Lucene search
K

454 matches found

CVE
CVE
added 2019/04/25 7:44 p.m.50 views

CVE-2018-14559

CVE-2018-14559 describes a buffer overflow in Tenda devices (AC7 firmware V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN) caused by writing POST list parameters with sprintf to a stack variable in the httpd web server, which can overwrite a return address. Primary impact is high...

7.8CVSS7.7AI score0.0143EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2018/11/02 12:0 a.m.3 views

Tenda AC7, AC9 and AC10 Command Injection Vulnerabilities

The Tenda AC7, AC9 and AC10 are all wireless router products from Tenda, a Chinese company. A command injection vulnerability exists in the Tenda AC7, AC9, and AC10. An attacker can exploit this vulnerability by sending a specially crafted request to execute arbitrary operating system commands...

10CVSS9.9AI score0.08672EPSS
Exploits1References1
Prion
Prion
added 2018/10/30 6:29 p.m.30 views

Command injection

An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44CNAC7, AC9 devices with firmware through V15.03.05.196318CNAC9, and AC10 devices with firmware through V15.03.06.23CNAC10. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a craft...

10CVSS9.8AI score0.08672EPSS
Exploits1References1Affected Software3
OSV
OSV
added 2018/10/30 6:29 p.m.9 views

CVE-2018-14558

An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44CNAC7, AC9 devices with firmware through V15.03.05.196318CNAC9, and AC10 devices with firmware through V15.03.06.23CNAC10. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a craft...

9.8CVSS6.1AI score0.08672EPSS
Exploits1References2
CVE
CVE
added 2018/10/30 6:0 p.m.1041 views

CVE-2018-14558

CVE-2018-14558 affects Tenda AC7/AC9/AC10 routers (firmware: AC7 ≤ V15.03.06.44_CN, AC9 ≤ V15.03.05.19(6318)_CN, AC10 ≤ V15.03.06.23_CN). The flaw arises in the formsetUsbUnload function, which calls dosystemCmd with untrusted input via a crafted goform/setUsbUnload request, leading to arbitrary ...

10CVSS9.7AI score0.08672EPSS
In wildExploits1References2Affected Software1
OSV
OSV
added 2018/10/29 12:29 p.m.4 views

CVE-2018-18732

An issue was discovered on Tenda AC7 V15.03.06.44CN, AC9 V15.03.05.196318CN, AC10 V15.03.06.23CN, AC15 V15.03.05.19CN, and AC18 V15.03.05.196318CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'ntpServer' parameter for a post request,...

7.5CVSS6.2AI score0.01141EPSS
Exploits1References1
Prion
Prion
added 2018/10/29 12:29 p.m.23 views

Buffer overflow

An issue was discovered on Tenda AC7 V15.03.06.44CN, AC9 V15.03.05.196318CN, AC10 V15.03.06.23CN, AC15 V15.03.05.19CN, and AC18 V15.03.05.196318CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'startIp' and 'endIp' parameters for a pos...

7.8CVSS7.7AI score0.01141EPSS
Exploits1References1Affected Software5
Prion
Prion
added 2018/10/29 12:29 p.m.27 views

Buffer overflow

An issue was discovered on Tenda AC7 V15.03.06.44CN, AC9 V15.03.05.196318CN, AC10 V15.03.06.23CN, AC15 V15.03.05.19CN, and AC18 V15.03.05.196318CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "page" parameter of the function...

7.8CVSS7.7AI score0.01141EPSS
Exploits1References1Affected Software5
CVE
CVE
added 2018/10/28 12:0 a.m.56 views

CVE-2018-18729

Affected devices are Tenda routers AC7 (V15.03.06.44_CN), AC9 (V15.03.05.19(6318)_CN), AC10 (V15.03.06.23_CN), AC15 (V15.03.05.19_CN), and AC18 (V15.03.05.19(6318)_CN). The issue is a heap-based buffer overflow in the router web server (httpd). During processing of the mac parameter for a POST re...

9.8CVSS9.4AI score0.01347EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/10/27 10:0 p.m.53 views

CVE-2018-18706

CVE-2018-18706 affects Tenda AC7/AC9/AC10/AC15/AC18 routers. The vulnerability exists in the router’s web server (httpd) where, on processing the page parameter of the function fromDhcpListClient , the value is directly used in a sprintf into a stack-based local variable, overriding the function’...

7.8CVSS7.7AI score0.01141EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2018/09/03 12:0 a.m.3 views

Buffer Overflow Vulnerability in Multiple Tenda Products

Tenda AC7 and others are wireless router products from Tenda, a Chinese company. A buffer overflow vulnerability exists in the web server of multiple Tenda products. An attacker could exploit this vulnerability to cause a denial of service...

7.8CVSS7.4AI score0.01641EPSS
Exploits1References1
OSV
OSV
added 2018/07/21 12:29 p.m.6 views

CVE-2018-14492

Tenda AC7 through V15.03.06.44CN, AC9 through V15.03.05.196318CN, and AC10 through V15.03.06.23CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI...

7.5CVSS5.9AI score0.01121EPSS
Exploits1References1
Prion
Prion
added 2018/07/21 12:29 p.m.18 views

Stack overflow

Tenda AC7 through V15.03.06.44CN, AC9 through V15.03.05.196318CN, and AC10 through V15.03.06.23CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI...

5CVSS7.6AI score0.01121EPSS
Exploits1References1Affected Software5
CVE
CVE
added 2018/07/21 12:0 p.m.48 views

CVE-2018-14492

The CVE-2018-14492 entry affects Tenda router models AC7 (firmware up to 15.03.06.44_CN), AC9 (up to 15.03.05.19(6318)_CN), and AC10 (up to 15.03.06.23_CN). A stack-based buffer overflow is triggered by a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI. No explicit patch/v...

7.5CVSS7.6AI score0.01121EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder