Vulnerabilities > Tenda > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-08 | CVE-2023-34571 | Out-of-bounds Write vulnerability in Tenda Ac10 Firmware Usac10V4.0Siv16.03.10.13Cn Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter shareSpeed at /goform/WifiGuestSet. | 6.7 |
| 2023-05-01 | CVE-2023-29680 | Cleartext Transmission of Sensitive Information vulnerability in Tenda N301 Firmware 12.03.01.06Pt Cleartext Transmission in set-cookie:ecos_pw: Tenda N301 v6.0, Firmware v12.02.01.61_multi allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password. | 5.7 |
| 2023-05-01 | CVE-2023-29681 | Cleartext Transmission of Sensitive Information vulnerability in Tenda N301 Firmware 12.02.01.61Multi Cleartext Transmission in cookie:ecos_pw: in Tenda N301 v6.0, firmware v12.03.01.06_pt allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password. | 5.7 |
| 2022-12-02 | CVE-2022-45667 | Cross-Site Request Forgery (CSRF) vulnerability in Tenda I22 Firmware 1.0.0.3(4687) Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet. | 6.5 |
| 2022-12-02 | CVE-2022-45668 | Cross-Site Request Forgery (CSRF) vulnerability in Tenda I22 Firmware 1.0.0.3(4687) Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. | 6.5 |
| 2022-12-02 | CVE-2022-45673 | Cross-Site Request Forgery (CSRF) vulnerability in Tenda AC6 Firmware 15.03.05.19 Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet. | 6.5 |
| 2022-12-02 | CVE-2022-45674 | Cross-Site Request Forgery (CSRF) vulnerability in Tenda AC6 Firmware 15.03.05.19 Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. | 6.5 |
| 2022-11-15 | CVE-2022-40844 | Cross-site Scripting vulnerability in Tenda W15E Firmware 15.11.0.10(1576) In Tenda (Shenzhen Tenda Technology Co., Ltd) AC1200 Router model W15Ev2 V15.11.0.10(1576), a Stored Cross Site Scripting (XSS) issue exists allowing an attacker to execute JavaScript code via the applications website filtering tab, specifically the URL body. | 5.4 |
| 2022-11-15 | CVE-2022-40846 | Cross-site Scripting vulnerability in Tenda W15E Firmware 15.11.0.10(1576) In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), a Stored Cross Site Scripting (XSS) vulnerability exists allowing an attacker to execute JavaScript code via the applications stored hostname. | 4.8 |
| 2022-11-15 | CVE-2022-40843 | Unspecified vulnerability in Tenda W15E Firmware 15.11.0.10(1576) The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to improper authorization / improper session management that allows the router login page to be bypassed. | 4.9 |