Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Tenda Subscribe
Total 449 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-24158 1 Tenda 2 Ax3, Ax3 Firmware 2022-02-07 7.8 HIGH 7.5 HIGH
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetIpMacBind. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.
CVE-2022-24146 1 Tenda 2 Ax3, Ax3 Firmware 2022-02-07 7.8 HIGH 7.5 HIGH
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetQosBand. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.
CVE-2022-24155 1 Tenda 2 Ax3, Ax3 Firmware 2022-02-07 7.8 HIGH 7.5 HIGH
Tenda AX3 v16.03.12.10_CN was discovered to contain a heap overflow in the function setSchedWifi. This vulnerability allows attackers to cause a Denial of Service (DoS) via the schedStartTime and schedEndTime parameters.
CVE-2022-24154 1 Tenda 2 Ax3, Ax3 Firmware 2022-02-07 7.8 HIGH 7.5 HIGH
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetRebootTimer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the rebootTime parameter.
CVE-2022-24147 1 Tenda 2 Ax3, Ax3 Firmware 2022-02-07 7.8 HIGH 7.5 HIGH
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromAdvSetMacMtuWan. This vulnerability allows attackers to cause a Denial of Service (DoS) via the wanMTU, wanSpeed, cloneType, mac, and serviceName parameters.
CVE-2022-24152 1 Tenda 2 Ax3, Ax3 Firmware 2022-02-07 7.8 HIGH 7.5 HIGH
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetRouteStatic. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.
CVE-2022-24153 1 Tenda 2 Ax3, Ax3 Firmware 2022-02-07 7.8 HIGH 7.5 HIGH
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formAddMacfilterRule. This vulnerability allows attackers to cause a Denial of Service (DoS) via the devName parameter.
CVE-2022-24148 1 Tenda 2 Ax3, Ax3 Firmware 2022-02-07 7.5 HIGH 9.8 CRITICAL
Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function mDMZSetCfg. This vulnerability allows attackers to execute arbitrary commands via the dmzIp parameter.
CVE-2022-24150 1 Tenda 2 Ax3, Ax3 Firmware 2022-02-07 7.5 HIGH 9.8 CRITICAL
Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function formSetSafeWanWebMan. This vulnerability allows attackers to execute arbitrary commands via the remoteIp parameter.
CVE-2022-24149 1 Tenda 2 Ax3, Ax3 Firmware 2022-02-07 7.8 HIGH 7.5 HIGH
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetWirelessRepeat. This vulnerability allows attackers to cause a Denial of Service (DoS) via the wpapsk_crypto parameter.
CVE-2022-24151 1 Tenda 2 Ax3, Ax3 Firmware 2022-02-07 7.8 HIGH 7.5 HIGH
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetWifiGusetBasic. This vulnerability allows attackers to cause a Denial of Service (DoS) via the shareSpeed parameter.
CVE-2022-24157 1 Tenda 2 Ax3, Ax3 Firmware 2022-02-07 7.8 HIGH 7.5 HIGH
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetMacFilterCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the deviceList parameter.
CVE-2020-35391 1 Tenda 2 F3, F3 Firmware 2021-07-21 3.3 LOW 6.5 MEDIUM
Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_passwd line) via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related issue to CVE-2017-14942. NOTE: the vulnerability report may suggest that either a ? character must be placed after the RouterCfm.cfg filename, or that the HTTP request headers must be unusual, but it is not known why these are relevant to the device's HTTP response behavior.
CVE-2020-10987 1 Tenda 2 Ac15, Ac15 Firmware 2021-07-21 10.0 HIGH 9.8 CRITICAL
The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter.
CVE-2021-31755 1 Tenda 2 Ac11, Ac11 Firmware 2021-05-10 10.0 HIGH 9.8 CRITICAL
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31756 1 Tenda 2 Ac11, Ac11 Firmware 2021-05-10 10.0 HIGH 9.8 CRITICAL
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input vector controlled by malicious attack get copied to the stack variable.
CVE-2021-31758 1 Tenda 2 Ac11, Ac11 Firmware 2021-05-10 10.0 HIGH 9.8 CRITICAL
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31757 1 Tenda 2 Ac11, Ac11 Firmware 2021-05-10 10.0 HIGH 9.8 CRITICAL
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-27706 1 Tenda 4 G1, G1 Firmware, G3 and 1 more 2021-04-20 7.5 HIGH 9.8 CRITICAL
Buffer Overflow in Tenda G1 and G3 routers with firmware version V15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"IPMacBindIndex "request. This occurs because the "formIPMacBindDel" function directly passes the parameter "IPMacBindIndex" to strcpy without limit.
CVE-2021-27705 1 Tenda 4 G1, G1 Firmware, G3 and 1 more 2021-04-20 7.5 HIGH 9.8 CRITICAL
Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"qosIndex "request. This occurs because the "formQOSRuleDel" function directly passes the parameter "qosIndex" to strcpy without limit.