Filtered by vendor Tenda
Subscribe
Total
449 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-24167 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2023-02-01 | N/A | 9.8 CRITICAL |
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/add_white_node. | |||||
CVE-2023-24170 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2023-02-01 | N/A | 9.8 CRITICAL |
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/fromSetWirelessRepeat. | |||||
CVE-2022-40846 | 1 Tenda | 2 Ac1200 V-w15ev2, W15e Firmware | 2023-01-27 | N/A | 4.8 MEDIUM |
In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), a Stored Cross Site Scripting (XSS) vulnerability exists allowing an attacker to execute JavaScript code via the applications stored hostname. | |||||
CVE-2022-40845 | 1 Tenda | 2 Ac1200 V-w15ev2, W15e Firmware | 2023-01-27 | N/A | 6.5 MEDIUM |
The Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576) is affected by a password exposure vulnerability. When combined with the improper authorization/improper session management vulnerability, an attacker with access to the router may be able to expose sensitive information which they're not explicitly authorized to have. | |||||
CVE-2022-42053 | 1 Tenda | 2 Ac1200 V-w15ev2, W15e Firmware | 2023-01-27 | N/A | 7.8 HIGH |
Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a command injection vulnerability via the PortMappingServer parameter in the setPortMapping function. | |||||
CVE-2022-40843 | 1 Tenda | 2 Ac1200 V-w15ev2, W15e Firmware | 2023-01-27 | N/A | 4.9 MEDIUM |
The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to improper authorization / improper session management that allows the router login page to be bypassed. This leads to authenticated attackers having the ability to read the routers syslog.log file which contains the MD5 password of the Administrator's user account. | |||||
CVE-2022-40847 | 1 Tenda | 2 Ac1200 V-w15ev2, W15e Firmware | 2023-01-27 | N/A | 7.8 HIGH |
In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), there exists a command injection vulnerability in the function formSetFixTools. This vulnerability allows attackers to run arbitrary commands on the server via the hostname parameter. | |||||
CVE-2022-40844 | 1 Tenda | 2 Ac1200 V-w15ev2, W15e Firmware | 2023-01-27 | N/A | 5.4 MEDIUM |
In Tenda (Shenzhen Tenda Technology Co., Ltd) AC1200 Router model W15Ev2 V15.11.0.10(1576), a Stored Cross Site Scripting (XSS) issue exists allowing an attacker to execute JavaScript code via the applications website filtering tab, specifically the URL body. | |||||
CVE-2022-41396 | 1 Tenda | 2 W15e, W15e Firmware | 2023-01-23 | N/A | 7.8 HIGH |
Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain multiple command injection vulnerabilities in the function setIPsecTunnelList via the IPsecLocalNet and IPsecRemoteNet parameters. | |||||
CVE-2022-42060 | 1 Tenda | 2 W15e, W15e Firmware | 2023-01-23 | N/A | 7.5 HIGH |
Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setWanPpoe function. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data. | |||||
CVE-2022-42058 | 1 Tenda | 2 W15e, W15e Firmware | 2023-01-23 | N/A | 9.8 CRITICAL |
Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setRemoteWebManage function. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data. | |||||
CVE-2022-41395 | 1 Tenda | 2 W15e, W15e Firmware | 2023-01-23 | N/A | 7.8 HIGH |
Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a command injection vulnerability via the dmzHost parameter in the setDMZ function. | |||||
CVE-2022-32036 | 1 Tenda | 2 M3, M3 Firmware | 2023-01-19 | 7.8 HIGH | 7.5 HIGH |
Tenda M3 V1.0.0.12 was discovered to contain multiple stack overflow vulnerabilities via the ssidList, storeName, and trademark parameters in the function formSetStoreWeb. | |||||
CVE-2022-32034 | 1 Tenda | 2 M3, M3 Firmware | 2023-01-19 | 7.8 HIGH | 7.5 HIGH |
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the items parameter in the function formdelMasteraclist. | |||||
CVE-2022-45995 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2023-01-11 | N/A | 9.8 CRITICAL |
There is an unauthorized buffer overflow vulnerability in Tenda AX12 v22.03.01.21 _ cn. This vulnerability can cause the web service not to restart or even execute arbitrary code. It is a different vulnerability from CVE-2022-2414. | |||||
CVE-2022-47119 | 1 Tenda | 2 A15, A15 Firmware | 2023-01-04 | N/A | 9.8 CRITICAL |
Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the ssid parameter at /goform/WifiBasicSet. | |||||
CVE-2022-47116 | 1 Tenda | 2 A15, A15 Firmware | 2023-01-04 | N/A | 7.5 HIGH |
Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the SYSPS parameter at /goform/SysToolChangePwd. | |||||
CVE-2022-47118 | 1 Tenda | 2 A15, A15 Firmware | 2023-01-04 | N/A | 9.8 CRITICAL |
Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepkey1 parameter at /goform/WifiBasicSet. | |||||
CVE-2022-47117 | 1 Tenda | 2 A15, A15 Firmware | 2023-01-04 | N/A | 9.8 CRITICAL |
Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the security parameter at /goform/WifiBasicSet. | |||||
CVE-2022-47120 | 1 Tenda | 2 A15, A15 Firmware | 2023-01-04 | N/A | 9.8 CRITICAL |
Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the security_5g parameter at /goform/WifiBasicSet. |