Vulnerabilities > Tendacn > G3 Firmware

DATE CVE VULNERABILITY TITLE RISK
2022-02-04 CVE-2022-24167 Command Injection vulnerability in Tendacn G1 Firmware and G3 Firmware
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetDMZ.
network
low complexity
tendacn CWE-77
critical
 9.8
9.8
2022-02-04 CVE-2022-24168 Command Injection vulnerability in Tendacn G1 Firmware and G3 Firmware
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetIpGroup.
network
low complexity
tendacn CWE-77
critical
 9.8
9.8
2022-02-04 CVE-2022-24169 Out-of-bounds Write vulnerability in Tendacn G1 Firmware and G3 Firmware
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formIPMacBindAdd.
network
low complexity
tendacn CWE-787
7.5
7.5
2022-02-04 CVE-2022-24170 Command Injection vulnerability in Tendacn G1 Firmware and G3 Firmware
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetIpSecTunnel.
network
low complexity
tendacn CWE-77
critical
 9.8
9.8
2022-02-04 CVE-2022-24171 Command Injection vulnerability in Tendacn G1 Firmware and G3 Firmware
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetPppoeServer.
network
low complexity
tendacn CWE-77
critical
 9.8
9.8
2022-02-04 CVE-2022-24172 Out-of-bounds Write vulnerability in Tendacn G1 Firmware and G3 Firmware
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formAddDhcpBindRule.
network
low complexity
tendacn CWE-787
7.5
7.5
2021-04-16 CVE-2021-27692 OS Command Injection vulnerability in Tendacn G1 Firmware and G3 Firmware
Command Injection in Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted "action/umountUSBPartition" request.
network
low complexity
tendacn CWE-78
critical
 9.8
9.8
2021-04-16 CVE-2021-27691 OS Command Injection vulnerability in Tendacn G0 Firmware, G1 Firmware and G3 Firmware
Command Injection in Tenda G0 routers with firmware versions v15.11.0.6(9039)_CN and v15.11.0.5(5876)_CN , and Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted action/setDebugCfg request.
network
low complexity
tendacn CWE-78
critical
 9.8
9.8