Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Tendacn Subscribe
Filtered by product G1 Firmware
Total 23 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-27692 1 Tendacn 4 G1, G1 Firmware, G3 and 1 more 2022-07-12 10.0 HIGH 9.8 CRITICAL
Command Injection in Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted "action/umountUSBPartition" request. This occurs because the "formSetUSBPartitionUmount" function executes the "doSystemCmd" function with untrusted input.
CVE-2021-27691 1 Tendacn 6 G0, G0 Firmware, G1 and 3 more 2022-07-12 10.0 HIGH 9.8 CRITICAL
Command Injection in Tenda G0 routers with firmware versions v15.11.0.6(9039)_CN and v15.11.0.5(5876)_CN , and Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted action/setDebugCfg request. This occurs because the "formSetDebugCfg" function executes glibc's system function with untrusted input.
CVE-2021-45987 1 Tendacn 4 G1, G1 Firmware, G3 and 1 more 2022-07-12 7.5 HIGH 9.8 CRITICAL
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetNetCheckTools. This vulnerability allows attackers to execute arbitrary commands via the hostName parameter.
CVE-2021-45986 1 Tendacn 4 G1, G1 Firmware, G3 and 1 more 2022-07-12 7.5 HIGH 9.8 CRITICAL
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetUSBShareInfo. This vulnerability allows attackers to execute arbitrary commands via the usbOrdinaryUserName parameter.
CVE-2021-45990 1 Tendacn 4 G1, G1 Firmware, G3 and 1 more 2022-02-08 7.5 HIGH 9.8 CRITICAL
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function uploadPicture. This vulnerability allows attackers to execute arbitrary commands via the pic_name parameter.
CVE-2021-45997 1 Tendacn 4 G1, G1 Firmware, G3 and 1 more 2022-02-08 7.8 HIGH 7.5 HIGH
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetPortMapping. This vulnerability allows attackers to cause a Denial of Service (DoS) via the portMappingServer, portMappingProtocol, portMappingWan, porMappingtInternal, and portMappingExternal parameters.
CVE-2021-45992 1 Tendacn 4 G1, G1 Firmware, G3 and 1 more 2022-02-08 7.8 HIGH 7.5 HIGH
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetQvlanList. This vulnerability allows attackers to cause a Denial of Service (DoS) via the qvlanName parameter.
CVE-2021-45993 1 Tendacn 4 G1, G1 Firmware, G3 and 1 more 2022-02-08 7.8 HIGH 7.5 HIGH
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formIPMacBindModify. This vulnerability allows attackers to cause a Denial of Service (DoS) via the IPMacBindRuleIP and IPMacBindRuleMac parameters.
CVE-2021-45996 1 Tendacn 4 G1, G1 Firmware, G3 and 1 more 2022-02-08 7.8 HIGH 7.5 HIGH
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetPortMapping. This vulnerability allows attackers to cause a Denial of Service (DoS) via the portMappingServer, portMappingProtocol, portMappingWan, porMappingtInternal, and portMappingExternal parameters.
CVE-2021-45995 1 Tendacn 4 G1, G1 Firmware, G3 and 1 more 2022-02-08 7.8 HIGH 7.5 HIGH
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetStaticRoute. This vulnerability allows attackers to cause a Denial of Service (DoS) via the staticRouteNet, staticRouteMask, and staticRouteGateway parameters.
CVE-2022-24166 1 Tendacn 4 G1, G1 Firmware, G3 and 1 more 2022-02-08 7.8 HIGH 7.5 HIGH
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the manualTime parameter.
CVE-2022-24165 1 Tendacn 4 G1, G1 Firmware, G3 and 1 more 2022-02-08 7.5 HIGH 9.8 CRITICAL
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetQvlanList. This vulnerability allows attackers to execute arbitrary commands via the qvlanIP parameter.
CVE-2022-24164 1 Tendacn 4 G1, G1 Firmware, G3 and 1 more 2022-02-08 7.8 HIGH 7.5 HIGH
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetVirtualSer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the DnsHijackRule parameter.
CVE-2022-24168 1 Tendacn 4 G1, G1 Firmware, G3 and 1 more 2022-02-08 7.5 HIGH 9.8 CRITICAL
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetIpGroup. This vulnerability allows attackers to execute arbitrary commands via the IPGroupStartIP and IPGroupEndIP parameters.
CVE-2022-24169 1 Tendacn 4 G1, G1 Firmware, G3 and 1 more 2022-02-08 7.8 HIGH 7.5 HIGH
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formIPMacBindAdd. This vulnerability allows attackers to cause a Denial of Service (DoS) via the IPMacBindRule parameter.
CVE-2022-24167 1 Tendacn 4 G1, G1 Firmware, G3 and 1 more 2022-02-08 7.5 HIGH 9.8 CRITICAL
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetDMZ. This vulnerability allows attackers to execute arbitrary commands via the dmzHost1 parameter.
CVE-2021-45994 1 Tendacn 4 G1, G1 Firmware, G3 and 1 more 2022-02-08 7.8 HIGH 7.5 HIGH
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formDelDhcpRule. This vulnerability allows attackers to cause a Denial of Service (DoS) via the delDhcpIndex parameter.
CVE-2021-45991 1 Tendacn 4 G1, G1 Firmware, G3 and 1 more 2022-02-08 7.8 HIGH 7.5 HIGH
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formAddVpnUsers. This vulnerability allows attackers to cause a Denial of Service (DoS) via the vpnUsers parameter.
CVE-2022-24172 1 Tendacn 4 G1, G1 Firmware, G3 and 1 more 2022-02-08 7.8 HIGH 7.5 HIGH
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formAddDhcpBindRule. This vulnerability allows attackers to cause a Denial of Service (DoS) via the addDhcpRules parameter.
CVE-2021-45989 1 Tendacn 4 G1, G1 Firmware, G3 and 1 more 2022-02-08 7.8 HIGH 7.5 HIGH
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function guestWifiRuleRefresh. This vulnerability allows attackers to cause a Denial of Service (DoS) via the qosGuestUpstream and qosGuestDownstream parameters.