8 matches found
Tenda AC15 AC1900 Remote Code Execution Vulnerability
Tenda AC15 AC1900 is a wireless router from Tenda, a Chinese company. A remote code execution vulnerability exists in the goform/setUsbUnload endpoint in the Tenda AC15 AC1900 version 15.03.05.19, which can be exploited to execute arbitrary system commands via the deviceName POST parameter...
Tenda AC15 AC1900 Cross-Site Scripting Vulnerability
Tenda AC15 AC1900 is a wireless router from Tenda, a Chinese company. A cross-site scripting vulnerability exists in the /goform/WifiBasicSet endpoint in the Tenda AC15 AC1900 version 15.03.05.19, which can be exploited by remote attackers to execute JavaScript via the WifiName POST parameter...
CVE-2020-10987
The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter...
Design/Logic Flaw
The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter...
CVE-2020-10989
An XSS issue in the /goform/WifiBasicSet endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute malicious payloads via the WifiName POST parameter...
CVE-2020-10989
CVE-2020-10989 refers to a Cross-Site Scripting vulnerability in the Tenda AC15 AC1900 router (firmware version 15.03.05.19). The XSS is triggered via the /goform/WifiBasicSet endpoint through the WifiName POST parameter. Affected component appears to be the web UI handling WifiName input; root c...
CVE-2020-10987
The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
PT-2020-4297 · Tenda · Tenda Ac15 Ac1900
Name of the Vulnerable Software and Affected Versions: Tenda AC15 AC1900 version 15.03.05.19 Description: The issue is related to insufficient neutralization of special elements, allowing remote attackers to execute arbitrary system commands. This can be achieved via the "deviceName" POST paramet...