17 matches found
CVE-2026-5152
A vulnerability was detected in Tenda CH22 1.0.0.1. Impacted is the function formCreateFileName of the file /goform/createFileName. Performing a manipulation of the argument fileNameMit results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may...
EUVD-2026-17218
A vulnerability was detected in Tenda CH22 1.0.0.1. Impacted is the function formCreateFileName of the file /goform/createFileName. Performing a manipulation of the argument fileNameMit results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may...
CVE-2026-5152
A vulnerability was detected in Tenda CH22 1.0.0.1. Impacted is the function formCreateFileName of the file /goform/createFileName. Performing a manipulation of the argument fileNameMit results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may...
CVE-2026-5152
A vulnerability was detected in Tenda CH22 1.0.0.1. Impacted is the function formCreateFileName of the file /goform/createFileName. Performing a manipulation of the argument fileNameMit results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may...
CVE-2026-5152 Tenda CH22 createFileName formCreateFileName stack-based overflow
A vulnerability was detected in Tenda CH22 1.0.0.1. Impacted is the function formCreateFileName of the file /goform/createFileName. Performing a manipulation of the argument fileNameMit results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may...
CVE-2026-5152
Summary of CVE-2026-5152 (Tenda CH22): A stack-based buffer overflow is triggered in the /goform/createFileName endpoint by manipulating the fileNameMit argument in the formCreateFileName function of Tenda CH22 1.0.0.1. The issue can be exploited remotely, and a public exploit is available. Conne...
Tenda CH22 安全漏洞
The Tenda CH22 is a network device produced by the Chinese company Tenda. Version 1.0.0.1 of the Tenda CH22 contains a security vulnerability. This vulnerability stems from an incorrect operation on the parameter “fileNameMit” in the function “formCreateFileName” within the...
PT-2026-29113
Name of the Vulnerable Software and Affected Versions Tenda CH22 version 1.0.0.1 Description A buffer overflow exists in the formCreateFileName function located in the file /goform/createFileName. Manipulation of the fileNameMit argument can trigger a stack-based buffer overflow, potentially...
EUVD-2022-48372
Malicious code in bioql PyPI...
CVE-2022-45506
Tenda W30E v1.0.1.25633 was discovered to contain a command injection vulnerability via the fileNameMit parameter at /goform/delFileName...
CVE-2022-45506
Tenda W30E v1.0.1.25633 was discovered to contain a command injection vulnerability via the fileNameMit parameter at /goform/delFileName...
CVE-2022-45506
Tenda W30E v1.0.1.25633 was discovered to contain a command injection vulnerability via the fileNameMit parameter at /goform/delFileName...
Command injection
Tenda W30E v1.0.1.25633 was discovered to contain a command injection vulnerability via the fileNameMit parameter at /goform/delFileName...
PT-2022-27548 · Tenda · Tenda W30E
Name of the Vulnerable Software and Affected Versions: Tenda W30E version 1.0.1.25633 Description: A command injection issue was discovered via the fileNameMit parameter at the "/goform/delFileName" API endpoint. This allows for potential command injection attacks. Recommendations: For Tenda W30E...
CVE-2022-45506
The CVE-2022-45506 issue affects Tenda W30E firmware version 1.0.1.25(633). Vulnerable component/file: the API endpoint /goform/delFileName, via the fileNameMit parameter, enabling command injection. CVSSv3.1 metrics show a base score of 9.8 (CRITICAL) with Network attack vector, Low attack compl...
CVE-2022-45506
Tenda W30E v1.0.1.25633 was discovered to contain a command injection vulnerability via the fileNameMit parameter at /goform/delFileName...
CVE-2022-45506
Tenda W30E v1.0.1.25633 was discovered to contain a command injection vulnerability via the fileNameMit parameter at /goform/delFileName...