Tenda M3 命令注入漏洞

Tenda M3 is an access control from Tenda, a Chinese company. Tenda M3 is vulnerable to command injection, which stems from the failure of the component /goform/delAd to properly filter the construction of command special characters, commands, etc. An attacker could use this vulnerability to cause...

Tenda M3 命令注入漏洞

Tenda M3 is an access control from Tenda, a Chinese company. Tenda M3 is vulnerable to command injection, which stems from the failure of the component /cgi-bin/uploadWeiXinPic to properly filter the construction of command special characters, commands, etc. An attacker could use this vulnerabili...

Tenda M3 命令注入漏洞

Tenda M3 is an access control from Tenda, a Chinese company. Tenda M3 is vulnerable to command injection, which stems from the component /goform/setPicListItem fails to properly filter the construct command special characters, commands, etc., and can be exploited by attackers to cause arbitrary...

Tenda M3 操作系统命令注入漏洞

Tenda M3 is an access control from Tenda, a Chinese company. Tenda M3 has a command injection vulnerability, which originates from the component /goform/exeCommand fails to properly filter the construction of command special characters, commands, etc., which can be exploited by attackers to cause...

Tenda M3 命令注入漏洞

Tenda M3 is an access control from Tenda, a Chinese company. Tenda M3 is vulnerable to command injection, which stems from the component /goform/setFixTools fails to properly filter the construct command special characters, commands, etc., and can be exploited by attackers to cause arbitrary...

Tenda M3 命令注入漏洞

Tenda M3 is an access control from Tenda, China. Tenda M3 is vulnerable to command injection, which stems from the failure of the component /goform/SetInternetLanInfo to properly filter the construction of command special characters, commands, etc. An attacker could use this vulnerability to caus...

CVE-2021-45809

The CVE-2021-45809 entry affects GlobalProtect-openconnect versions prior to 1.4.3, due to incorrect access control in GPService via DBus and the GUI application. This flaw allows arbitrary users to run root commands by supplying the --script=[removed] parameter, indicating a high-severity privil...

GHSA-HF8C-XR89-VFM5 Command Injection in ungit

The package ungit before 1.5.20 are vulnerable to Remote Code Execution RCE via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values remote and ref are passed to the git fetch command. By injecting some git options it was possible to get arbitrary...

Tenda AC9 Command Injection Vulnerability (CNVD-2022-26245)

Tenda AC9 is a wireless router from Tenda, China.A command injection vulnerability exists in Tenda AC9 version 15.03.2.21, which stems from the failure of the vlanid parameter in the SetIPTVCfg function to properly filter the special elements of the construction snippet, which can be exploited to...

Tenda AC9 Buffer Overflow Vulnerability (CNVD-2022-26244)

Tenda AC9 is a wireless router from Tenda, China.Tenda AC9 version 15.03.2.21 is vulnerable to a buffer overflow vulnerability, which stems from the list parameter in the SetStaticRoutecfg function that does not properly validate data boundaries when performing operations on memory, and can be...

Tenda AC9 Buffer Overflow Vulnerability (CNVD-2022-26247)

Tenda AC9 is a wireless router from Tenda, China.Tenda AC9 version 15.03.2.21 is vulnerable to a buffer overflow vulnerability, which stems from the firewallCfg parameter in the SetFirewallCfg function that does not properly validate data boundaries when performing operations on memory, and can b...

Tenda AC9 saveparentcontrolinfo function buffer overflow vulnerability

Tenda AC9 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in the Tenda AC9 saveparentcontrolinfo function, which can be exploited by an attacker to cause arbitrary command execution...

Tenda AC9 openSchedWifi Function Stack Overflow Vulnerability

Tenda AC9 is a wireless router from Tenda, a Chinese company. A stack overflow vulnerability exists in the Tenda AC9 openSchedWifi function, which can be exploited by an attacker to cause arbitrary command execution...

Tenda AC6 SetSysTimeCfg Function Stack Overflow Vulnerability

The Tenda AC6 is a wireless router from the Chinese company Tenda. A stack overflow vulnerability exists in the Tenda AC6 SetSysTimeCfg function, which can be exploited by an attacker to cause arbitrary command execution...

Tenda AC6 SetIpMacBind Function Stack Overflow Vulnerability

The Tenda AC6 is a wireless router from the Chinese company Tenda. A stack overflow vulnerability exists in the Tenda AC6 SetIpMacBind function, which can be exploited by an attacker to cause arbitrary command execution...

Tenda AC6 openSchedWifi Function Stack Overflow Vulnerability

The Tenda AC6 is a wireless router. A stack overflow vulnerability exists in the Tenda AC6 openSchedWifi function, which can be exploited by an attacker to cause arbitrary command execution...

Tenda AC9 saveparentcontrolinfo function stack overflow vulnerability (CNVD-2022-25785)

Tenda AC9 is a wireless router from Tenda, China.A stack overflow vulnerability exists in the Tenda AC9 saveparentcontrolinfo function, which can be exploited by attackers to cause arbitrary command execution...

Tenda AC9 Buffer Overflow Vulnerability (CNVD-2022-26243)

Tenda AC9 is a wireless router from Tenda, China.Tenda AC9 version 15.03.2.21 is vulnerable to a buffer overflow vulnerability, which stems from the ntpserver parameter in the SetSysTimeCfg function that does not properly validate data boundaries when performing operations on memory, and can be...

Tenda AC6 Buffer Overflow Vulnerability

Tenda AC6 is a wireless router from Tenda, China. Tenda AC6 is vulnerable to a buffer overflow vulnerability, which stems from the deviceId parameter in the saveParentControlInfo function that does not properly validate data boundaries when performing operations on memory, and can be exploited by...

Tenda AC9 Command Injection Vulnerability (CNVD-2022-26241)

Tenda AC9 is a wireless router from Tenda, China.A command injection vulnerability exists in Tenda AC9 version 15.03.2.21, which stems from the failure of the dosystemcmd parameter in the suba3550 function to properly filter the special elements of the construction snippet, which can be exploited...