PT-2024-31888 · Tenda · Tenda Fh451

Name of the Vulnerable Software and Affected Versions: Tenda FH451 version 1.0.0.9 Description: The issue is related to a command injection vulnerability in the formexeCommand function. This vulnerability allows for the injection of commands, potentially leading to unauthorized access or control...

CVE-2024-6963 Tenda O3 formexeCommand stack-based overflow

A vulnerability, which was classified as critical, has been found in Tenda O3 1.0.0.10. This issue affects the function formexeCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the publi...

CVE-2024-6963

The CVE-2024-6963 issue affects Tenda O3 version 1.0.0.10, in the formexeCommand function where manipulating the cmdinput parameter causes a stack-based buffer overflow. This can be triggered remotely and an exploit has been disclosed publicly. No patch details are provided in the sources; a prac...

PT-2024-38002 · Tenda · Tenda O3

Name of the Vulnerable Software and Affected Versions: Tenda O3 version 1.0.0.10 Description: A critical issue has been found in the formexeCommand function, where the manipulation of the cmdinput argument leads to a stack-based buffer overflow. This issue can be exploited remotely. The vendor wa...

CVE-2024-35340

Tenda FH1206 V1.2.0.88155 was discovered to contain a command injection vulnerability via the cmdinput parameter at ip/goform/formexeCommand...

CVE-2024-35340

CVE-2024-35340 affects Tenda FH1206 (version 1.2.0.8(8155)). The vulnerability is a command injection via the cmdinput parameter at ip/goform/formexeCommand, with CVSSv3.1 base score 8.6 (High) and impact on confidentiality (H) and integrity/availability (L). Connected advisories indicate exploit...

PT-2024-26441 · Tenda · Tenda Fh1206

Name of the Vulnerable Software and Affected Versions: Tenda FH1206 version 1.2.0.88155 Description: A command injection issue was found, which can be exploited via the cmdinput parameter at the "ip/goform/formexeCommand" endpoint. Recommendations: For Tenda FH1206 version 1.2.0.88155, avoid usin...

Tenda FH1206 安全漏洞

The Tenda FH1206 is a wireless router from Tenda China. The Tenda FH1206 version 1.2.0.88155 suffers from a command execution vulnerability, which stems from the cmdinput parameter of ip/goform/formexeCommand failing to correctly filter constructed command special characters, commands, etc., whic...

CVE-2024-4497

A vulnerability was found in Tenda i21 1.0.0.144656. It has been declared as critical. This vulnerability affects the function formexeCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to th...

Tenda FH1203 Command Injection Vulnerability

Tenda FH1203 is a dual-band wireless router from Tenda China, mainly used for home network coverage. The Tenda FH1203 suffers from a command injection vulnerability that stems from the cmdinput parameter of the formexeCommand method failing to properly filter construct command special characters,...

Tenda AC7 Command Injection Vulnerability

Tenda AC7 is a 1200M dual-band wireless router designed for large households by Tenda Technology, which adopts the 802.11ac standard and supports dual-band concurrent transmission with a wireless rate of up to 1167Mbps. Tenda AC7 suffers from a command injection vulnerability that stems from the...

Tenda W30E Command Injection Vulnerability

Tenda W30E is an enterprise-grade wireless router designed for SOHO, small and micro business offices and small store networking, supporting Wi-Fi 6 technology. The Tenda W30E suffers from a command injection vulnerability that stems from the cmdinput parameter of the formexeCommand method failin...

CVE-2024-32314

Tenda AC500 V2.0.1.91307 firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter...

CVE-2024-32292

Tenda W30E v1.0 V1.0.1.25633 firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter...

CVE-2024-32283

Tenda FH1203 V2.0.1.6 firmware has a command injection vulnerablility in formexeCommand function via the cmdinput parameter...

CVE-2024-32282

Tenda FH1202 v1.2.0.14408 firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter...

CVE-2024-32283

Tenda FH1203 V2.0.1.6 firmware has a command injection vulnerablility in formexeCommand function via the cmdinput parameter...

Tenda W30E 安全漏洞

Tenda W30E is an enterprise-grade wireless router designed for SOHO, small and micro business offices and small store networking, supporting Wi-Fi 6 technology. The Tenda W30E suffers from a command injection vulnerability that stems from the cmdinput parameter of the formexeCommand method failin...

CVE-2024-32283

The CVE-2024-32283 entry applies to Tenda FH1203 firmware version 2.0.1.6, where a command injection vulnerability exists in the formexeCommand function via the cmdinput parameter. Exploitation details are not provided in the supplied documents, but multiple sources (Red Hat, CNVD/CNNVD, CVE data...

Tenda AC500 安全漏洞

The Tenda AC500 is a Gigabit port access controller from Tenda, China. A security vulnerability exists in Tenda AC500 version 2.0.1.91307, which originates from a buffer overflow issue in the cmdinput parameter of the formexeCommand method of the /goform/execCommand file. No details of the...