Vulnerabilities > Tendacn > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-03-23 CVE-2021-38278 Out-of-bounds Write vulnerability in Tendacn Ac10 Firmware 15.03.06.23
Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow via the urls parameter in the saveParentControlInfo function.
network
low complexity
tendacn CWE-787
critical
 9.8
9.8
2022-02-18 CVE-2021-45401 Command Injection vulnerability in Tendacn Ac10U Firmware 15.03.06.49Multi
A Command injection vulnerability exists in Tenda AC10U AC1200 Smart Dual-band Wireless Router AC10U V1.0 Firmware V15.03.06.49_multi via the setUsbUnload functionality.
network
low complexity
tendacn CWE-77
critical
 9.8
9.8
2022-02-04 CVE-2021-45986 OS Command Injection vulnerability in Tendacn G1 Firmware and G3 Firmware
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetUSBShareInfo.
network
low complexity
tendacn CWE-78
critical
 9.8
9.8
2022-02-04 CVE-2021-45987 OS Command Injection vulnerability in Tendacn G1 Firmware and G3 Firmware
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetNetCheckTools.
network
low complexity
tendacn CWE-78
critical
 9.8
9.8
2022-02-04 CVE-2021-45990 Command Injection vulnerability in Tendacn G1 Firmware and G3 Firmware
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function uploadPicture.
network
low complexity
tendacn CWE-77
critical
 9.8
9.8
2022-02-04 CVE-2022-24165 Command Injection vulnerability in Tendacn G1 Firmware and G3 Firmware
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetQvlanList.
network
low complexity
tendacn CWE-77
critical
 9.8
9.8
2022-02-04 CVE-2022-24167 Command Injection vulnerability in Tendacn G1 Firmware and G3 Firmware
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetDMZ.
network
low complexity
tendacn CWE-77
critical
 9.8
9.8
2022-02-04 CVE-2022-24168 Command Injection vulnerability in Tendacn G1 Firmware and G3 Firmware
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetIpGroup.
network
low complexity
tendacn CWE-77
critical
 9.8
9.8
2022-02-04 CVE-2022-24170 Command Injection vulnerability in Tendacn G1 Firmware and G3 Firmware
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetIpSecTunnel.
network
low complexity
tendacn CWE-77
critical
 9.8
9.8
2022-02-04 CVE-2022-24171 Command Injection vulnerability in Tendacn G1 Firmware and G3 Firmware
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetPppoeServer.
network
low complexity
tendacn CWE-77
critical
 9.8
9.8