482 matches found
PT-2024-23515 · Tenda · Tenda F1203
Name of the Vulnerable Software and Affected Versions: Tenda FH1203 version 2.0.1.6 Description: The issue is related to a stack overflow vulnerability in the time parameter of the saveParentControlInfo function. This vulnerability can be exploited, potentially leading to unintended behavior or...
The vulnerability of the fromSetSysTime() function (/goform/SetSysTimeCfg) in the Tenda AC15 router’s microprogramming software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the fromSetSysTime function /goform/SetSysTimeCfg in the Tenda AC15 router’s microprogramming software lies in the fact that the operation exits the buffer boundaries in memory when processing the time parameter. Exploiting this vulnerability could allow an attacker to...
Tenda AC7 安全漏洞
Tenda AC7 is a 1200M dual-band wireless router designed for large households by Tenda Technology, which adopts 802.11ac standard and supports dual-band concurrent transmission with wireless rate up to 1167Mbps. Tenda AC7 suffers from a buffer overflow vulnerability, which originates from a buffer...
CVE-2024-2855
A vulnerability classified as critical was found in Tenda AC15 15.03.05.18/15.03.05.19/15.03.20. Affected by this vulnerability is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument time leads to stack-based buffer overflow. The attack can be launched...
Tenda AC15 安全漏洞
Tenda AC15 is a wireless router from Tenda, China. A security vulnerability exists in Tenda AC15 version 15.03.05.18, which is caused by a stack-based buffer overflow in the time parameter of the fromSetSysTime method on the /goform/SetSysTimeCfg page...
PT-2024-2395 · Tenda · Tenda Ac15
Name of the Vulnerable Software and Affected Versions: Tenda AC15 versions 15.03.05.18 through 15.03.05.19 and version 15.03.20 Description: A critical vulnerability was found in the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument time leads to a...
CVE-2023-24334
A stack overflow vulnerability in Tenda AC23 with firmware version USAC23V1.0reV16.03.07.45cnTDC01 allows attackers to run arbitrary commands via schedStartTime parameter...
PT-2024-1316 · Totolink · Totolink N200Re
Name of the Vulnerable Software and Affected Versions: Totolink N200RE version 9.3.5u.6139 B20201216 Description: A critical issue affects the setParentalRules function of the /cgi-bin/cstecgi.cgi file, where manipulation of the eTime argument leads to a stack-based buffer overflow. This can be...
update_market() market weight incorrect
Lines of code Vulnerability details Vulnerability details in updatemarket We need to get the weight percentage of the corresponding market epoch through gaugeController Then allocate cantoPerBlockepoch according to the percentage The main logic code is as follows: function updatemarketaddress...
CVE-2024-0296
A vulnerability has been found in Totolink N200RE 9.3.5u.6139B20201216 and classified as critical. This vulnerability affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hosttime leads to os command injection. The attack can be initiated remotel...
The vulnerability of the NTPSyncWithHost interface of the TOTOlink EX1800T Wi-Fi range extender software allows a intruder to execute arbitrary commands.
The vulnerability of the NTPSyncWithHost interface of the TOTOlink EX1800T Wi-Fi extension software exists due to the failure to eliminate the special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using th...
PT-2023-29424 · Unknown · Online Examination System
Name of the Vulnerable Software and Affected Versions: Online Examination System version 1.0 Description: The issue concerns an Authenticated SQL Injection vulnerability. Specifically, the time parameter of the "update.php" resource does not validate the characters received and they are sent...
CVE-2023-51023
TOTOlink EX1800T v9.1.0cu.2112B20220316 is vulnerable to arbitrary command execution in the ‘hosttime’ parameter of the NTPSyncWithHost interface of the cstecgi .cgi...
TOTOLINK EX1800T 安全漏洞
The TOTOLINK EX1800T is a Wi-Fi range extender from China's Gion Electronics TOTOLINK. A command execution vulnerability exists in the TOTOLINK EX1800T version v9.1.0cu.2112B20220316. The vulnerability stems from the hosttime parameter of the NTPSyncWithHost interface of cstecgi .cgi failing to...
PT-2023-31294 · Unknown · Job Portal
Name of the Vulnerable Software and Affected Versions: Job Portal version 1.0 Description: The issue concerns an Unauthenticated SQL Injection vulnerability. Specifically, the txtTime parameter of the "Employer/InsertWalkin.php" resource does not validate the characters received, and they are sen...
PT-2023-8034 · Totolink · Totolink Ex1800T
Name of the Vulnerable Software and Affected Versions: TOTOlink EX1800T version 9.1.0cu.2112 B20220316 Description: The issue concerns arbitrary command execution in the host time parameter of the NTPSyncWithHost interface of the cstecgi .cgi. This vulnerability exists due to the lack of measures...
CVE-2023-50987
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysTimeInfoSet function...
CVE-2023-50986
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysLogin function...
CVE-2023-50986
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysLogin function...
CVE-2023-50987
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysTimeInfoSet function...