42 matches found
CVE-2022-25457
Tenda AC6 v15.03.05.09multi was discovered to contain a stack overflow via the ntpserver parameter in the SetSysTimeCfg function...
CVE-2022-25457
CVE-2022-25457 – Tenda AC6 : A stack overflow was found in Tenda AC6 v15.03.05.09_multi triggered by the ntpserver parameter in the SetSysTimeCfg function. The vulnerability is documented with a CVSS v3.1 base score of 9.8 (CRITICAL) and a CVSS v2.0 base score of 10.0, indicating NETWORK access, ...
CVE-2022-25440
CVE-2022-25440 affects Tenda AC9 router (v15.03.2.21). Root cause: a stack overflow in the SetSysTimeCfg function triggered by the ntpserver parameter. Impact indicators in sources describe potential to compromise confidentiality, integrity, and availability (high/critical). No explicit patch/ver...
CVE-2022-25440
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the ntpserver parameter in the SetSysTimeCfg function...
PT-2022-17295 · Tenda · Tenda Ac9
Name of the Vulnerable Software and Affected Versions: Tenda AC9 version 15.03.2.21 Description: A stack overflow issue was discovered via the ntpserver parameter in the SetSysTimeCfg function. Recommendations: For Tenda AC9 version 15.03.2.21, consider restricting access to the SetSysTimeCfg...
Tenda AC9 缓冲区错误漏洞
Tenda AC9 is a wireless router from Tenda, China.Tenda AC9 version 15.03.2.21 is vulnerable to a buffer overflow vulnerability, which stems from the ntpserver parameter in the SetSysTimeCfg function that does not properly validate data boundaries when performing operations on memory, and can be...
Tenda AX1806 fromSetSysTime function stack overflow vulnerability
The Tenda AX1806 is a WiFi6 wireless router from Tenda, a Chinese company. A stack overflow vulnerability exists in the Tenda AX1806 fromSetSysTime function, which can be exploited by an attacker to cause a Denial of Service DoS via the ntpServer parameter...
CVE-2022-25555
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service DoS via the ntpServer parameter...
CVE-2022-25555
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service DoS via the ntpServer parameter...
Stack overflow
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service DoS via the ntpServer parameter...
Tenda AX1806 缓冲区错误漏洞
The Tenda AX1806 is a WiFi6 wireless router from Tenda, a Chinese company. A stack overflow vulnerability exists in the Tenda AX1806 fromSetSysTime function, which can be exploited by an attacker to cause a Denial of Service DoS via the ntpServer parameter...
CVE-2022-25555
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service DoS via the ntpServer parameter...
Prima FlexAir Access Control 2.3.38 - Remote Code Execution Exploit
Exploit for hardware platform in category web applications Exploit Title: Prima FlexAir Access Control 2.3.38 - Remote Code Execution Exploit Author: LiquidWorm Vendor Homepage: https://www.primasystems.eu/ Software Link: https://primasystems.eu/flexair-access-control/ Version: 2.3.38 Tested on: ...
CVE-2018-18732
An issue was discovered on Tenda AC7 V15.03.06.44CN, AC9 V15.03.05.196318CN, AC10 V15.03.06.23CN, AC15 V15.03.05.19CN, and AC18 V15.03.05.196318CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'ntpServer' parameter for a post request,...
Buffer overflow
An issue was discovered on Tenda AC7 V15.03.06.44CN, AC9 V15.03.05.196318CN, AC10 V15.03.06.23CN, AC15 V15.03.05.19CN, and AC18 V15.03.05.196318CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'ntpServer' parameter for a post request,...
CVE-2016-5675
handledaylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter...
Code injection
handledaylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter...
Novell Filr Command Injection Vulnerability
Novell Filr is a file access and sharing solution for the enterprise from Novell, USA. An operating system command injection vulnerability exists in the vaconfig/time file in Novell Filr 1.2 Security Update 2 and earlier and 2.0 Security Update 1 and earlier. A remote attacker can exploit this...
CVE-2016-1608
vaconfig/time in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ntpServer parameter...
CVE-2016-1608
vaconfig/time in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ntpServer parameter...