Vulnerabilities > Tenda > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-11-15 CVE-2022-40844 Cross-site Scripting vulnerability in Tenda W15E Firmware 15.11.0.10(1576)
In Tenda (Shenzhen Tenda Technology Co., Ltd) AC1200 Router model W15Ev2 V15.11.0.10(1576), a Stored Cross Site Scripting (XSS) issue exists allowing an attacker to execute JavaScript code via the applications website filtering tab, specifically the URL body.
network
low complexity
tenda CWE-79
5.4
2022-11-15 CVE-2022-40846 Cross-site Scripting vulnerability in Tenda W15E Firmware 15.11.0.10(1576)
In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), a Stored Cross Site Scripting (XSS) vulnerability exists allowing an attacker to execute JavaScript code via the applications stored hostname.
network
low complexity
tenda CWE-79
4.8
2022-11-15 CVE-2022-40843 Unspecified vulnerability in Tenda W15E Firmware 15.11.0.10(1576)
The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to improper authorization / improper session management that allows the router login page to be bypassed.
network
low complexity
tenda
4.9
2022-11-15 CVE-2022-40845 Forced Browsing vulnerability in Tenda W15E Firmware 15.11.0.10(1576)
The Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576) is affected by a password exposure vulnerability.
network
low complexity
tenda CWE-425
6.5
2022-10-12 CVE-2022-42077 Cross-Site Request Forgery (CSRF) vulnerability in Tenda Ac1206 Firmware 15.03.06.23Multitd01
Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.
network
low complexity
tenda CWE-352
6.5
2022-10-12 CVE-2022-42078 Cross-Site Request Forgery (CSRF) vulnerability in Tenda Ac1206 Firmware 15.03.06.23Multitd01
Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet.
network
low complexity
tenda CWE-352
6.5
2022-10-12 CVE-2022-42086 Cross-Site Request Forgery (CSRF) vulnerability in Tenda Ax1803 Firmware 1.0.0.12994Cnzgyd014
Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function TendaAteMode.
network
low complexity
tenda CWE-352
6.5
2022-10-12 CVE-2022-42087 Cross-Site Request Forgery (CSRF) vulnerability in Tenda Ax1803 Firmware 1.0.0.12994Cnzgyd014
Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.
network
low complexity
tenda CWE-352
6.5
2022-09-23 CVE-2022-40103 Out-of-bounds Write vulnerability in Tenda I9 Firmware 1.0.0.8(3828)
Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formSetAutoPing function.
local
low complexity
tenda CWE-787
5.5
2022-08-25 CVE-2022-37292 Out-of-bounds Write vulnerability in Tenda Ax12 Firmware 22.03.01.21Cn
Tenda AX12 V22.03.01.21_CN is vulnerable to Buffer Overflow.
local
low complexity
tenda CWE-787
5.5