Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Tendacn Subscribe
Total 93 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-45986 1 Tendacn 4 G1, G1 Firmware, G3 and 1 more 2022-07-12 7.5 HIGH 9.8 CRITICAL
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetUSBShareInfo. This vulnerability allows attackers to execute arbitrary commands via the usbOrdinaryUserName parameter.
CVE-2019-5072 1 Tendacn 2 Ac1200 Smart Dual-band Gigabit Wifi, Ac9v1.0 Firmware 2022-06-21 4.6 MEDIUM 7.8 HIGH
An exploitable command injection vulnerability exists in the /goform/WanParameterSetting functionality of Tenda AC9 Router AC1200 Smart Dual-Band Gigabit WiFi Route (AC9V1.0 Firmware V15.03.05.16multiTRU). A specially crafted HTTP POST request can cause a command injection in the DNS2 post parameters, resulting in code execution. An attacker can send HTTP POST request with command to trigger this vulnerability.
CVE-2019-5071 1 Tendacn 2 Ac1200 Smart Dual-band Gigabit Wifi, Ac9v1.0 Firmware 2022-06-21 7.2 HIGH 7.8 HIGH
An exploitable command injection vulnerability exists in the /goform/WanParameterSetting functionality of Tenda AC9 Router AC1200 Smart Dual-Band Gigabit WiFi Route (AC9V1.0 Firmware V15.03.05.16multiTRU). A specially crafted HTTP POST request can cause a command injection in the DNS1 post parameters, resulting in code execution. An attacker can send HTTP POST request with command to trigger this vulnerability.
CVE-2022-31446 1 Tendacn 2 Ac18, Ac18 Firmware 2022-06-17 10.0 HIGH 9.8 CRITICAL
Tenda AC18 router V15.03.05.19 and V15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at ip/goform/WriteFacMac.
CVE-2021-38772 1 Tendacn 2 Ac10, Ac10 Firmware 2022-03-29 7.8 HIGH 7.5 HIGH
Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function.
CVE-2022-26243 1 Tendacn 2 Ac10, Ac10 Firmware 2022-03-29 7.8 HIGH 7.5 HIGH
Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow in the setSmartPowerManagement function.
CVE-2021-38278 1 Tendacn 2 Ac10, Ac10 Firmware 2022-03-29 7.5 HIGH 9.8 CRITICAL
Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow via the urls parameter in the saveParentControlInfo function.
CVE-2021-45401 1 Tendacn 2 Ac10u, Ac10u Firmware 2022-02-28 7.5 HIGH 9.8 CRITICAL
A Command injection vulnerability exists in Tenda AC10U AC1200 Smart Dual-band Wireless Router AC10U V1.0 Firmware V15.03.06.49_multi via the setUsbUnload functionality. The vulnerability is caused because the client controlled "deviceName" value is passed directly to the "doSystemCmd" function.
CVE-2021-45990 1 Tendacn 4 G1, G1 Firmware, G3 and 1 more 2022-02-08 7.5 HIGH 9.8 CRITICAL
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function uploadPicture. This vulnerability allows attackers to execute arbitrary commands via the pic_name parameter.
CVE-2021-45997 1 Tendacn 4 G1, G1 Firmware, G3 and 1 more 2022-02-08 7.8 HIGH 7.5 HIGH
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetPortMapping. This vulnerability allows attackers to cause a Denial of Service (DoS) via the portMappingServer, portMappingProtocol, portMappingWan, porMappingtInternal, and portMappingExternal parameters.
CVE-2021-45992 1 Tendacn 4 G1, G1 Firmware, G3 and 1 more 2022-02-08 7.8 HIGH 7.5 HIGH
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetQvlanList. This vulnerability allows attackers to cause a Denial of Service (DoS) via the qvlanName parameter.
CVE-2021-45993 1 Tendacn 4 G1, G1 Firmware, G3 and 1 more 2022-02-08 7.8 HIGH 7.5 HIGH
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formIPMacBindModify. This vulnerability allows attackers to cause a Denial of Service (DoS) via the IPMacBindRuleIP and IPMacBindRuleMac parameters.
CVE-2021-45996 1 Tendacn 4 G1, G1 Firmware, G3 and 1 more 2022-02-08 7.8 HIGH 7.5 HIGH
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetPortMapping. This vulnerability allows attackers to cause a Denial of Service (DoS) via the portMappingServer, portMappingProtocol, portMappingWan, porMappingtInternal, and portMappingExternal parameters.
CVE-2021-45995 1 Tendacn 4 G1, G1 Firmware, G3 and 1 more 2022-02-08 7.8 HIGH 7.5 HIGH
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetStaticRoute. This vulnerability allows attackers to cause a Denial of Service (DoS) via the staticRouteNet, staticRouteMask, and staticRouteGateway parameters.
CVE-2022-24166 1 Tendacn 4 G1, G1 Firmware, G3 and 1 more 2022-02-08 7.8 HIGH 7.5 HIGH
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the manualTime parameter.
CVE-2022-24165 1 Tendacn 4 G1, G1 Firmware, G3 and 1 more 2022-02-08 7.5 HIGH 9.8 CRITICAL
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetQvlanList. This vulnerability allows attackers to execute arbitrary commands via the qvlanIP parameter.
CVE-2022-24164 1 Tendacn 4 G1, G1 Firmware, G3 and 1 more 2022-02-08 7.8 HIGH 7.5 HIGH
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetVirtualSer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the DnsHijackRule parameter.
CVE-2022-24168 1 Tendacn 4 G1, G1 Firmware, G3 and 1 more 2022-02-08 7.5 HIGH 9.8 CRITICAL
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetIpGroup. This vulnerability allows attackers to execute arbitrary commands via the IPGroupStartIP and IPGroupEndIP parameters.
CVE-2022-24169 1 Tendacn 4 G1, G1 Firmware, G3 and 1 more 2022-02-08 7.8 HIGH 7.5 HIGH
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formIPMacBindAdd. This vulnerability allows attackers to cause a Denial of Service (DoS) via the IPMacBindRule parameter.
CVE-2022-24167 1 Tendacn 4 G1, G1 Firmware, G3 and 1 more 2022-02-08 7.5 HIGH 9.8 CRITICAL
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetDMZ. This vulnerability allows attackers to execute arbitrary commands via the dmzHost1 parameter.