Vulnerabilities > Tendacn

DATE CVE VULNERABILITY TITLE RISK
2021-09-30 CVE-2020-20746 Out-of-bounds Write vulnerability in Tendacn AC9 Firmware 15.03.06.60En
A stack-based buffer overflow in the httpd server on Tenda AC9 V15.03.06.60_EN allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via a crafted POST request to /goform/SetStaticRouteCfg.
network
low complexity
tendacn CWE-787
6.5
2021-04-16 CVE-2021-27692 OS Command Injection vulnerability in Tendacn G1 Firmware and G3 Firmware
Command Injection in Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted "action/umountUSBPartition" request.
network
low complexity
tendacn CWE-78
critical
10.0
2021-04-16 CVE-2021-27691 OS Command Injection vulnerability in Tendacn G0 Firmware, G1 Firmware and G3 Firmware
Command Injection in Tenda G0 routers with firmware versions v15.11.0.6(9039)_CN and v15.11.0.5(5876)_CN , and Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted action/setDebugCfg request.
network
low complexity
tendacn CWE-78
critical
10.0
2020-12-28 CVE-2020-28094 Unspecified vulnerability in Tendacn Ac1200 Firmware 15.03.06.51
On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, the default settings for the router speed test contain links to download malware named elive or CNKI E-Learning.
network
low complexity
tendacn
5.0
2020-12-28 CVE-2020-28093 Unspecified vulnerability in Tendacn Ac1200 Firmware 15.03.06.51
On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, admin, support, user, and nobody have a password of 1234.
network
low complexity
tendacn
6.5
2020-09-04 CVE-2020-24987 Improper Authentication vulnerability in Tendacn Ac18 Firmware V15.03.05.05En/V15.03.05.19(6318)/V15.03.05.19(6318)Cn
Tenda AC18 Router through V15.03.05.05_EN and through V15.03.05.19(6318) CN devices could cause a remote code execution due to incorrect authentication handling of vulnerable logincheck() function in /usr/lib/lua/ngx_authserver/ngx_wdas.lua file if the administrator UI Interface is set to "radius".
network
tendacn CWE-287
6.8
2020-06-25 CVE-2019-19506 Infinite Loop vulnerability in Tendacn PA6 Firmware 1.0.1.21
Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a denial of service, caused by an error in the "homeplugd" process.
7.8
2020-06-25 CVE-2019-19505 Out-of-bounds Write vulnerability in Tendacn PA6 Firmware 1.0.1.21
Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the "Wireless" section in the web-UI.
tendacn CWE-787
critical
9.0
2020-06-25 CVE-2019-16213 OS Command Injection vulnerability in Tendacn PA6 Firmware 1.0.1.21
Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 could allow a remote authenticated attacker to execute arbitrary commands on the system.
tendacn CWE-78
critical
9.0
2020-05-22 CVE-2020-13394 Classic Buffer Overflow vulnerability in Tendacn products
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices.
network
low complexity
tendacn CWE-120
7.5