Vulnerabilites related to tenda - ac1206_firmware
cve-2022-42077
Vulnerability from cvelistv5
Published
2022-10-12 00:00
Modified
2024-08-03 13:03
Severity ?
EPSS score ?
Summary
Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:03:44.097Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/tianhui999/myCVE/blob/main/AC1206/AC1206-1.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-12T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/tianhui999/myCVE/blob/main/AC1206/AC1206-1.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-42077",
"datePublished": "2022-10-12T00:00:00",
"dateReserved": "2022-10-03T00:00:00",
"dateUpdated": "2024-08-03T13:03:44.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-37711
Vulnerability from cvelistv5
Published
2023-07-10 00:00
Modified
2024-11-12 14:33
Severity ?
EPSS score ?
Summary
Tenda AC1206 V15.03.06.23 and AC10 V15.03.06.47 were discovered to contain a stack overflow in the deviceId parameter in the saveParentControlInfo function.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:23:26.314Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/saveParentControlInfo"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac1206",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V15.03.06.23"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac10",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V15.03.06.47"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37711",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T14:31:46.108590Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T14:33:31.886Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 V15.03.06.23 and AC10 V15.03.06.47 were discovered to contain a stack overflow in the deviceId parameter in the saveParentControlInfo function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-10T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/saveParentControlInfo"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-37711",
"datePublished": "2023-07-10T00:00:00",
"dateReserved": "2023-07-10T00:00:00",
"dateUpdated": "2024-11-12T14:33:31.886Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-37804
Vulnerability from cvelistv5
Published
2022-08-25 14:04
Modified
2024-08-03 10:37
Severity ?
EPSS score ?
Summary
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the time parameter in the function saveParentControlInfo.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/3 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:41.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the time parameter in the function saveParentControlInfo."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T14:04:34",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37804",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the time parameter in the function saveParentControlInfo."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/3",
"refsource": "MISC",
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37804",
"datePublished": "2022-08-25T14:04:34",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:41.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-37812
Vulnerability from cvelistv5
Published
2022-08-25 14:05
Modified
2024-08-03 10:37
Severity ?
EPSS score ?
Summary
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the firewallEn parameter in the function formSetFirewallCfg.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/12 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:41.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the firewallEn parameter in the function formSetFirewallCfg."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T14:05:43",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/12"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37812",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the firewallEn parameter in the function formSetFirewallCfg."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/12",
"refsource": "MISC",
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/12"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37812",
"datePublished": "2022-08-25T14:05:43",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:41.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-37803
Vulnerability from cvelistv5
Published
2022-08-25 14:04
Modified
2024-08-03 10:37
Severity ?
EPSS score ?
Summary
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the page parameter in the function fromAddressNat.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/8 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:41.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the page parameter in the function fromAddressNat."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T14:04:37",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the page parameter in the function fromAddressNat."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/8",
"refsource": "MISC",
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37803",
"datePublished": "2022-08-25T14:04:37",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:41.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-37816
Vulnerability from cvelistv5
Published
2022-08-25 14:07
Modified
2024-08-03 10:37
Severity ?
EPSS score ?
Summary
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function fromSetIpMacBind.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/13 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:41.972Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/13"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function fromSetIpMacBind."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T14:06:48",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/13"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37816",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function fromSetIpMacBind."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/13",
"refsource": "MISC",
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/13"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37816",
"datePublished": "2022-08-25T14:07:19",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:41.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-37811
Vulnerability from cvelistv5
Published
2022-08-25 14:05
Modified
2024-08-03 10:37
Severity ?
EPSS score ?
Summary
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the startIp parameter in the function formSetPPTPServer.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/17 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:42.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the startIp parameter in the function formSetPPTPServer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T14:05:43",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/17"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37811",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the startIp parameter in the function formSetPPTPServer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/17",
"refsource": "MISC",
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/17"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37811",
"datePublished": "2022-08-25T14:05:43",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:42.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-37807
Vulnerability from cvelistv5
Published
2022-08-25 14:06
Modified
2024-08-03 10:37
Severity ?
EPSS score ?
Summary
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function formSetClientState.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/10 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:42.092Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function formSetClientState."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T14:06:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/10"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37807",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function formSetClientState."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/10",
"refsource": "MISC",
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/10"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37807",
"datePublished": "2022-08-25T14:06:06",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:42.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-37710
Vulnerability from cvelistv5
Published
2023-07-10 00:00
Modified
2024-11-12 14:34
Severity ?
EPSS score ?
Summary
Tenda AC1206 V15.03.06.23 and AC10 V15.03.06.47 were discovered to contain a stack overflow in the wpapsk_crypto parameter in the fromSetWirelessRepeat function.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:23:26.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/fromSetWirelessRepeat"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac1206",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V15.03.06.23"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac10",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V15.03.06.47"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37710",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T14:33:52.670978Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T14:34:39.420Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 V15.03.06.23 and AC10 V15.03.06.47 were discovered to contain a stack overflow in the wpapsk_crypto parameter in the fromSetWirelessRepeat function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-10T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/fromSetWirelessRepeat"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-37710",
"datePublished": "2023-07-10T00:00:00",
"dateReserved": "2023-07-10T00:00:00",
"dateUpdated": "2024-11-12T14:34:39.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-42078
Vulnerability from cvelistv5
Published
2022-10-12 00:00
Modified
2024-08-03 13:03
Severity ?
EPSS score ?
Summary
Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:03:45.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/tianhui999/myCVE/blob/main/AC1206/AC1206-2.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-12T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/tianhui999/myCVE/blob/main/AC1206/AC1206-2.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-42078",
"datePublished": "2022-10-12T00:00:00",
"dateReserved": "2022-10-03T00:00:00",
"dateUpdated": "2024-08-03T13:03:45.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-10434
Vulnerability from cvelistv5
Published
2024-10-28 00:31
Modified
2024-10-28 13:00
Severity ?
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS score ?
Summary
A vulnerability was found in Tenda AC1206 up to 20241027. It has been classified as critical. This affects the function ate_Tenda_mfg_check_usb/ate_Tenda_mfg_check_usb3 of the file /goform/ate. The manipulation of the argument arg leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.281985 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.281985 | signature, permissions-required | |
| https://vuldb.com/?submit.431291 | third-party-advisory | |
| https://github.com/physicszq/Routers/blob/main/Tenda/README.md | exploit | |
| https://www.tenda.com.cn/ | product |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac1206",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "20241027"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10434",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T12:59:43.912430Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T13:00:50.500Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC1206",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "20241027"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "physicszq (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda AC1206 up to 20241027. It has been classified as critical. This affects the function ate_Tenda_mfg_check_usb/ate_Tenda_mfg_check_usb3 of the file /goform/ate. The manipulation of the argument arg leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Tenda AC1206 bis 20241027 ausgemacht. Sie wurde als kritisch eingestuft. Es betrifft die Funktion ate_Tenda_mfg_check_usb/ate_Tenda_mfg_check_usb3 der Datei /goform/ate. Dank der Manipulation des Arguments arg mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T00:31:05.947Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-281985 | Tenda AC1206 ate ate_Tenda_mfg_check_usb3 stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.281985"
},
{
"name": "VDB-281985 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.281985"
},
{
"name": "Submit #431291 | tenda tenda router AC1206 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.431291"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/physicszq/Routers/blob/main/Tenda/README.md"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-10-27T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-10-27T08:26:44.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC1206 ate ate_Tenda_mfg_check_usb3 stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-10434",
"datePublished": "2024-10-28T00:31:05.947Z",
"dateReserved": "2024-10-27T07:21:32.313Z",
"dateUpdated": "2024-10-28T13:00:50.500Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-42081
Vulnerability from cvelistv5
Published
2022-10-12 00:00
Modified
2024-08-03 13:03
Severity ?
EPSS score ?
Summary
Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a stack overflow via sched_end_time parameter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:03:44.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/tianhui999/myCVE/blob/main/AC1206/AC1206-5.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a stack overflow via sched_end_time parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-12T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/tianhui999/myCVE/blob/main/AC1206/AC1206-5.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-42081",
"datePublished": "2022-10-12T00:00:00",
"dateReserved": "2022-10-03T00:00:00",
"dateUpdated": "2024-08-03T13:03:44.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-37712
Vulnerability from cvelistv5
Published
2023-07-10 00:00
Modified
2025-01-06 17:04
Severity ?
EPSS score ?
Summary
Tenda AC1206 V15.03.06.23, F1202 V1.2.0.20(408), and FH1202 V1.2.0.20(408) were discovered to contain a stack overflow in the page parameter in the fromSetIpBind function.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:23:26.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/fromSetIpBind"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac1206",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V15.03.06.23"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:f1202:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "f1202",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V1.2.0.20(408)"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:fh1202:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fh1202",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V1.2.0.20(408)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-37712",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T14:22:23.510741Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-06T17:04:54.130Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/fromSetIpBind"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 V15.03.06.23, F1202 V1.2.0.20(408), and FH1202 V1.2.0.20(408) were discovered to contain a stack overflow in the page parameter in the fromSetIpBind function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-10T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/fromSetIpBind"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-37712",
"datePublished": "2023-07-10T00:00:00",
"dateReserved": "2023-07-10T00:00:00",
"dateUpdated": "2025-01-06T17:04:54.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-37809
Vulnerability from cvelistv5
Published
2022-08-25 14:06
Modified
2024-08-03 10:37
Severity ?
EPSS score ?
Summary
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the speed_dir parameter in the function formSetSpeedWan.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/11 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:41.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the speed_dir parameter in the function formSetSpeedWan."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T14:06:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37809",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the speed_dir parameter in the function formSetSpeedWan."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/11",
"refsource": "MISC",
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37809",
"datePublished": "2022-08-25T14:06:48",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:41.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-37814
Vulnerability from cvelistv5
Published
2022-08-25 14:07
Modified
2024-08-03 10:37
Severity ?
EPSS score ?
Summary
Tenda AC1206 V15.03.06.23 was discovered to contain multiple stack overflows via the deviceMac and the device_id parameters in the function addWifiMacFilter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/14 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:41.715Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain multiple stack overflows via the deviceMac and the device_id parameters in the function addWifiMacFilter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T14:06:44",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/14"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37814",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain multiple stack overflows via the deviceMac and the device_id parameters in the function addWifiMacFilter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/14",
"refsource": "MISC",
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/14"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37814",
"datePublished": "2022-08-25T14:07:12",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:41.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-10280
Vulnerability from cvelistv5
Published
2024-10-23 13:31
Modified
2024-10-23 17:41
Severity ?
7.1 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS score ?
Summary
A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.281555 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.281555 | signature, permissions-required | |
| https://vuldb.com/?submit.426417 | third-party-advisory | |
| https://github.com/JohenanLi/router_vuls/blob/main/websReadEvent/websReadEvent.md | exploit | |
| https://www.tenda.com.cn/ | product |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Tenda | AC6 |
Version: 20241022 |
||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:ac6_firmware:15.03.06.23:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac6_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "15.03.06.23"
}
]
},
{
"cpes": [
"cpe:2.3:o:tenda:ac8_firmware:16.03.34.06:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac8_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "16.03.34.06"
}
]
},
{
"cpes": [
"cpe:2.3:a:tenda:ac8_firmware:16.03.34.09:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac8_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "16.03.34.09"
}
]
},
{
"cpes": [
"cpe:2.3:o:tenda:ac10_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac10_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "16.03.48.23"
},
{
"status": "affected",
"version": "16.03.48.19"
},
{
"status": "affected",
"version": "16.03.48.20"
},
{
"status": "affected",
"version": "16.03.48.13"
}
]
},
{
"cpes": [
"cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac1206_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "15.03.06.23"
}
]
},
{
"cpes": [
"cpe:2.3:o:tenda:ac9_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac9_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "15.03.06.42"
},
{
"status": "affected",
"version": "15.03.05.19\\(6318_\\)"
},
{
"status": "affected",
"version": "15.03.05.14"
},
{
"status": "affected",
"version": "15.03.2.13"
}
]
},
{
"cpes": [
"cpe:2.3:o:tenda:ac18_firmware:15.03.05.05:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac18_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "15.03.05.05"
}
]
},
{
"cpes": [
"cpe:2.3:o:tenda:ac18_firmware:15.03.05.19\\(6318\\):*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac18_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "15.03.05.19\\(6318\\)"
}
]
},
{
"cpes": [
"cpe:2.3:o:tenda:ac500_firmware:2.0.1.9\\(1307\\):*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac500_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "2.0.1.9\\(1307\\)"
}
]
},
{
"cpes": [
"cpe:2.3:o:tenda:ac500_firmware:1.0.0.16:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac500_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "1.0.0.16"
}
]
},
{
"cpes": [
"cpe:2.3:o:tenda:ac500_firmware:1.0.0.14:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac500_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "1.0.0.14"
}
]
},
{
"cpes": [
"cpe:2.3:o:tenda:ac10u_firmware:15.03.06.48:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac10u_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "15.03.06.48"
}
]
},
{
"cpes": [
"cpe:2.3:o:tenda:ac10u_firmware:15.03.06.49:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac10u_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "15.03.06.49"
}
]
},
{
"cpes": [
"cpe:2.3:o:tenda:ac7_firmware:15.03.06.44:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac7_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "15.03.06.44"
}
]
},
{
"cpes": [
"cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac15_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "15.03.05.18"
}
]
},
{
"cpes": [
"cpe:2.3:o:tenda:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac15_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "15.03.05.19"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10280",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T17:28:19.760214Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T17:41:57.370Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC6",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "20241022"
}
]
},
{
"product": "AC7",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "20241022"
}
]
},
{
"product": "AC8",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "20241022"
}
]
},
{
"product": "AC9",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "20241022"
}
]
},
{
"product": "AC10",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "20241022"
}
]
},
{
"product": "AC10U",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "20241022"
}
]
},
{
"product": "AC15",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "20241022"
}
]
},
{
"product": "AC18",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "20241022"
}
]
},
{
"product": "AC500",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "20241022"
}
]
},
{
"product": "AC1206",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "20241022"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "minipython (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 bis 20241022 ausgemacht. Sie wurde als problematisch eingestuft. Davon betroffen ist die Funktion websReadEvent der Datei /goform/GetIPTV. Durch Beeinflussen des Arguments Content-Length mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T13:31:07.315Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-281555 | Tenda AC6/AC7/AC8/AC9/AC10/AC10U/AC15/AC18/AC500/AC1206 GetIPTV websReadEvent null pointer dereference",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.281555"
},
{
"name": "VDB-281555 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.281555"
},
{
"name": "Submit #426417 | Tenda AC8v4 V16.03.34.06 NULL Pointer Dereference",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.426417"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/JohenanLi/router_vuls/blob/main/websReadEvent/websReadEvent.md"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-23T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-10-23T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-10-23T08:07:55.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC6/AC7/AC8/AC9/AC10/AC10U/AC15/AC18/AC500/AC1206 GetIPTV websReadEvent null pointer dereference"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-10280",
"datePublished": "2024-10-23T13:31:07.315Z",
"dateReserved": "2024-10-23T06:02:03.363Z",
"dateUpdated": "2024-10-23T17:41:57.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-42080
Vulnerability from cvelistv5
Published
2022-10-12 00:00
Modified
2024-08-03 13:03
Severity ?
EPSS score ?
Summary
Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a heap overflow via sched_start_time parameter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:03:44.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/tianhui999/myCVE/blob/main/AC1206/AC1206-4.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a heap overflow via sched_start_time parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-12T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/tianhui999/myCVE/blob/main/AC1206/AC1206-4.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-42080",
"datePublished": "2022-10-12T00:00:00",
"dateReserved": "2022-10-03T00:00:00",
"dateUpdated": "2024-08-03T13:03:44.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-9793
Vulnerability from cvelistv5
Published
2024-10-10 15:31
Modified
2024-10-10 17:46
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. This vulnerability affects the function ate_iwpriv_set/ate_ifconfig_set of the file /goform/ate. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.279946 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.279946 | signature, permissions-required | |
| https://vuldb.com/?submit.418061 | third-party-advisory | |
| https://github.com/ixout/iotVuls/blob/main/Tenda/ac1206_004/report.md | related | |
| https://github.com/ixout/iotVuls/blob/main/Tenda/ac1206_003/report.md | exploit | |
| https://www.tenda.com.cn/ | product |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Tenda | AC1206 |
Version: 15.03.06.0 Version: 15.03.06.1 Version: 15.03.06.2 Version: 15.03.06.3 Version: 15.03.06.4 Version: 15.03.06.5 Version: 15.03.06.6 Version: 15.03.06.7 Version: 15.03.06.8 Version: 15.03.06.9 Version: 15.03.06.10 Version: 15.03.06.11 Version: 15.03.06.12 Version: 15.03.06.13 Version: 15.03.06.14 Version: 15.03.06.15 Version: 15.03.06.16 Version: 15.03.06.17 Version: 15.03.06.18 Version: 15.03.06.19 Version: 15.03.06.20 Version: 15.03.06.21 Version: 15.03.06.22 Version: 15.03.06.23 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:ac1206_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac1206_firmware",
"vendor": "tenda",
"versions": [
{
"lessThanOrEqual": "15.03.06.23",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9793",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T16:09:15.570083Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T17:46:05.897Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AC1206",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "15.03.06.0"
},
{
"status": "affected",
"version": "15.03.06.1"
},
{
"status": "affected",
"version": "15.03.06.2"
},
{
"status": "affected",
"version": "15.03.06.3"
},
{
"status": "affected",
"version": "15.03.06.4"
},
{
"status": "affected",
"version": "15.03.06.5"
},
{
"status": "affected",
"version": "15.03.06.6"
},
{
"status": "affected",
"version": "15.03.06.7"
},
{
"status": "affected",
"version": "15.03.06.8"
},
{
"status": "affected",
"version": "15.03.06.9"
},
{
"status": "affected",
"version": "15.03.06.10"
},
{
"status": "affected",
"version": "15.03.06.11"
},
{
"status": "affected",
"version": "15.03.06.12"
},
{
"status": "affected",
"version": "15.03.06.13"
},
{
"status": "affected",
"version": "15.03.06.14"
},
{
"status": "affected",
"version": "15.03.06.15"
},
{
"status": "affected",
"version": "15.03.06.16"
},
{
"status": "affected",
"version": "15.03.06.17"
},
{
"status": "affected",
"version": "15.03.06.18"
},
{
"status": "affected",
"version": "15.03.06.19"
},
{
"status": "affected",
"version": "15.03.06.20"
},
{
"status": "affected",
"version": "15.03.06.21"
},
{
"status": "affected",
"version": "15.03.06.22"
},
{
"status": "affected",
"version": "15.03.06.23"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ixout (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. This vulnerability affects the function ate_iwpriv_set/ate_ifconfig_set of the file /goform/ate. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Tenda AC1206 bis 15.03.06.23 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Das betrifft die Funktion ate_iwpriv_set/ate_ifconfig_set der Datei /goform/ate. Durch das Manipulieren mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T15:31:06.625Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-279946 | Tenda AC1206 ate ate_ifconfig_set command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.279946"
},
{
"name": "VDB-279946 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.279946"
},
{
"name": "Submit #418061 | Tenda Router V15.03.06.23 and earlier Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.418061"
},
{
"tags": [
"related"
],
"url": "https://github.com/ixout/iotVuls/blob/main/Tenda/ac1206_004/report.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/ixout/iotVuls/blob/main/Tenda/ac1206_003/report.md"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-10-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-10-10T09:28:24.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC1206 ate ate_ifconfig_set command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-9793",
"datePublished": "2024-10-10T15:31:06.625Z",
"dateReserved": "2024-10-10T07:23:14.015Z",
"dateUpdated": "2024-10-10T17:46:05.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-38936
Vulnerability from cvelistv5
Published
2023-08-07 00:00
Modified
2024-10-15 20:05
Severity ?
EPSS score ?
Summary
Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6, AC9 V3.0 V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:54:39.689Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetSpeedWan/README.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac10",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V1.0 V15.03.06.23"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac1206",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V15.03.06.23,"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac6:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac6",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V2.0 V15.03.06.23"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac7",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V1.0 V15.03.06.44,"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac5",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V1.0 V15.03.06.28"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fh1203",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V2.0.1.6"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac9",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V3.0 V15.03.06.42_multi"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:fh1205:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fh1205",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V2.0.0.7(775)"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38936",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T20:02:03.283677Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T20:05:36.911Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6, AC9 V3.0 V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-07T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetSpeedWan/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38936",
"datePublished": "2023-08-07T00:00:00",
"dateReserved": "2023-07-25T00:00:00",
"dateUpdated": "2024-10-15T20:05:36.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-38933
Vulnerability from cvelistv5
Published
2023-08-07 00:00
Modified
2024-10-17 13:51
Severity ?
EPSS score ?
Summary
Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6 and AC9 V3.0 V15.03.06.42_multi, and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:54:39.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetClientState/README.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac7",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V1.0 V15.03.06.44"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:f1203:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "f1203",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V2.0.1.6"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac5",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V1.0 V15.03.06.28"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fh1203",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V2.0.1.6"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac9",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V3.0 V15.03.06.42_multi"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:fh1205:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fh1205",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V2.0.0.7(775)"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac6:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac6",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V2.0 V15.03.06.23"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38933",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T13:48:33.206945Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T13:51:46.931Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6 and AC9 V3.0 V15.03.06.42_multi, and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-07T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetClientState/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38933",
"datePublished": "2023-08-07T00:00:00",
"dateReserved": "2023-07-25T00:00:00",
"dateUpdated": "2024-10-17T13:51:46.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-37808
Vulnerability from cvelistv5
Published
2022-08-25 14:06
Modified
2024-08-03 10:37
Severity ?
EPSS score ?
Summary
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the index parameter in the function formWifiWpsOOB.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/15 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:41.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/15"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the index parameter in the function formWifiWpsOOB."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T14:06:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/15"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37808",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the index parameter in the function formWifiWpsOOB."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/15",
"refsource": "MISC",
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/15"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37808",
"datePublished": "2022-08-25T14:06:15",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:41.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-37813
Vulnerability from cvelistv5
Published
2022-08-25 14:06
Modified
2024-08-03 10:37
Severity ?
EPSS score ?
Summary
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function fromSetSysTime.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/16 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:41.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function fromSetSysTime."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T14:06:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37813",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function fromSetSysTime."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/16",
"refsource": "MISC",
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37813",
"datePublished": "2022-08-25T14:06:50",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:41.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-37805
Vulnerability from cvelistv5
Published
2022-08-25 14:05
Modified
2024-08-03 10:37
Severity ?
EPSS score ?
Summary
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function fromWizardHandle.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:41.888Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function fromWizardHandle."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T14:05:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37805",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function fromWizardHandle."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/1",
"refsource": "MISC",
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37805",
"datePublished": "2022-08-25T14:05:57",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:41.888Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-37717
Vulnerability from cvelistv5
Published
2023-07-14 00:00
Modified
2024-10-30 15:39
Severity ?
EPSS score ?
Summary
Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromDhcpListClient.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:23:27.232Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/fromDhcpListClient/repot.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:tenda:f1202:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "f1202",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V1.0BR_V1.2.0.20(408)"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:fh1202:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fh1202",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V1.2.0.19_EN"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac10",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V1.0,"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac1206",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V1.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac7",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V1.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac5",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V1.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac9",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V3.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37717",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T15:36:28.731124Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T15:39:40.848Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromDhcpListClient."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-14T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/fromDhcpListClient/repot.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-37717",
"datePublished": "2023-07-14T00:00:00",
"dateReserved": "2023-07-10T00:00:00",
"dateUpdated": "2024-10-30T15:39:40.848Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-37716
Vulnerability from cvelistv5
Published
2023-07-14 00:00
Modified
2024-10-30 15:44
Severity ?
EPSS score ?
Summary
Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromNatStaticSetting.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:23:26.317Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/fromNatStaticSetting/report.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:tenda:f1202:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "f1202",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V1.0BR_V1.2.0.20(408)"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:fh1202:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fh1202",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V1.2.0.19_EN"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac10",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "v.1.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac1206",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "v1.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac7",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "v1.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac5",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "v1.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac9",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "v3.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37716",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T15:41:48.422746Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T15:44:13.700Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromNatStaticSetting."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-14T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/fromNatStaticSetting/report.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-37716",
"datePublished": "2023-07-14T00:00:00",
"dateReserved": "2023-07-10T00:00:00",
"dateUpdated": "2024-10-30T15:44:13.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-37799
Vulnerability from cvelistv5
Published
2022-08-25 14:04
Modified
2024-08-03 10:37
Severity ?
EPSS score ?
Summary
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the time parameter at the function setSmartPowerManagement.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:42.263Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the time parameter at the function setSmartPowerManagement."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T14:04:30",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37799",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the time parameter at the function setSmartPowerManagement."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/2",
"refsource": "MISC",
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37799",
"datePublished": "2022-08-25T14:04:30",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:42.263Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-37815
Vulnerability from cvelistv5
Published
2022-08-25 14:06
Modified
2024-08-03 10:37
Severity ?
EPSS score ?
Summary
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the PPPOEPassword parameter in the function formQuickIndex.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/18 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:42.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the PPPOEPassword parameter in the function formQuickIndex."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T14:06:48",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37815",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the PPPOEPassword parameter in the function formQuickIndex."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/18",
"refsource": "MISC",
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37815",
"datePublished": "2022-08-25T14:06:55",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:42.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-38937
Vulnerability from cvelistv5
Published
2023-08-07 00:00
Modified
2024-10-17 14:40
Severity ?
EPSS score ?
Summary
Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, AC9 V3.0 V15.03.06.42_multi and AC10 v4.0 V16.03.10.13 were discovered to contain a stack overflow via the list parameter in the formSetVirtualSer function.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:54:39.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetVirtualSer/README.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:tenda:ac6:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac6",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V2.0 V15.03.06.23"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac10",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V1.0 V15.03.06.23"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac1206",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V15.03.06.23"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac8:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac8",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "v4 V16.03.34.06"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac7",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V1.0 V15.03.06.44"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac5",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V1.0 V15.03.06.28"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac9",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V3.0 V15.03.06.42_multi"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac10",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "v4.0 V16.03.10.13"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38937",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T14:37:17.298133Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T14:40:31.909Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, AC9 V3.0 V15.03.06.42_multi and AC10 v4.0 V16.03.10.13 were discovered to contain a stack overflow via the list parameter in the formSetVirtualSer function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-07T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetVirtualSer/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38937",
"datePublished": "2023-08-07T00:00:00",
"dateReserved": "2023-07-25T00:00:00",
"dateUpdated": "2024-10-17T14:40:31.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-37800
Vulnerability from cvelistv5
Published
2022-08-25 14:04
Modified
2024-08-03 10:37
Severity ?
EPSS score ?
Summary
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the list parameter at the function fromSetRouteStatic.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/7 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:41.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the list parameter at the function fromSetRouteStatic."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T14:04:34",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37800",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the list parameter at the function fromSetRouteStatic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/7",
"refsource": "MISC",
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37800",
"datePublished": "2022-08-25T14:04:34",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:41.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-37801
Vulnerability from cvelistv5
Published
2022-08-25 14:04
Modified
2024-08-03 10:37
Severity ?
EPSS score ?
Summary
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the list parameter at the function formSetQosBand.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/9 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:41.784Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the list parameter at the function formSetQosBand."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T14:04:34",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37801",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the list parameter at the function formSetQosBand."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/9",
"refsource": "MISC",
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37801",
"datePublished": "2022-08-25T14:04:34",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:41.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-37798
Vulnerability from cvelistv5
Published
2022-08-25 14:04
Modified
2024-08-03 10:37
Severity ?
EPSS score ?
Summary
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the list parameter at the function formSetVirtualSer.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/5 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:41.745Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the list parameter at the function formSetVirtualSer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T14:04:30",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37798",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the list parameter at the function formSetVirtualSer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/5",
"refsource": "MISC",
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37798",
"datePublished": "2022-08-25T14:04:30",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:41.745Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-38931
Vulnerability from cvelistv5
Published
2023-08-07 00:00
Modified
2024-10-17 13:55
Severity ?
EPSS score ?
Summary
Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and FH1203 V2.0.1.6 were discovered to contain a stack overflow via the list parameter in the setaccount function.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:54:39.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/cloudv2_setaccount/README.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac10",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V1.0 V15.03.06.23"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac1206",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V15.03.06.23"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac8:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac8",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "v4 V16.03.34.06"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac6:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac6",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V2.0 V15.03.06.23"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac7",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V1.0 V15.03.06.44"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:f1203:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "f1203",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V2.0.1.6"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac5",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V1.0 V15.03.06.28"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac10",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "v4.0 V16.03.10.13"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fh1203",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V2.0.1.6"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38931",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T13:52:20.173225Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T13:55:25.786Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and FH1203 V2.0.1.6 were discovered to contain a stack overflow via the list parameter in the setaccount function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-07T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/cloudv2_setaccount/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38931",
"datePublished": "2023-08-07T00:00:00",
"dateReserved": "2023-07-25T00:00:00",
"dateUpdated": "2024-10-17T13:55:25.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-37802
Vulnerability from cvelistv5
Published
2022-08-25 14:04
Modified
2024-08-03 10:37
Severity ?
EPSS score ?
Summary
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the page parameter in the function fromNatStaticSetting.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/6 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:41.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the page parameter in the function fromNatStaticSetting."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T14:04:34",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the page parameter in the function fromNatStaticSetting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/6",
"refsource": "MISC",
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37802",
"datePublished": "2022-08-25T14:04:34",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:41.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-42079
Vulnerability from cvelistv5
Published
2022-10-12 00:00
Modified
2024-08-03 13:03
Severity ?
EPSS score ?
Summary
Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a stack overflow via the function formWifiBasicSet.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:03:44.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/tianhui999/myCVE/blob/main/AC1206/AC1206-3.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a stack overflow via the function formWifiBasicSet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-12T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/tianhui999/myCVE/blob/main/AC1206/AC1206-3.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-42079",
"datePublished": "2022-10-12T00:00:00",
"dateReserved": "2022-10-03T00:00:00",
"dateUpdated": "2024-08-03T13:03:44.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-37810
Vulnerability from cvelistv5
Published
2022-08-25 14:06
Modified
2024-08-03 10:37
Severity ?
EPSS score ?
Summary
Tenda AC1206 V15.03.06.23 was discovered to contain a command injection vulnerability via the mac parameter in the function formWriteFacMac.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/19 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:41.862Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/19"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a command injection vulnerability via the mac parameter in the function formWriteFacMac."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T14:06:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/19"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37810",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a command injection vulnerability via the mac parameter in the function formWriteFacMac."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/19",
"refsource": "MISC",
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/19"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37810",
"datePublished": "2022-08-25T14:06:35",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:41.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-38935
Vulnerability from cvelistv5
Published
2023-08-07 00:00
Modified
2024-10-15 20:07
Severity ?
EPSS score ?
Summary
Tenda AC1206 V15.03.06.23, AC8 V4 V16.03.34.06, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and AC9 V3.0 V15.03.06.42_multi were discovered to contain a tack overflow via the list parameter in the formSetQosBand function.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:54:39.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetQosBand/README.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac1206",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V15.03.06.23"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac8:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac8",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V4 V16.03.34.06"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac5",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V1.0 V15.03.06.28"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac10",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "v4.0 V16.03.10.13"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac9",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V3.0 V15.03.06.42_multi"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38935",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T20:06:05.688360Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T20:07:56.040Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 V15.03.06.23, AC8 V4 V16.03.34.06, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and AC9 V3.0 V15.03.06.42_multi were discovered to contain a tack overflow via the list parameter in the formSetQosBand function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-07T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetQosBand/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38935",
"datePublished": "2023-08-07T00:00:00",
"dateReserved": "2023-07-25T00:00:00",
"dateUpdated": "2024-10-15T20:07:56.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-37806
Vulnerability from cvelistv5
Published
2022-08-25 14:05
Modified
2024-08-03 10:37
Severity ?
EPSS score ?
Summary
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the page parameter in the function fromDhcpListClient.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/4 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:42.010Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the page parameter in the function fromDhcpListClient."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T14:05:58",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37806",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the page parameter in the function fromDhcpListClient."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/4",
"refsource": "MISC",
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37806",
"datePublished": "2022-08-25T14:05:58",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-08-03T10:37:42.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2022-08-25 15:15
Modified
2024-11-21 07:15
Severity ?
Summary
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the page parameter in the function fromAddressNat.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/8 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/8 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | ac1206_firmware | 15.03.06.23 | |
| tenda | ac1206 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23:*:*:*:*:*:*:*",
"matchCriteriaId": "787A50A1-EDBC-44EB-8CF2-11C4FC63719D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D5013D-520A-461A-95FF-43B2BE160F91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the page parameter in the function fromAddressNat."
},
{
"lang": "es",
"value": "Se ha detectado que Tenda AC1206 versi\u00f3n V15.03.06.23, contiene un desbordamiento de pila por medio del par\u00e1metro page en la funci\u00f3n fromAddressNat."
}
],
"id": "CVE-2022-37803",
"lastModified": "2024-11-21T07:15:12.060",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-25T15:15:10.343",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/8"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-25 15:15
Modified
2024-11-21 07:15
Severity ?
Summary
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the time parameter at the function setSmartPowerManagement.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/2 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/2 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | ac1206_firmware | 15.03.06.23 | |
| tenda | ac1206 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23:*:*:*:*:*:*:*",
"matchCriteriaId": "787A50A1-EDBC-44EB-8CF2-11C4FC63719D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D5013D-520A-461A-95FF-43B2BE160F91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the time parameter at the function setSmartPowerManagement."
},
{
"lang": "es",
"value": "Se ha detectado que Tenda AC1206 versi\u00f3n V15.03.06.23, contiene un desbordamiento de pila por medio del par\u00e1metro time en la funci\u00f3n setSmartPowerManagement."
}
],
"id": "CVE-2022-37799",
"lastModified": "2024-11-21T07:15:11.450",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-25T15:15:10.177",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-12 19:15
Modified
2024-11-21 07:24
Severity ?
Summary
Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/tianhui999/myCVE/blob/main/AC1206/AC1206-1.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/tianhui999/myCVE/blob/main/AC1206/AC1206-1.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | ac1206_firmware | 15.03.06.23_multi_td01 | |
| tenda | ac1206 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23_multi_td01:*:*:*:*:*:*:*",
"matchCriteriaId": "FAF39A95-2F62-4AF4-90E8-C42983EEBF5E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D5013D-520A-461A-95FF-43B2BE160F91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot."
},
{
"lang": "es",
"value": "Tenda AC1206 versi\u00f3n US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 es vulnerable a Cross Site Request Forgery (CSRF) por medio de la funci\u00f3n fromSysToolReboot"
}
],
"id": "CVE-2022-42077",
"lastModified": "2024-11-21T07:24:20.147",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-12T19:15:09.570",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/tianhui999/myCVE/blob/main/AC1206/AC1206-1.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/tianhui999/myCVE/blob/main/AC1206/AC1206-1.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-25 15:15
Modified
2024-11-21 07:15
Severity ?
Summary
Tenda AC1206 V15.03.06.23 was discovered to contain multiple stack overflows via the deviceMac and the device_id parameters in the function addWifiMacFilter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/14 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/14 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | ac1206_firmware | 15.03.06.23 | |
| tenda | ac1206 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23:*:*:*:*:*:*:*",
"matchCriteriaId": "787A50A1-EDBC-44EB-8CF2-11C4FC63719D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D5013D-520A-461A-95FF-43B2BE160F91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain multiple stack overflows via the deviceMac and the device_id parameters in the function addWifiMacFilter."
},
{
"lang": "es",
"value": "Se ha detectado que el Tenda AC1206 V15.03.06.23 conten\u00eda m\u00faltiples desbordamientos de pila por medio de los par\u00e1metros deviceMac y device_id en la funci\u00f3n addWifiMacFilter."
}
],
"id": "CVE-2022-37814",
"lastModified": "2024-11-21T07:15:13.700",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-25T15:15:10.820",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/14"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-12 19:15
Modified
2024-11-21 07:24
Severity ?
Summary
Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a stack overflow via sched_end_time parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/tianhui999/myCVE/blob/main/AC1206/AC1206-5.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/tianhui999/myCVE/blob/main/AC1206/AC1206-5.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | ac1206_firmware | 15.03.06.23_multi_td01 | |
| tenda | ac1206 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23_multi_td01:*:*:*:*:*:*:*",
"matchCriteriaId": "FAF39A95-2F62-4AF4-90E8-C42983EEBF5E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D5013D-520A-461A-95FF-43B2BE160F91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a stack overflow via sched_end_time parameter."
},
{
"lang": "es",
"value": "Se ha detectado que el Tenda AC1206 versi\u00f3n US_AC1206V1.0RTL_V15.03.06.23_multi_TD01, contiene un desbordamiento de pila por medio del par\u00e1metro sched_end_time"
}
],
"id": "CVE-2022-42081",
"lastModified": "2024-11-21T07:24:20.737",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-12T19:15:09.797",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/tianhui999/myCVE/blob/main/AC1206/AC1206-5.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/tianhui999/myCVE/blob/main/AC1206/AC1206-5.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-10 17:15
Modified
2024-11-21 08:12
Severity ?
Summary
Tenda AC1206 V15.03.06.23 and AC10 V15.03.06.47 were discovered to contain a stack overflow in the wpapsk_crypto parameter in the fromSetWirelessRepeat function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/fromSetWirelessRepeat | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/fromSetWirelessRepeat | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | ac10_firmware | 15.03.06.47 | |
| tenda | ac10 | - | |
| tenda | ac1206_firmware | 15.03.06.23 | |
| tenda | ac1206 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac10_firmware:15.03.06.47:*:*:*:*:*:*:*",
"matchCriteriaId": "5243CF84-5475-4366-9C34-D26FD015AAE2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B9E0489C-31D5-43C4-B15D-1D88119EF226",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23:*:*:*:*:*:*:*",
"matchCriteriaId": "787A50A1-EDBC-44EB-8CF2-11C4FC63719D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D5013D-520A-461A-95FF-43B2BE160F91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 V15.03.06.23 and AC10 V15.03.06.47 were discovered to contain a stack overflow in the wpapsk_crypto parameter in the fromSetWirelessRepeat function."
}
],
"id": "CVE-2023-37710",
"lastModified": "2024-11-21T08:12:09.210",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-10T17:15:09.797",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/fromSetWirelessRepeat"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/fromSetWirelessRepeat"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-25 15:15
Modified
2024-11-21 07:15
Severity ?
Summary
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the startIp parameter in the function formSetPPTPServer.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/17 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/17 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | ac1206_firmware | 15.03.06.23 | |
| tenda | ac1206 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23:*:*:*:*:*:*:*",
"matchCriteriaId": "787A50A1-EDBC-44EB-8CF2-11C4FC63719D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D5013D-520A-461A-95FF-43B2BE160F91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the startIp parameter in the function formSetPPTPServer."
},
{
"lang": "es",
"value": "Se ha detectado que Tenda AC1206 versi\u00f3n V15.03.06.23, contiene un desbordamiento de pila por medio del par\u00e1metro startIp en la funci\u00f3n formSetPPTPServer."
}
],
"id": "CVE-2022-37811",
"lastModified": "2024-11-21T07:15:13.253",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-25T15:15:10.697",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/17"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-25 15:15
Modified
2024-11-21 07:15
Severity ?
Summary
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the speed_dir parameter in the function formSetSpeedWan.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/11 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/11 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | ac1206_firmware | 15.03.06.23 | |
| tenda | ac1206 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23:*:*:*:*:*:*:*",
"matchCriteriaId": "787A50A1-EDBC-44EB-8CF2-11C4FC63719D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D5013D-520A-461A-95FF-43B2BE160F91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the speed_dir parameter in the function formSetSpeedWan."
},
{
"lang": "es",
"value": "Se ha detectado que Tenda AC1206 versi\u00f3n V15.03.06.23, contiene un desbordamiento de pila por medio del par\u00e1metro speed_dir en la funci\u00f3n formSetSpeedWan."
}
],
"id": "CVE-2022-37809",
"lastModified": "2024-11-21T07:15:12.953",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-25T15:15:10.603",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/11"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-25 15:15
Modified
2024-11-21 07:15
Severity ?
Summary
Tenda AC1206 V15.03.06.23 was discovered to contain a command injection vulnerability via the mac parameter in the function formWriteFacMac.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/19 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/19 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | ac1206_firmware | 15.03.06.23 | |
| tenda | ac1206 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23:*:*:*:*:*:*:*",
"matchCriteriaId": "787A50A1-EDBC-44EB-8CF2-11C4FC63719D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D5013D-520A-461A-95FF-43B2BE160F91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a command injection vulnerability via the mac parameter in the function formWriteFacMac."
},
{
"lang": "es",
"value": "Se ha detectado que Tenda AC1206 versi\u00f3n V15.03.06.23, contiene una vulnerabilidad de inyecci\u00f3n de comandos por medio del par\u00e1metro mac en la funci\u00f3n formWriteFacMac."
}
],
"id": "CVE-2022-37810",
"lastModified": "2024-11-21T07:15:13.107",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-25T15:15:10.650",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/19"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-25 15:15
Modified
2024-11-21 07:15
Severity ?
Summary
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the page parameter in the function fromNatStaticSetting.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/6 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/6 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | ac1206_firmware | 15.03.06.23 | |
| tenda | ac1206 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23:*:*:*:*:*:*:*",
"matchCriteriaId": "787A50A1-EDBC-44EB-8CF2-11C4FC63719D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D5013D-520A-461A-95FF-43B2BE160F91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the page parameter in the function fromNatStaticSetting."
},
{
"lang": "es",
"value": "Se ha detectado que Tenda AC1206 versi\u00f3n V15.03.06.23, contiene un desbordamiento de pila por medio del par\u00e1metro page en la funci\u00f3n fromNatStaticSetting."
}
],
"id": "CVE-2022-37802",
"lastModified": "2024-11-21T07:15:11.907",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-25T15:15:10.300",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-25 15:15
Modified
2024-11-21 07:15
Severity ?
Summary
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function fromWizardHandle.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/1 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/1 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | ac1206_firmware | 15.03.06.23 | |
| tenda | ac1206 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23:*:*:*:*:*:*:*",
"matchCriteriaId": "787A50A1-EDBC-44EB-8CF2-11C4FC63719D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D5013D-520A-461A-95FF-43B2BE160F91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function fromWizardHandle."
},
{
"lang": "es",
"value": "Se ha detectado que Tenda AC1206 versi\u00f3n V15.03.06.23, contiene un desbordamiento de pila por medio de la funci\u00f3n fromWizardHandle."
}
],
"id": "CVE-2022-37805",
"lastModified": "2024-11-21T07:15:12.347",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-25T15:15:10.427",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-07 19:15
Modified
2024-11-21 08:14
Severity ?
Summary
Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6, AC9 V3.0 V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetSpeedWan/README.md | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetSpeedWan/README.md | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | ac10_firmware | 15.03.06.23 | |
| tenda | ac10 | 1.0 | |
| tenda | ac1206_firmware | 15.03.06.23 | |
| tenda | ac1206 | - | |
| tenda | ac6_firmware | 15.03.06.23 | |
| tenda | ac6 | 2.0 | |
| tenda | ac7_firmware | 15.03.06.44 | |
| tenda | ac7 | 1.0 | |
| tenda | f1203_firmware | 2.0.1.6 | |
| tenda | f1203 | - | |
| tenda | ac5_firmware | 15.03.06.28 | |
| tenda | ac5 | 1.0 | |
| tenda | fh1203_firmware | 2.0.1.6 | |
| tenda | fh1203 | - | |
| tenda | fh1205_firmware | 2.0.0.7\(775\) | |
| tenda | fh1205 | - | |
| tenda | ac9_firmware | 15.03.06.42_multi | |
| tenda | ac9 | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac10_firmware:15.03.06.23:*:*:*:*:*:*:*",
"matchCriteriaId": "66ED84F0-B0EB-4F55-9AD6-C8B682BAB472",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac10:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AF790B76-6CAD-483A-95FA-80955643825B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23:*:*:*:*:*:*:*",
"matchCriteriaId": "787A50A1-EDBC-44EB-8CF2-11C4FC63719D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D5013D-520A-461A-95FF-43B2BE160F91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac6_firmware:15.03.06.23:*:*:*:*:*:*:*",
"matchCriteriaId": "D82FD30C-AF3C-4E3B-B674-002A5C9ED09D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac6:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E382AD7E-1450-40FC-AE9D-698B491805F0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac7_firmware:15.03.06.44:*:*:*:*:*:*:*",
"matchCriteriaId": "4D94B37C-491D-4E7C-8273-F46FEDA62C9F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac7:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96503617-6B69-4862-ADFE-4EF379876F0F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:f1203_firmware:2.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0B3530E4-70D6-4246-84CA-E25797329DE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:f1203:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FB77DC8-C11D-418A-AB87-5FE0226CA6CA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac5_firmware:15.03.06.28:*:*:*:*:*:*:*",
"matchCriteriaId": "7F928648-C8B2-4D37-8343-C74AABEFAB07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac5:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D141716B-56F0-4061-9D87-943B7858F2F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:fh1203_firmware:2.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E28AF51D-EBFB-4EC8-9FCB-C3DFAE1DBB2E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E7A0DCB-AC18-4F32-86E2-F2C2E9118A71",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:fh1205_firmware:2.0.0.7\\(775\\):*:*:*:*:*:*:*",
"matchCriteriaId": "706158B7-6114-4AA8-A1A0-BB24119A3264",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:fh1205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E92D910-72BB-443F-9927-1E72AC8C8C9B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac9_firmware:15.03.06.42_multi:*:*:*:*:*:*:*",
"matchCriteriaId": "7AE11228-D2BB-48CF-BFDA-E2AA73E73C3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac9:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F482F89-B0F6-450D-B675-43EC0A9E6A4B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6, AC9 V3.0 V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function."
}
],
"id": "CVE-2023-38936",
"lastModified": "2024-11-21T08:14:28.797",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-07T19:15:11.343",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetSpeedWan/README.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetSpeedWan/README.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-07 19:15
Modified
2024-11-21 08:14
Severity ?
Summary
Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, AC9 V3.0 V15.03.06.42_multi and AC10 v4.0 V16.03.10.13 were discovered to contain a stack overflow via the list parameter in the formSetVirtualSer function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetVirtualSer/README.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetVirtualSer/README.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | ac10_firmware | 15.03.06.23 | |
| tenda | ac10 | 1.0 | |
| tenda | ac1206_firmware | 15.03.06.23 | |
| tenda | ac1206 | - | |
| tenda | ac8_firmware | 16.03.34.06 | |
| tenda | ac8 | 4.0 | |
| tenda | ac6_firmware | 15.03.06.23 | |
| tenda | ac6 | 2.0 | |
| tenda | ac7_firmware | 15.03.06.44 | |
| tenda | ac7 | 1.0 | |
| tenda | ac5_firmware | 15.03.06.28 | |
| tenda | ac5 | 1.0 | |
| tenda | ac10_firmware | 16.03.10.13 | |
| tenda | ac10 | 4.0 | |
| tenda | ac9_firmware | 15.03.06.42_multi | |
| tenda | ac9 | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac10_firmware:15.03.06.23:*:*:*:*:*:*:*",
"matchCriteriaId": "66ED84F0-B0EB-4F55-9AD6-C8B682BAB472",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac10:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AF790B76-6CAD-483A-95FA-80955643825B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23:*:*:*:*:*:*:*",
"matchCriteriaId": "787A50A1-EDBC-44EB-8CF2-11C4FC63719D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D5013D-520A-461A-95FF-43B2BE160F91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac8_firmware:16.03.34.06:*:*:*:*:*:*:*",
"matchCriteriaId": "9C1D64DC-1EDC-4F62-8D22-E1890B71843C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac8:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "655619B2-6E8B-4D2E-98E7-028E69597E80",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac6_firmware:15.03.06.23:*:*:*:*:*:*:*",
"matchCriteriaId": "D82FD30C-AF3C-4E3B-B674-002A5C9ED09D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac6:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E382AD7E-1450-40FC-AE9D-698B491805F0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac7_firmware:15.03.06.44:*:*:*:*:*:*:*",
"matchCriteriaId": "4D94B37C-491D-4E7C-8273-F46FEDA62C9F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac7:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96503617-6B69-4862-ADFE-4EF379876F0F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac5_firmware:15.03.06.28:*:*:*:*:*:*:*",
"matchCriteriaId": "7F928648-C8B2-4D37-8343-C74AABEFAB07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac5:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D141716B-56F0-4061-9D87-943B7858F2F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac10_firmware:16.03.10.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6F1C8715-D7B4-4D1A-9E90-079C72049332",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac10:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "970AEBF4-2B32-4633-A75B-2D2C598C048D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac9_firmware:15.03.06.42_multi:*:*:*:*:*:*:*",
"matchCriteriaId": "7AE11228-D2BB-48CF-BFDA-E2AA73E73C3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac9:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F482F89-B0F6-450D-B675-43EC0A9E6A4B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, AC9 V3.0 V15.03.06.42_multi and AC10 v4.0 V16.03.10.13 were discovered to contain a stack overflow via the list parameter in the formSetVirtualSer function."
}
],
"id": "CVE-2023-38937",
"lastModified": "2024-11-21T08:14:28.943",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-07T19:15:11.413",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetVirtualSer/README.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetVirtualSer/README.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-07 19:15
Modified
2024-11-21 08:14
Severity ?
Summary
Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6 and AC9 V3.0 V15.03.06.42_multi, and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetClientState/README.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetClientState/README.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | ac10_firmware | 15.03.06.23 | |
| tenda | ac10 | 1.0 | |
| tenda | ac1206_firmware | 15.03.06.23 | |
| tenda | ac1206 | - | |
| tenda | ac6_firmware | 15.03.06.23 | |
| tenda | ac6 | 2.0 | |
| tenda | ac7_firmware | 15.03.06.44 | |
| tenda | ac7 | 1.0 | |
| tenda | f1203_firmware | 2.0.1.6 | |
| tenda | f1203 | - | |
| tenda | ac5_firmware | 15.03.06.28 | |
| tenda | ac5 | 1.0 | |
| tenda | fh1203_firmware | 2.0.1.6 | |
| tenda | fh1203 | - | |
| tenda | fh1205_firmware | 2.0.0.7\(775\) | |
| tenda | fh1205 | - | |
| tenda | ac9_firmware | 15.03.06.42_multi | |
| tenda | ac9 | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac10_firmware:15.03.06.23:*:*:*:*:*:*:*",
"matchCriteriaId": "66ED84F0-B0EB-4F55-9AD6-C8B682BAB472",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac10:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AF790B76-6CAD-483A-95FA-80955643825B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23:*:*:*:*:*:*:*",
"matchCriteriaId": "787A50A1-EDBC-44EB-8CF2-11C4FC63719D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D5013D-520A-461A-95FF-43B2BE160F91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac6_firmware:15.03.06.23:*:*:*:*:*:*:*",
"matchCriteriaId": "D82FD30C-AF3C-4E3B-B674-002A5C9ED09D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac6:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E382AD7E-1450-40FC-AE9D-698B491805F0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac7_firmware:15.03.06.44:*:*:*:*:*:*:*",
"matchCriteriaId": "4D94B37C-491D-4E7C-8273-F46FEDA62C9F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac7:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96503617-6B69-4862-ADFE-4EF379876F0F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:f1203_firmware:2.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0B3530E4-70D6-4246-84CA-E25797329DE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:f1203:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FB77DC8-C11D-418A-AB87-5FE0226CA6CA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac5_firmware:15.03.06.28:*:*:*:*:*:*:*",
"matchCriteriaId": "7F928648-C8B2-4D37-8343-C74AABEFAB07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac5:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D141716B-56F0-4061-9D87-943B7858F2F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:fh1203_firmware:2.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E28AF51D-EBFB-4EC8-9FCB-C3DFAE1DBB2E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E7A0DCB-AC18-4F32-86E2-F2C2E9118A71",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:fh1205_firmware:2.0.0.7\\(775\\):*:*:*:*:*:*:*",
"matchCriteriaId": "706158B7-6114-4AA8-A1A0-BB24119A3264",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:fh1205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E92D910-72BB-443F-9927-1E72AC8C8C9B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac9_firmware:15.03.06.42_multi:*:*:*:*:*:*:*",
"matchCriteriaId": "7AE11228-D2BB-48CF-BFDA-E2AA73E73C3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac9:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F482F89-B0F6-450D-B675-43EC0A9E6A4B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6 and AC9 V3.0 V15.03.06.42_multi, and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function."
}
],
"id": "CVE-2023-38933",
"lastModified": "2024-11-21T08:14:28.333",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-07T19:15:11.133",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetClientState/README.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetClientState/README.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-25 15:15
Modified
2024-11-21 07:15
Severity ?
Summary
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the index parameter in the function formWifiWpsOOB.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/15 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/15 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | ac1206_firmware | 15.03.06.23 | |
| tenda | ac1206 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23:*:*:*:*:*:*:*",
"matchCriteriaId": "787A50A1-EDBC-44EB-8CF2-11C4FC63719D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D5013D-520A-461A-95FF-43B2BE160F91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the index parameter in the function formWifiWpsOOB."
},
{
"lang": "es",
"value": "Se ha detectado que Tenda AC1206 versi\u00f3n V15.03.06.23, contiene un desbordamiento de pila por medio del par\u00e1metro index en la funci\u00f3n formWifiWpsOOB."
}
],
"id": "CVE-2022-37808",
"lastModified": "2024-11-21T07:15:12.800",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-25T15:15:10.563",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/15"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-25 15:15
Modified
2024-11-21 07:15
Severity ?
Summary
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the list parameter at the function formSetQosBand.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/9 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/9 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | ac1206_firmware | 15.03.06.23 | |
| tenda | ac1206 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23:*:*:*:*:*:*:*",
"matchCriteriaId": "787A50A1-EDBC-44EB-8CF2-11C4FC63719D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D5013D-520A-461A-95FF-43B2BE160F91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the list parameter at the function formSetQosBand."
},
{
"lang": "es",
"value": "Se ha detectado que Tenda AC1206 versi\u00f3n V15.03.06.23, contiene un desbordamiento de pila por medio del par\u00e1metro list en la funci\u00f3n formSetQosBand."
}
],
"id": "CVE-2022-37801",
"lastModified": "2024-11-21T07:15:11.760",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-25T15:15:10.260",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/9"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-28 01:15
Modified
2024-11-01 16:32
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability was found in Tenda AC1206 up to 20241027. It has been classified as critical. This affects the function ate_Tenda_mfg_check_usb/ate_Tenda_mfg_check_usb3 of the file /goform/ate. The manipulation of the argument arg leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/physicszq/Routers/blob/main/Tenda/README.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.281985 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.281985 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.431291 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.tenda.com.cn/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | ac1206_firmware | * | |
| tenda | ac1206 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac1206_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE3C2658-AB4E-420A-8364-A955CB07D672",
"versionEndIncluding": "2024-10-27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D5013D-520A-461A-95FF-43B2BE160F91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda AC1206 up to 20241027. It has been classified as critical. This affects the function ate_Tenda_mfg_check_usb/ate_Tenda_mfg_check_usb3 of the file /goform/ate. The manipulation of the argument arg leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en Tenda AC1206 hasta 20241027. Se ha clasificado como cr\u00edtica. Afecta a la funci\u00f3n ate_Tenda_mfg_check_usb/ate_Tenda_mfg_check_usb3 del archivo /goform/ate. La manipulaci\u00f3n del argumento arg provoca un desbordamiento del b\u00fafer basado en la pila. Es posible iniciar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"id": "CVE-2024-10434",
"lastModified": "2024-11-01T16:32:05.137",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"automatable": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityRequirements": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"subsequentSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"vulnerableSystemAvailability": "HIGH",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2024-10-28T01:15:02.273",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/physicszq/Routers/blob/main/Tenda/README.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.281985"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.281985"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.431291"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.tenda.com.cn/"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-12 19:15
Modified
2024-11-21 07:24
Severity ?
Summary
Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/tianhui999/myCVE/blob/main/AC1206/AC1206-2.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/tianhui999/myCVE/blob/main/AC1206/AC1206-2.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | ac1206_firmware | 15.03.06.23_multi_td01 | |
| tenda | ac1206 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23_multi_td01:*:*:*:*:*:*:*",
"matchCriteriaId": "FAF39A95-2F62-4AF4-90E8-C42983EEBF5E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D5013D-520A-461A-95FF-43B2BE160F91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet."
},
{
"lang": "es",
"value": "Tenda AC1206 versi\u00f3n US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 es vulnerable a un ataque de tipo Cross Site Request Forgery (CSRF) por medio de la funci\u00f3n fromSysToolRestoreSet"
}
],
"id": "CVE-2022-42078",
"lastModified": "2024-11-21T07:24:20.290",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-12T19:15:09.623",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/tianhui999/myCVE/blob/main/AC1206/AC1206-2.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/tianhui999/myCVE/blob/main/AC1206/AC1206-2.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-25 15:15
Modified
2024-11-21 07:15
Severity ?
Summary
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the list parameter at the function formSetVirtualSer.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/5 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/5 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | ac1206_firmware | 15.03.06.23 | |
| tenda | ac1206 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23:*:*:*:*:*:*:*",
"matchCriteriaId": "787A50A1-EDBC-44EB-8CF2-11C4FC63719D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D5013D-520A-461A-95FF-43B2BE160F91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the list parameter at the function formSetVirtualSer."
},
{
"lang": "es",
"value": "Se ha detectado que Tenda AC1206 versi\u00f3n V15.03.06.23, contiene un desbordamiento de pila por medio del par\u00e1metro list en la funci\u00f3n formSetVirtualSer."
}
],
"id": "CVE-2022-37798",
"lastModified": "2024-11-21T07:15:11.303",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-25T15:15:10.137",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/5"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-25 15:15
Modified
2024-11-21 07:15
Severity ?
Summary
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the PPPOEPassword parameter in the function formQuickIndex.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/18 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/18 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | ac1206_firmware | 15.03.06.23 | |
| tenda | ac1206 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23:*:*:*:*:*:*:*",
"matchCriteriaId": "787A50A1-EDBC-44EB-8CF2-11C4FC63719D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D5013D-520A-461A-95FF-43B2BE160F91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the PPPOEPassword parameter in the function formQuickIndex."
},
{
"lang": "es",
"value": "Se ha detectado que Tenda AC1206 versi\u00f3n V15.03.06.23, contiene un desbordamiento de pila por medio del par\u00e1metro PPPOEPassword en la funci\u00f3n formQuickIndex."
}
],
"id": "CVE-2022-37815",
"lastModified": "2024-11-21T07:15:13.840",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-25T15:15:10.863",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/18"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-07 19:15
Modified
2024-11-21 08:14
Severity ?
Summary
Tenda AC1206 V15.03.06.23, AC8 V4 V16.03.34.06, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and AC9 V3.0 V15.03.06.42_multi were discovered to contain a tack overflow via the list parameter in the formSetQosBand function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetQosBand/README.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetQosBand/README.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | ac1206_firmware | 15.03.06.23 | |
| tenda | ac1206 | - | |
| tenda | ac5_firmware | 15.03.06.28 | |
| tenda | ac5 | 1.0 | |
| tenda | ac9_firmware | 15.03.06.42_multi | |
| tenda | ac9 | 3.0 | |
| tenda | ac8_firmware | 16.03.34.06 | |
| tenda | ac8 | 4.0 | |
| tenda | ac10_firmware | 16.03.10.13 | |
| tenda | ac10 | 4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23:*:*:*:*:*:*:*",
"matchCriteriaId": "787A50A1-EDBC-44EB-8CF2-11C4FC63719D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D5013D-520A-461A-95FF-43B2BE160F91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac5_firmware:15.03.06.28:*:*:*:*:*:*:*",
"matchCriteriaId": "7F928648-C8B2-4D37-8343-C74AABEFAB07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac5:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D141716B-56F0-4061-9D87-943B7858F2F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac9_firmware:15.03.06.42_multi:*:*:*:*:*:*:*",
"matchCriteriaId": "7AE11228-D2BB-48CF-BFDA-E2AA73E73C3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac9:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F482F89-B0F6-450D-B675-43EC0A9E6A4B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac8_firmware:16.03.34.06:*:*:*:*:*:*:*",
"matchCriteriaId": "9C1D64DC-1EDC-4F62-8D22-E1890B71843C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac8:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "655619B2-6E8B-4D2E-98E7-028E69597E80",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac10_firmware:16.03.10.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6F1C8715-D7B4-4D1A-9E90-079C72049332",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac10:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "970AEBF4-2B32-4633-A75B-2D2C598C048D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 V15.03.06.23, AC8 V4 V16.03.34.06, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and AC9 V3.0 V15.03.06.42_multi were discovered to contain a tack overflow via the list parameter in the formSetQosBand function."
}
],
"id": "CVE-2023-38935",
"lastModified": "2024-11-21T08:14:28.643",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-07T19:15:11.277",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetQosBand/README.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetQosBand/README.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-23 14:15
Modified
2024-11-01 14:03
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/JohenanLi/router_vuls/blob/main/websReadEvent/websReadEvent.md | Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.281555 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.281555 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.426417 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.tenda.com.cn/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | ac15_firmware | 15.03.05.18 | |
| tenda | ac15_firmware | 15.03.05.19 | |
| tenda | ac15 | - | |
| tenda | ac7_firmware | 15.03.06.44 | |
| tenda | ac7 | - | |
| tenda | ac10u_firmware | 15.03.06.48 | |
| tenda | ac10u_firmware | 15.03.06.49 | |
| tenda | ac10u | - | |
| tenda | ac500_firmware | 1.0.0.14 | |
| tenda | ac500_firmware | 1.0.0.16 | |
| tenda | ac500_firmware | 2.0.1.9\(1307\) | |
| tenda | ac500 | - | |
| tenda | ac18_firmware | 15.03.05.05 | |
| tenda | ac18_firmware | 15.03.05.19\(6318\) | |
| tenda | ac18 | - | |
| tenda | ac9_firmware | 15.03.2.13 | |
| tenda | ac9_firmware | 15.03.05.14 | |
| tenda | ac9_firmware | 15.03.05.19\(6318\) | |
| tenda | ac9 | 1.0 | |
| tenda | ac9_firmware | 15.03.06.42 | |
| tenda | ac9 | 3.0 | |
| tenda | ac1206_firmware | 15.03.06.23 | |
| tenda | ac1206 | - | |
| tenda | ac6_firmware | 15.03.06.23 | |
| tenda | ac6 | 2.0 | |
| tenda | ac10_firmware | 16.03.10.13 | |
| tenda | ac10_firmware | 16.03.10.20 | |
| tenda | ac10 | 4.0 | |
| tenda | ac10_firmware | 16.03.48.19 | |
| tenda | ac10_firmware | 16.03.48.23 | |
| tenda | ac10 | 5.0 | |
| tenda | ac8_firmware | 16.03.34.06 | |
| tenda | ac8_firmware | 16.03.34.09 | |
| tenda | ac8 | 4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:*",
"matchCriteriaId": "56881C41-A993-45CC-BAE6-E9DE17FA56E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:tenda:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*",
"matchCriteriaId": "A14A19EE-FB4E-4371-AC85-1401EB78B16D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B73E7C1C-F121-486A-8B15-E97EA0C219A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac7_firmware:15.03.06.44:*:*:*:*:*:*:*",
"matchCriteriaId": "4D94B37C-491D-4E7C-8273-F46FEDA62C9F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3BEE979-5BF3-48ED-AF42-0546D4F896E9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac10u_firmware:15.03.06.48:*:*:*:*:*:*:*",
"matchCriteriaId": "1C2AFD04-833D-4085-BAD6-32A2715FA785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:tenda:ac10u_firmware:15.03.06.49:*:*:*:*:*:*:*",
"matchCriteriaId": "0F101E88-BEA9-4017-9048-860DF3D1BBBC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac10u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDBE5E26-7967-4FDD-A29F-7740B29C4B8E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac500_firmware:1.0.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "61BA4026-93A8-4D83-815E-397A2EC0A279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:tenda:ac500_firmware:1.0.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "816A7A37-5952-4B22-80F7-8CD09383E079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:tenda:ac500_firmware:2.0.1.9\\(1307\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2F0EEFAB-B3B0-4C10-A712-7A35F5FD076E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64192A8B-CC65-44EC-942B-CC16AADF0D69",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac18_firmware:15.03.05.05:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5CB727-FC6B-4212-A61E-2888A0DADFB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:tenda:ac18_firmware:15.03.05.19\\(6318\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3AC468E5-44D1-4B94-B308-C1025DB1BB7B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac18:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF9F8AF9-F921-4348-922B-EE5E6037E7AC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac9_firmware:15.03.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3473D6FD-4D42-46D0-9D96-F95D6D856E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:tenda:ac9_firmware:15.03.05.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DA7503C5-02C6-4016-A4C6-414146719BFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:tenda:ac9_firmware:15.03.05.19\\(6318\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D8F25141-8B57-463D-AB97-F52C0143973C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac9:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "566DA530-18FC-4A46-95B4-2A7D343A96A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac9_firmware:15.03.06.42:*:*:*:*:*:*:*",
"matchCriteriaId": "5B0A5168-9E0C-43F7-BF7B-3943A3316CB8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac9:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F482F89-B0F6-450D-B675-43EC0A9E6A4B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23:*:*:*:*:*:*:*",
"matchCriteriaId": "787A50A1-EDBC-44EB-8CF2-11C4FC63719D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D5013D-520A-461A-95FF-43B2BE160F91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac6_firmware:15.03.06.23:*:*:*:*:*:*:*",
"matchCriteriaId": "D82FD30C-AF3C-4E3B-B674-002A5C9ED09D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac6:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E382AD7E-1450-40FC-AE9D-698B491805F0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac10_firmware:16.03.10.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6F1C8715-D7B4-4D1A-9E90-079C72049332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:tenda:ac10_firmware:16.03.10.20:*:*:*:*:*:*:*",
"matchCriteriaId": "A19C486B-52A3-4C3E-851D-F349E8E0A706",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac10:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "970AEBF4-2B32-4633-A75B-2D2C598C048D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac10_firmware:16.03.48.19:*:*:*:*:*:*:*",
"matchCriteriaId": "DABA74C0-297A-4372-B84D-00BA0D334318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:tenda:ac10_firmware:16.03.48.23:*:*:*:*:*:*:*",
"matchCriteriaId": "AC3020CA-7422-4B9A-AA7B-C2B1A03A4450",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac10:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCFFBD6-3DAD-4FEA-9B5D-D7CBFC36572D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac8_firmware:16.03.34.06:*:*:*:*:*:*:*",
"matchCriteriaId": "9C1D64DC-1EDC-4F62-8D22-E1890B71843C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:tenda:ac8_firmware:16.03.34.09:*:*:*:*:*:*:*",
"matchCriteriaId": "EE69F412-6FC7-470D-BC7E-B3AAC6B4585F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac8:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "655619B2-6E8B-4D2E-98E7-028E69597E80",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad en Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 y AC1206 hasta 20241022. Se ha calificado como problem\u00e1tica. Este problema afecta a la funci\u00f3n websReadEvent del archivo /goform/GetIPTV. La manipulaci\u00f3n del argumento Content-Length provoca la desreferenciaci\u00f3n de puntero nulo. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"id": "CVE-2024-10280",
"lastModified": "2024-11-01T14:03:20.267",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"automatable": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityRequirements": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"subsequentSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"vulnerableSystemAvailability": "HIGH",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2024-10-23T14:15:04.500",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/JohenanLi/router_vuls/blob/main/websReadEvent/websReadEvent.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.281555"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.281555"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.426417"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.tenda.com.cn/"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-12 19:15
Modified
2024-11-21 07:24
Severity ?
Summary
Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a stack overflow via the function formWifiBasicSet.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/tianhui999/myCVE/blob/main/AC1206/AC1206-3.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/tianhui999/myCVE/blob/main/AC1206/AC1206-3.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | ac1206_firmware | 15.03.06.23_multi_td01 | |
| tenda | ac1206 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23_multi_td01:*:*:*:*:*:*:*",
"matchCriteriaId": "FAF39A95-2F62-4AF4-90E8-C42983EEBF5E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D5013D-520A-461A-95FF-43B2BE160F91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a stack overflow via the function formWifiBasicSet."
},
{
"lang": "es",
"value": "Se ha detectado que el Tenda AC1206 versi\u00f3n US_AC1206V1.0RTL_V15.03.06.23_multi_TD01, contiene un desbordamiento de pila por medio de la funci\u00f3n formWifiBasicSet"
}
],
"id": "CVE-2022-42079",
"lastModified": "2024-11-21T07:24:20.430",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-12T19:15:09.690",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/tianhui999/myCVE/blob/main/AC1206/AC1206-3.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/tianhui999/myCVE/blob/main/AC1206/AC1206-3.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-25 15:15
Modified
2024-11-21 07:15
Severity ?
Summary
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function fromSetIpMacBind.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/13 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/13 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | ac1206_firmware | 15.03.06.23 | |
| tenda | ac1206 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23:*:*:*:*:*:*:*",
"matchCriteriaId": "787A50A1-EDBC-44EB-8CF2-11C4FC63719D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D5013D-520A-461A-95FF-43B2BE160F91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function fromSetIpMacBind."
},
{
"lang": "es",
"value": "Se ha detectado que Tenda AC1206 versi\u00f3n V15.03.06.23, contiene un desbordamiento de pila por medio de la funci\u00f3n fromSetIpMacBind."
}
],
"id": "CVE-2022-37816",
"lastModified": "2024-11-21T07:15:13.990",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-25T15:15:10.903",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/13"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-07 19:15
Modified
2024-11-21 08:14
Severity ?
Summary
Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and FH1203 V2.0.1.6 were discovered to contain a stack overflow via the list parameter in the setaccount function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/cloudv2_setaccount/README.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/cloudv2_setaccount/README.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | ac10_firmware | 15.03.06.23 | |
| tenda | ac10 | 1.0 | |
| tenda | ac1206_firmware | 15.03.06.23 | |
| tenda | ac1206 | - | |
| tenda | ac8_firmware | 16.03.34.06 | |
| tenda | ac8 | 4.0 | |
| tenda | ac6_firmware | 15.03.06.23 | |
| tenda | ac6 | 2.0 | |
| tenda | ac7_firmware | 15.03.06.44 | |
| tenda | ac7 | 1.0 | |
| tenda | f1203_firmware | 2.0.1.6 | |
| tenda | f1203 | - | |
| tenda | ac5_firmware | 15.03.06.28 | |
| tenda | ac5 | 1.0 | |
| tenda | ac10_firmware | 16.03.10.13 | |
| tenda | ac10 | 4.0 | |
| tenda | fh1203_firmware | 2.0.1.6 | |
| tenda | fh1203 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac10_firmware:15.03.06.23:*:*:*:*:*:*:*",
"matchCriteriaId": "66ED84F0-B0EB-4F55-9AD6-C8B682BAB472",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac10:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AF790B76-6CAD-483A-95FA-80955643825B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23:*:*:*:*:*:*:*",
"matchCriteriaId": "787A50A1-EDBC-44EB-8CF2-11C4FC63719D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D5013D-520A-461A-95FF-43B2BE160F91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac8_firmware:16.03.34.06:*:*:*:*:*:*:*",
"matchCriteriaId": "9C1D64DC-1EDC-4F62-8D22-E1890B71843C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac8:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "655619B2-6E8B-4D2E-98E7-028E69597E80",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac6_firmware:15.03.06.23:*:*:*:*:*:*:*",
"matchCriteriaId": "D82FD30C-AF3C-4E3B-B674-002A5C9ED09D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac6:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E382AD7E-1450-40FC-AE9D-698B491805F0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac7_firmware:15.03.06.44:*:*:*:*:*:*:*",
"matchCriteriaId": "4D94B37C-491D-4E7C-8273-F46FEDA62C9F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac7:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96503617-6B69-4862-ADFE-4EF379876F0F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:f1203_firmware:2.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0B3530E4-70D6-4246-84CA-E25797329DE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:f1203:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FB77DC8-C11D-418A-AB87-5FE0226CA6CA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac5_firmware:15.03.06.28:*:*:*:*:*:*:*",
"matchCriteriaId": "7F928648-C8B2-4D37-8343-C74AABEFAB07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac5:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D141716B-56F0-4061-9D87-943B7858F2F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac10_firmware:16.03.10.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6F1C8715-D7B4-4D1A-9E90-079C72049332",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac10:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "970AEBF4-2B32-4633-A75B-2D2C598C048D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:fh1203_firmware:2.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E28AF51D-EBFB-4EC8-9FCB-C3DFAE1DBB2E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E7A0DCB-AC18-4F32-86E2-F2C2E9118A71",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and FH1203 V2.0.1.6 were discovered to contain a stack overflow via the list parameter in the setaccount function."
}
],
"id": "CVE-2023-38931",
"lastModified": "2024-11-21T08:14:28.000",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-07T19:15:10.977",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/cloudv2_setaccount/README.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/cloudv2_setaccount/README.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-25 15:15
Modified
2024-11-21 07:15
Severity ?
Summary
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function formSetClientState.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/10 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/10 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | ac1206_firmware | 15.03.06.23 | |
| tenda | ac1206 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23:*:*:*:*:*:*:*",
"matchCriteriaId": "787A50A1-EDBC-44EB-8CF2-11C4FC63719D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D5013D-520A-461A-95FF-43B2BE160F91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function formSetClientState."
},
{
"lang": "es",
"value": "Se ha detectado que Tenda AC1206 versi\u00f3n V15.03.06.23, contiene un desbordamiento de pila por medio de la funci\u00f3n formSetClientState."
}
],
"id": "CVE-2022-37807",
"lastModified": "2024-11-21T07:15:12.643",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-25T15:15:10.517",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/10"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-10 17:15
Modified
2024-11-21 08:12
Severity ?
Summary
Tenda AC1206 V15.03.06.23 and AC10 V15.03.06.47 were discovered to contain a stack overflow in the deviceId parameter in the saveParentControlInfo function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/saveParentControlInfo | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/saveParentControlInfo | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | ac10_firmware | 15.03.06.47 | |
| tenda | ac10 | - | |
| tenda | ac1206_firmware | 15.03.06.23 | |
| tenda | ac1206 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac10_firmware:15.03.06.47:*:*:*:*:*:*:*",
"matchCriteriaId": "5243CF84-5475-4366-9C34-D26FD015AAE2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B9E0489C-31D5-43C4-B15D-1D88119EF226",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23:*:*:*:*:*:*:*",
"matchCriteriaId": "787A50A1-EDBC-44EB-8CF2-11C4FC63719D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D5013D-520A-461A-95FF-43B2BE160F91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 V15.03.06.23 and AC10 V15.03.06.47 were discovered to contain a stack overflow in the deviceId parameter in the saveParentControlInfo function."
}
],
"id": "CVE-2023-37711",
"lastModified": "2024-11-21T08:12:09.377",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-10T17:15:09.837",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/saveParentControlInfo"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/saveParentControlInfo"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-10 16:15
Modified
2024-11-01 14:36
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. This vulnerability affects the function ate_iwpriv_set/ate_ifconfig_set of the file /goform/ate. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/ixout/iotVuls/blob/main/Tenda/ac1206_003/report.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://github.com/ixout/iotVuls/blob/main/Tenda/ac1206_004/report.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.279946 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.279946 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.418061 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.tenda.com.cn/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | ac1206_firmware | 15.03.06.23 | |
| tenda | ac1206 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23:*:*:*:*:*:*:*",
"matchCriteriaId": "787A50A1-EDBC-44EB-8CF2-11C4FC63719D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D5013D-520A-461A-95FF-43B2BE160F91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. This vulnerability affects the function ate_iwpriv_set/ate_ifconfig_set of the file /goform/ate. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad clasificada como cr\u00edtica en Tenda AC1206 hasta la versi\u00f3n 15.03.06.23. Esta vulnerabilidad afecta a la funci\u00f3n ate_iwpriv_set/ate_ifconfig_set del archivo /goform/ate. La manipulaci\u00f3n conduce a la inyecci\u00f3n de comandos. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con antelaci\u00f3n sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"id": "CVE-2024-9793",
"lastModified": "2024-11-01T14:36:02.277",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"automatable": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirements": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"subsequentSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"vulnerableSystemAvailability": "LOW",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2024-10-10T16:15:09.080",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ixout/iotVuls/blob/main/Tenda/ac1206_003/report.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ixout/iotVuls/blob/main/Tenda/ac1206_004/report.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.279946"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.279946"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.418061"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.tenda.com.cn/"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-25 15:15
Modified
2024-11-21 07:15
Severity ?
Summary
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the list parameter at the function fromSetRouteStatic.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/7 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/7 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | ac1206_firmware | 15.03.06.23 | |
| tenda | ac1206 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23:*:*:*:*:*:*:*",
"matchCriteriaId": "787A50A1-EDBC-44EB-8CF2-11C4FC63719D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D5013D-520A-461A-95FF-43B2BE160F91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the list parameter at the function fromSetRouteStatic."
},
{
"lang": "es",
"value": "Se ha detectado que Tenda AC1206 versi\u00f3n V15.03.06.23, contiene un desbordamiento de pila por medio del par\u00e1metro list en la funci\u00f3n fromSetRouteStatic."
}
],
"id": "CVE-2022-37800",
"lastModified": "2024-11-21T07:15:11.610",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-25T15:15:10.217",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/7"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-25 15:15
Modified
2024-11-21 07:15
Severity ?
Summary
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the time parameter in the function saveParentControlInfo.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/3 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/3 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | ac1206_firmware | 15.03.06.23 | |
| tenda | ac1206 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23:*:*:*:*:*:*:*",
"matchCriteriaId": "787A50A1-EDBC-44EB-8CF2-11C4FC63719D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D5013D-520A-461A-95FF-43B2BE160F91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the time parameter in the function saveParentControlInfo."
},
{
"lang": "es",
"value": "Se ha detectado que Tenda AC1206 versi\u00f3n V15.03.06.23, contiene un desbordamiento de pila por medio del par\u00e1metro time en la funci\u00f3n saveParentControlInfo."
}
],
"id": "CVE-2022-37804",
"lastModified": "2024-11-21T07:15:12.203",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-25T15:15:10.387",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-25 15:15
Modified
2024-11-21 07:15
Severity ?
Summary
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the page parameter in the function fromDhcpListClient.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/4 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/4 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | ac1206_firmware | 15.03.06.23 | |
| tenda | ac1206 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23:*:*:*:*:*:*:*",
"matchCriteriaId": "787A50A1-EDBC-44EB-8CF2-11C4FC63719D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D5013D-520A-461A-95FF-43B2BE160F91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the page parameter in the function fromDhcpListClient."
},
{
"lang": "es",
"value": "Se ha detectado que Tenda AC1206 versi\u00f3n V15.03.06.23, contiene un desbordamiento de pila por medio del par\u00e1metro page en la funci\u00f3n fromDhcpListClient."
}
],
"id": "CVE-2022-37806",
"lastModified": "2024-11-21T07:15:12.500",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-25T15:15:10.473",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/4"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-25 15:15
Modified
2024-11-21 07:15
Severity ?
Summary
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the firewallEn parameter in the function formSetFirewallCfg.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/12 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/12 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | ac1206_firmware | 15.03.06.23 | |
| tenda | ac1206 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23:*:*:*:*:*:*:*",
"matchCriteriaId": "787A50A1-EDBC-44EB-8CF2-11C4FC63719D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D5013D-520A-461A-95FF-43B2BE160F91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the firewallEn parameter in the function formSetFirewallCfg."
},
{
"lang": "es",
"value": "Se ha detectado que Tenda AC1206 versi\u00f3n V15.03.06.23, contiene un desbordamiento de pila por medio del par\u00e1metro firewallEn en la funci\u00f3n formSetFirewallCfg."
}
],
"id": "CVE-2022-37812",
"lastModified": "2024-11-21T07:15:13.407",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-25T15:15:10.740",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/12"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-25 15:15
Modified
2024-11-21 07:15
Severity ?
Summary
Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function fromSetSysTime.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/16 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/16 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | ac1206_firmware | 15.03.06.23 | |
| tenda | ac1206 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23:*:*:*:*:*:*:*",
"matchCriteriaId": "787A50A1-EDBC-44EB-8CF2-11C4FC63719D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D5013D-520A-461A-95FF-43B2BE160F91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function fromSetSysTime."
},
{
"lang": "es",
"value": "Se ha detectado que Tenda AC1206 versi\u00f3n V15.03.06.23, contiene un desbordamiento de pila por medio de la funci\u00f3n fromSetSysTime."
}
],
"id": "CVE-2022-37813",
"lastModified": "2024-11-21T07:15:13.557",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-25T15:15:10.780",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Darry-lang1/vuln/tree/main/Tenda/AC1206/16"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-10-12 19:15
Modified
2024-11-21 07:24
Severity ?
Summary
Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a heap overflow via sched_start_time parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/tianhui999/myCVE/blob/main/AC1206/AC1206-4.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/tianhui999/myCVE/blob/main/AC1206/AC1206-4.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | ac1206_firmware | 15.03.06.23_multi_td01 | |
| tenda | ac1206 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23_multi_td01:*:*:*:*:*:*:*",
"matchCriteriaId": "FAF39A95-2F62-4AF4-90E8-C42983EEBF5E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D5013D-520A-461A-95FF-43B2BE160F91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a heap overflow via sched_start_time parameter."
},
{
"lang": "es",
"value": "Se ha detectado que el Tenda AC1206 versi\u00f3n US_AC1206V1.0RTL_V15.03.06.23_multi_TD01, contiene un desbordamiento de pila por medio del par\u00e1metro sched_start_time"
}
],
"id": "CVE-2022-42080",
"lastModified": "2024-11-21T07:24:20.577",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-12T19:15:09.747",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/tianhui999/myCVE/blob/main/AC1206/AC1206-4.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/tianhui999/myCVE/blob/main/AC1206/AC1206-4.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-10 17:15
Modified
2025-01-06 17:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Tenda AC1206 V15.03.06.23, F1202 V1.2.0.20(408), and FH1202 V1.2.0.20(408) were discovered to contain a stack overflow in the page parameter in the fromSetIpBind function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/fromSetIpBind | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/fromSetIpBind | Exploit, Third Party Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/fromSetIpBind | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | f1202_firmware | 1.2.0.20\(408\) | |
| tenda | f1202 | - | |
| tenda | ac1206_firmware | 15.03.06.23 | |
| tenda | ac1206 | - | |
| tenda | fh1202_firmware | 1.2.0.20\(408\) | |
| tenda | fh1202 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:f1202_firmware:1.2.0.20\\(408\\):*:*:*:*:*:*:*",
"matchCriteriaId": "25D11FC4-85C7-4F6C-81A2-AF9CB6BE1507",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:f1202:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37DF507C-5EDA-46A0-851E-ED8BC0B54F88",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23:*:*:*:*:*:*:*",
"matchCriteriaId": "787A50A1-EDBC-44EB-8CF2-11C4FC63719D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D5013D-520A-461A-95FF-43B2BE160F91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:fh1202_firmware:1.2.0.20\\(408\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B254D7D1-C1C2-4C80-B9EC-1909A92B1349",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:fh1202:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A632A11-60A0-457C-A039-BED32F83BD52",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC1206 V15.03.06.23, F1202 V1.2.0.20(408), and FH1202 V1.2.0.20(408) were discovered to contain a stack overflow in the page parameter in the fromSetIpBind function."
}
],
"id": "CVE-2023-37712",
"lastModified": "2025-01-06T17:15:13.680",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-07-10T17:15:09.877",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/fromSetIpBind"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/fromSetIpBind"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/fromSetIpBind"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-14 00:15
Modified
2024-11-21 08:12
Severity ?
Summary
Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromNatStaticSetting.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/fromNatStaticSetting/report.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/fromNatStaticSetting/report.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | f1202_firmware | 1.2.0.20\(408\) | |
| tenda | f1202 | - | |
| tenda | fh1202_firmware | 1.2.0.19_en | |
| tenda | fh1202 | - | |
| tenda | f1202_firmware | 1.0br | |
| tenda | f1202 | - | |
| tenda | ac10_firmware | 1.0 | |
| tenda | ac10 | - | |
| tenda | ac1206_firmware | 1.0 | |
| tenda | ac1206 | - | |
| tenda | ac7_firmware | 1.0 | |
| tenda | ac7 | - | |
| tenda | ac5_firmware | 1.0 | |
| tenda | ac5 | - | |
| tenda | ac9_firmware | 3.0 | |
| tenda | ac9 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:f1202_firmware:1.2.0.20\\(408\\):*:*:*:*:*:*:*",
"matchCriteriaId": "25D11FC4-85C7-4F6C-81A2-AF9CB6BE1507",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:f1202:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37DF507C-5EDA-46A0-851E-ED8BC0B54F88",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:fh1202_firmware:1.2.0.19_en:*:*:*:*:*:*:*",
"matchCriteriaId": "C36B9BA7-B171-453D-951B-23CA2F19111A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:fh1202:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A632A11-60A0-457C-A039-BED32F83BD52",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:f1202_firmware:1.0br:*:*:*:*:*:*:*",
"matchCriteriaId": "83FA7DD8-061F-4893-ADBB-1FD1E6849107",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:f1202:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37DF507C-5EDA-46A0-851E-ED8BC0B54F88",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac10_firmware:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54F7AF9E-E4EC-4060-B1F4-29A891970DDE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B9E0489C-31D5-43C4-B15D-1D88119EF226",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac1206_firmware:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AF48C35A-8042-4E7B-B672-8904B999E9AE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D5013D-520A-461A-95FF-43B2BE160F91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac7_firmware:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD539CFA-4D45-4776-9E62-66EB123456BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3BEE979-5BF3-48ED-AF42-0546D4F896E9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac5_firmware:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A71BB02-CEFA-4B73-8B24-D4217C261D39",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A74C4FD-76A0-4E7C-94E0-EC293F379DD2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac9_firmware:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D7D1050F-CA28-4365-8C46-6D6AF7572EAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD1430E-DC2E-4042-9389-1FD90ECDBE4D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromNatStaticSetting."
}
],
"id": "CVE-2023-37716",
"lastModified": "2024-11-21T08:12:10.067",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-14T00:15:09.430",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/fromNatStaticSetting/report.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/fromNatStaticSetting/report.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-14 00:15
Modified
2024-11-21 08:12
Severity ?
Summary
Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromDhcpListClient.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/fromDhcpListClient/repot.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/fromDhcpListClient/repot.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | f1202_firmware | 1.2.0.20\(408\) | |
| tenda | f1202 | - | |
| tenda | fh1202_firmware | 1.2.0.19_en | |
| tenda | fh1202 | - | |
| tenda | f1202_firmware | 1.0br | |
| tenda | f1202 | - | |
| tenda | ac10_firmware | 1.0 | |
| tenda | ac10 | - | |
| tenda | ac1206_firmware | 1.0 | |
| tenda | ac1206 | - | |
| tenda | ac7_firmware | 1.0 | |
| tenda | ac7 | - | |
| tenda | ac5_firmware | 1.0 | |
| tenda | ac5 | - | |
| tenda | ac9_firmware | 3.0 | |
| tenda | ac9 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:f1202_firmware:1.2.0.20\\(408\\):*:*:*:*:*:*:*",
"matchCriteriaId": "25D11FC4-85C7-4F6C-81A2-AF9CB6BE1507",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:f1202:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37DF507C-5EDA-46A0-851E-ED8BC0B54F88",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:fh1202_firmware:1.2.0.19_en:*:*:*:*:*:*:*",
"matchCriteriaId": "C36B9BA7-B171-453D-951B-23CA2F19111A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:fh1202:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A632A11-60A0-457C-A039-BED32F83BD52",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:f1202_firmware:1.0br:*:*:*:*:*:*:*",
"matchCriteriaId": "83FA7DD8-061F-4893-ADBB-1FD1E6849107",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:f1202:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37DF507C-5EDA-46A0-851E-ED8BC0B54F88",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac10_firmware:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54F7AF9E-E4EC-4060-B1F4-29A891970DDE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B9E0489C-31D5-43C4-B15D-1D88119EF226",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac1206_firmware:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AF48C35A-8042-4E7B-B672-8904B999E9AE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29D5013D-520A-461A-95FF-43B2BE160F91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac7_firmware:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD539CFA-4D45-4776-9E62-66EB123456BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3BEE979-5BF3-48ED-AF42-0546D4F896E9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac5_firmware:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A71BB02-CEFA-4B73-8B24-D4217C261D39",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A74C4FD-76A0-4E7C-94E0-EC293F379DD2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ac9_firmware:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D7D1050F-CA28-4365-8C46-6D6AF7572EAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD1430E-DC2E-4042-9389-1FD90ECDBE4D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromDhcpListClient."
}
],
"id": "CVE-2023-37717",
"lastModified": "2024-11-21T08:12:10.257",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-14T00:15:09.477",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/fromDhcpListClient/repot.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/fromDhcpListClient/repot.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}