12 matches found
EUVD-2022-32998
Malicious code in bioql PyPI...
EUVD-2022-32999
Malicious code in bioql PyPI...
CVE-2022-28557
There is a command injection vulnerability at the /goform/setsambacfg interface of Tenda AC15 USAC15V1.0BRV15.03.05.20multiTDE01.bin device web, which can also cooperate with CVE-2021-44971 to cause unconditional arbitrary command execution...
Tenda AC15 Command Injection Vulnerability
The Tenda AC15 is a wireless router from the Chinese company Tenda. The Tenda AC15 has a security vulnerability that can be exploited by an attacker to cause unconditional arbitrary command execution in conjunction with CVE-2021-44971...
CVE-2022-28556
Tenda AC15 USAC15V1.0BRV15.03.05.20multiTDE01.bin is vulnerable to Buffer Overflow. The stack overflow vulnerability lies in the /goform/setpptpservercfg interface of the web. The sent post data startip and endip are copied to the stack using the sanf function, resulting in stack overflow...
CVE-2022-28557
There is a command injection vulnerability at the /goform/setsambacfg interface of Tenda AC15 USAC15V1.0BRV15.03.05.20multiTDE01.bin device web, which can also cooperate with CVE-2021-44971 to cause unconditional arbitrary command execution...
Command injection
There is a command injection vulnerability at the /goform/setsambacfg interface of Tenda AC15 USAC15V1.0BRV15.03.05.20multiTDE01.bin device web, which can also cooperate with CVE-2021-44971 to cause unconditional arbitrary command execution...
Buffer overflow
Tenda AC15 USAC15V1.0BRV15.03.05.20multiTDE01.bin is vulnerable to Buffer Overflow. The stack overflow vulnerability lies in the /goform/setpptpservercfg interface of the web. The sent post data startip and endip are copied to the stack using the sanf function, resulting in stack overflow...
CVE-2022-28556
Tenda AC15 USAC15V1.0BRV15.03.05.20multiTDE01.bin is vulnerable to Buffer Overflow. The stack overflow vulnerability lies in the /goform/setpptpservercfg interface of the web. The sent post data startip and endip are copied to the stack using the sanf function, resulting in stack overflow...
CVE-2022-28556
The CVE-2022-28556 entry affects Tenda AC15 devices (US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin) via the web interface /goform/setpptpservercfg. The vulnerability is a stack-based buffer overflow caused by copying the post fields startip and endip to the stack (sanf function), leading to a stack ...
CVE-2021-44971
Multiple Tenda devices are affected by authentication bypass, such as AC15V1.0 Firmware V15.03.05.20multi?AC5V1.0 Firmware V15.03.06.48multi and so on. an attacker can obtain sensitive information, and even combine it with authenticated command injection to implement RCE...
CVE-2021-44971
Summary: CVE-2022-28557 is a command-injection vulnerability in the Tenda AC15 web interface (/goform/setsambacfg) that can lead to unconditional arbitrary command execution. It can cooperate with CVE-2021-44971 to achieve this. The vulnerability is reported within Red Hat/RedHat-derived advisori...