High
CVSS: 8.7
A vulnerability was found in Tenda AC8 16.03.34.06 and classified as critical. This issue affects the function sub_49E098 of the file /goform/SetIpMacBind of the component Parameter Handler. The manipulation of the argument list leads to st…
High
CVSS: 8.7
A vulnerability, which was classified as critical, was found in Tenda AC7 up to 15.03.06.44. This affects the function formSetFirewallCfg of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based b…
Medium
CVSS: 5.3
A vulnerability, which was classified as critical, was found in Tenda AC7 1200M 15.03.06.44. Affected is the function TendaTelnet of the file /goform/telnet. The manipulation of the argument lan_ip leads to os command injection. It is possi…
High
CVSS: 8.7
A vulnerability, which was classified as critical, has been found in Tenda AC6 15.03.05.16. Affected by this issue is some unknown functionality of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack…
Medium
CVSS: 6.5
Tenda AC8 V16.03.34.06 is vulnerable to Buffer Overflow in the get_parentControl_list_Info function.
Medium
CVSS: 6.5
There is a RCE vulnerability in Tenda AC6 15.03.05.16_multi. In the formexeCommand function, the parameter cmdinput will cause remote command execution.
Medium
CVSS: 6.5
Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the sub_452A4 function.
High
CVSS: 8.0
Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterSet function.
Critical
CVSS: 9.8
Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the funcpara1 parameter in the formSetCfm function.
Critical
CVSS: 9.8
Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the list parameter in the formwrlSSIDset function.
Critical
CVSS: 9.8
Tenda AC10 V1.0 V15.03.06.23 has a command injection vulnerablility located in the formexeCommand function. The str variable receives the cmdinput parameter from a POST request and is later assigned to the cmd_buf variable, which is directl…
Critical
CVSS: 9.8
Tenda AC10 V1.0 V15.03.06.23 is vulnerable to Buffer Overflow in form_fast_setting_wifi_set via the parameter ssid.
Critical
CVSS: 9.8
Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the sub_47D878 function.
Critical
CVSS: 9.8
Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the urls parameter in the function get_parentControl_list_Info.
Critical
CVSS: 9.8
Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the sub_49E098 function.
Critical
CVSS: 9.8
A vulnerability was found in Tenda AC8V4 V16.03.34.06. Affected is the function SUB_0046AC38 of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow.
Critical
CVSS: 9.8
Tenda O4 V3.0 V1.0.0.10(2936) is vulnerable to Buffer Overflow in the function SafeSetMacFilter of the file /goform/setMacFilterList via the argument remark/type/time.
Critical
CVSS: 9.8
Tenda AC6 V15.03.05.16 firmware has a buffer overflow vulnerability in the formexeCommand function.
Medium
CVSS: 6.5
A sensitive information disclosure vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an unauthenticated remote attacker to retrieve sensitive configuration information, including WiFi SSID, WiFi password, and bas…
High
CVSS: 8.3
Hardcoded credentials in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to gain root access to the device over the telnet service.