Lucene search

K

W15e Security Vulnerabilities

cve
cve

CVE-2024-4126

A vulnerability was found in Tenda W15E 15.11.0.14 and classified as critical. This issue affects the function formSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument manualTime leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has...

8.8CVSS

6.9AI Score

0.0004EPSS

2024-04-24 08:15 PM
30
cve
cve

CVE-2024-4127

A vulnerability was found in Tenda W15E 15.11.0.14. It has been classified as critical. Affected is the function guestWifiRuleRefresh. The manipulation of the argument qosGuestDownstream leads to stack-based buffer overflow. It is possible to launch the attack remotely. VDB-261870 is the...

8.8CVSS

7AI Score

0.0004EPSS

2024-04-24 08:15 PM
32
cve
cve

CVE-2024-4125

A vulnerability has been found in Tenda W15E 15.11.0.14 and classified as critical. This vulnerability affects the function formSetStaticRoute of the file /goform/setStaticRoute. The manipulation of the argument staticRouteIndex leads to stack-based buffer overflow. The attack can be initiated...

8.8CVSS

6.9AI Score

0.0004EPSS

2024-04-24 07:15 PM
29
cve
cve

CVE-2024-4123

A vulnerability, which was classified as critical, has been found in Tenda W15E 15.11.0.14. Affected by this issue is the function formSetPortMapping of the file /goform/SetPortMapping. The manipulation of the argument...

8.8CVSS

6.9AI Score

0.0004EPSS

2024-04-24 07:15 PM
27
cve
cve

CVE-2024-4124

A vulnerability, which was classified as critical, was found in Tenda W15E 15.11.0.14. This affects the function formSetRemoteWebManage of the file /goform/SetRemoteWebManage. The manipulation of the argument remoteIP leads to stack-based buffer overflow. It is possible to initiate the attack...

8.8CVSS

6.9AI Score

0.0004EPSS

2024-04-24 07:15 PM
30
cve
cve

CVE-2024-4120

A vulnerability was found in Tenda W15E 15.11.0.14. It has been rated as critical. This issue affects the function formIPMacBindModify of the file /goform/modifyIpMacBind. The manipulation of the argument IPMacBindRuleId/IPMacBindRuleIp/IPMacBindRuleMac/IPMacBindRuleRemark leads to stack-based...

8.8CVSS

6.9AI Score

0.0004EPSS

2024-04-24 06:15 PM
30
cve
cve

CVE-2024-4121

A vulnerability classified as critical has been found in Tenda W15E 15.11.0.14. Affected is the function formQOSRuleDel. The manipulation of the argument qosIndex leads to stack-based buffer overflow. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-261864.....

8.8CVSS

7.1AI Score

0.0004EPSS

2024-04-24 06:15 PM
29
cve
cve

CVE-2024-4122

A vulnerability classified as critical was found in Tenda W15E 15.11.0.14. Affected by this vulnerability is the function formSetDebugCfg of the file /goform/setDebugCfg. The manipulation of the argument enable/level/module leads to stack-based buffer overflow. The attack can be launched remotely.....

8.8CVSS

6.9AI Score

0.0004EPSS

2024-04-24 06:15 PM
28
cve
cve

CVE-2024-4118

A vulnerability was found in Tenda W15E 15.11.0.14. It has been classified as critical. This affects the function formIPMacBindAdd of the file /goform/addIpMacBind. The manipulation of the argument IPMacBindRule leads to stack-based buffer overflow. It is possible to initiate the attack remotely......

8.8CVSS

6.9AI Score

0.0004EPSS

2024-04-24 05:15 PM
27
cve
cve

CVE-2024-4119

A vulnerability was found in Tenda W15E 15.11.0.14. It has been declared as critical. This vulnerability affects the function formIPMacBindDel of the file /goform/delIpMacBind. The manipulation of the argument IPMacBindIndex leads to stack-based buffer overflow. The attack can be initiated...

8.8CVSS

6.9AI Score

0.0004EPSS

2024-04-24 05:15 PM
26
cve
cve

CVE-2024-4117

A vulnerability was found in Tenda W15E 15.11.0.14 and classified as critical. Affected by this issue is the function formDelPortMapping of the file /goform/DelPortMapping. The manipulation of the argument portMappingIndex leads to stack-based buffer overflow. The attack may be launched remotely......

8.8CVSS

6.8AI Score

0.0004EPSS

2024-04-24 04:15 PM
29
cve
cve

CVE-2024-4115

A vulnerability, which was classified as critical, was found in Tenda W15E 15.11.0.14. Affected is the function formAddDnsForward of the file /goform/AddDnsForward. The manipulation of the argument DnsForwardRule leads to stack-based buffer overflow. It is possible to launch the attack remotely....

8.8CVSS

6.9AI Score

0.0004EPSS

2024-04-24 04:15 PM
25
cve
cve

CVE-2024-4116

A vulnerability has been found in Tenda W15E 15.11.0.14 and classified as critical. Affected by this vulnerability is the function formDelDhcpRule of the file /goform/DelDhcpRule. The manipulation of the argument delDhcpIndex leads to stack-based buffer overflow. The attack can be launched...

8.8CVSS

6.9AI Score

0.0004EPSS

2024-04-24 04:15 PM
27
cve
cve

CVE-2023-27064

Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the index parameter in the formDelDnsForward function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted...

7.5CVSS

7.6AI Score

0.001EPSS

2023-03-13 02:15 PM
60
cve
cve

CVE-2023-27062

Tenda V15V1.0 was discovered to contain a buffer overflow vulnerability via the gotoUrl parameter in the formPortalAuth function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted...

7.5CVSS

7.6AI Score

0.001EPSS

2023-03-13 02:15 PM
16
cve
cve

CVE-2023-27063

Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the DNSDomainName parameter in the formModifyDnsForward function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted...

9.8CVSS

9.4AI Score

0.002EPSS

2023-03-13 02:15 PM
52
cve
cve

CVE-2023-27061

Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the wifiFilterListRemark parameter in the modifyWifiFilterRules function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted...

9.8CVSS

9.4AI Score

0.002EPSS

2023-03-13 02:15 PM
56
cve
cve

CVE-2023-27065

Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the picName parameter in the formDelWewifiPi function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted...

7.5CVSS

7.6AI Score

0.001EPSS

2023-03-13 02:15 PM
17
cve
cve

CVE-2022-45996

Tenda W20E V16.01.0.6(3392) is vulnerable to Command injection via...

7.2CVSS

7.2AI Score

0.002EPSS

2022-12-12 04:15 PM
28
cve
cve

CVE-2022-45997

Tenda W20E V16.01.0.6(3392) is vulnerable to Buffer...

7.2CVSS

6.9AI Score

0.001EPSS

2022-12-12 04:15 PM
27
cve
cve

CVE-2022-42053

Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a command injection vulnerability via the PortMappingServer parameter in the setPortMapping...

7.8CVSS

7.8AI Score

0.001EPSS

2022-11-15 03:15 AM
27
11
cve
cve

CVE-2022-42060

Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setWanPpoe function. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow...

7.5CVSS

7.5AI Score

0.001EPSS

2022-11-15 03:15 AM
29
7
cve
cve

CVE-2022-42058

Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setRemoteWebManage function. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow...

9.8CVSS

9.4AI Score

0.002EPSS

2022-11-15 03:15 AM
26
8
cve
cve

CVE-2022-41396

Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain multiple command injection vulnerabilities in the function setIPsecTunnelList via the IPsecLocalNet and IPsecRemoteNet...

7.8CVSS

8.1AI Score

0.001EPSS

2022-11-15 03:15 AM
24
7
cve
cve

CVE-2022-40846

In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), a Stored Cross Site Scripting (XSS) vulnerability exists allowing an attacker to execute JavaScript code via the applications stored...

4.8CVSS

4.8AI Score

0.001EPSS

2022-11-15 03:15 AM
21
9
cve
cve

CVE-2022-40844

In Tenda (Shenzhen Tenda Technology Co., Ltd) AC1200 Router model W15Ev2 V15.11.0.10(1576), a Stored Cross Site Scripting (XSS) issue exists allowing an attacker to execute JavaScript code via the applications website filtering tab, specifically the URL...

5.4CVSS

5.3AI Score

0.001EPSS

2022-11-15 03:15 AM
27
9
cve
cve

CVE-2022-41395

Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a command injection vulnerability via the dmzHost parameter in the setDMZ...

7.8CVSS

7.8AI Score

0.001EPSS

2022-11-15 03:15 AM
25
11
cve
cve

CVE-2022-40845

The Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576) is affected by a password exposure vulnerability. When combined with the improper authorization/improper session management vulnerability, an attacker with access to the router may be able to expose sensitive information which they're not...

6.5CVSS

6.3AI Score

0.001EPSS

2022-11-15 02:15 AM
25
3
cve
cve

CVE-2022-40847

In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), there exists a command injection vulnerability in the function formSetFixTools. This vulnerability allows attackers to run arbitrary commands on the server via the hostname...

7.8CVSS

7.8AI Score

0.001EPSS

2022-11-15 02:15 AM
28
5
cve
cve

CVE-2022-40843

The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to improper authorization / improper session management that allows the router login page to be bypassed. This leads to authenticated attackers having the ability to read the routers syslog.log file which contains the MD5 password of....

4.9CVSS

5AI Score

0.186EPSS

2022-11-15 02:15 AM
19
4
cve
cve

CVE-2017-14514

Directory Traversal on Tenda W15E devices before 15.11.0.14 allows remote attackers to read unencrypted files via a crafted...

7.5CVSS

7.3AI Score

0.002EPSS

2022-10-03 04:23 PM
28
cve
cve

CVE-2017-14515

Heap-based Buffer Overflow on Tenda W15E devices before 15.11.0.14 allows remote attackers to cause a denial of service (temporary HTTP outage and forced logout) via unspecified...

7.5CVSS

7.4AI Score

0.002EPSS

2022-10-03 04:23 PM
22