Vulnerabilities > Tendacn > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-16 | CVE-2021-27692 | OS Command Injection vulnerability in Tendacn G1 Firmware and G3 Firmware Command Injection in Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted "action/umountUSBPartition" request. | 9.8 |
| 2021-04-16 | CVE-2021-27691 | OS Command Injection vulnerability in Tendacn G0 Firmware, G1 Firmware and G3 Firmware Command Injection in Tenda G0 routers with firmware versions v15.11.0.6(9039)_CN and v15.11.0.5(5876)_CN , and Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted action/setDebugCfg request. | 9.8 |
| 2020-09-04 | CVE-2020-24987 | Improper Authentication vulnerability in Tendacn Ac18 Firmware Tenda AC18 Router through V15.03.05.05_EN and through V15.03.05.19(6318) CN devices could cause a remote code execution due to incorrect authentication handling of vulnerable logincheck() function in /usr/lib/lua/ngx_authserver/ngx_wdas.lua file if the administrator UI Interface is set to "radius". | 9.8 |
| 2020-06-25 | CVE-2019-19505 | Out-of-bounds Write vulnerability in Tendacn PA6 Firmware 1.0.1.21 Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the "Wireless" section in the web-UI. | 9.0 |
| 2020-06-25 | CVE-2019-16213 | OS Command Injection vulnerability in Tendacn PA6 Firmware 1.0.1.21 Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 could allow a remote authenticated attacker to execute arbitrary commands on the system. | 9.0 |
| 2018-09-02 | CVE-2018-16334 | OS Command Injection vulnerability in Tendacn Ac10 Firmware and AC9 Firmware An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. | 9.0 |
| 2018-03-20 | CVE-2018-5768 | Use of Hard-coded Credentials vulnerability in Tendacn Ac15 Firmware A remote, unauthenticated attacker can gain remote code execution on the the Tenda AC15 router with a specially crafted password parameter for the COOKIE header. | 10.0 |
| 2018-03-20 | CVE-2018-5770 | Insecure Default Initialization of Resource vulnerability in Tendacn Ac15 Firmware An issue was discovered on Tenda AC15 devices. | 10.0 |