Vulnerabilities > Tenda > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-05-24 CVE-2021-42659 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tenda AC9 Firmware 15.03.05.19(6318)/15.03.06.42Multi
There is a buffer overflow vulnerability in the Web server httpd of the router in Tenda router devices such as Tenda AC9 V1.0 V15.03.02.19(6318) and Tenda AC9 V3.0 V15.03.06.42_multi.
low complexity
tenda CWE-119
6.5
2022-04-25 CVE-2022-27374 Cross-Site Request Forgery (CSRF) vulnerability in Tenda Ax12 Firmware 22.03.01.21Cn
Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_42E328 at /goform/SysToolReboot.
network
low complexity
tenda CWE-352
6.5
2022-04-25 CVE-2022-27375 Cross-Site Request Forgery (CSRF) vulnerability in Tenda Ax12 Firmware 22.03.01.21Cn
Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_422168 at /goform/WifiExtraSet.
network
low complexity
tenda CWE-352
6.5
2021-01-26 CVE-2021-3186 Cross-site Scripting vulnerability in Tenda Ac1200 Firmware 15.03.06.47Multi
A Stored Cross-site scripting (XSS) vulnerability in /main.html Wifi Settings in Tenda AC5 AC1200 version V15.03.06.47_multi allows remote attackers to inject arbitrary web script or HTML via the Wifi Name parameter.
network
low complexity
tenda CWE-79
6.1
2021-01-01 CVE-2020-35391 Forced Browsing vulnerability in Tenda F3 Firmware 12.01.01.48
Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_passwd line) via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related issue to CVE-2017-14942.
low complexity
tenda CWE-425
6.5
2020-07-13 CVE-2020-10989 Cross-site Scripting vulnerability in Tenda Ac15 Firmware 15.03.05.19
An XSS issue in the /goform/WifiBasicSet endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute malicious payloads via the WifiName POST parameter.
network
low complexity
tenda CWE-79
6.1
2020-07-13 CVE-2020-10986 Cross-Site Request Forgery (CSRF) vulnerability in Tenda Ac15 Firmware 15.03.05.19
A CSRF issue in the /goform/SysToolReboot endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to reboot the device and cause denial of service via a payload hosted by an attacker-controlled web page.
network
low complexity
tenda CWE-352
6.5
2017-11-24 CVE-2017-16936 Path Traversal vulnerability in Tenda Ac15 Firmware, Ac18 Firmware and AC9 Firmware
Directory Traversal vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated attackers to read arbitrary files via a cgi-bin/luci/request?op=1&path= URI that uses directory traversal sequences after a /usb/ substring.
low complexity
tenda CWE-22
6.5