CWE-352
6.5
2022-12-02 CVE-2022-45674 Cross-Site Request Forgery (CSRF) vulnerability in Tenda AC6 Firmware 15.03.05.19
Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.
network
low complexity
tenda CWE-352
6.5