CVE-2022-27078

Tenda M3 1.10 V1.0.0.124856 was discovered to contain a command injection vulnerability via the component /goform/setAdInfoDetail...

Tenda M3 /goform/setAdInfoDetail File Heap Buffer Overflow Vulnerability

Tenda M3 is a wireless controller AC from Tenda, which is aimed at scenarios such as hotel chains, low-star hotels and small and medium-sized businesses. Tenda M3 heap buffer overflow vulnerability exists, the vulnerability stems from the parameter...

CVE-2025-15233

A security flaw has been discovered in Tenda M3 1.0.0.134903. This issue affects the function formSetAdInfoDetails of the file /goform/setAdInfoDetail. The manipulation of the argument adName/smsPassword/smsAccount/weixinAccount/weixinName/smsSignature/adRedirectUrl/adCopyRight/smsContent/adItemU...

CVE-2025-15233

A security flaw has been discovered in Tenda M3 1.0.0.134903. This issue affects the function formSetAdInfoDetails of the file /goform/setAdInfoDetail. The manipulation of the argument adName/smsPassword/smsAccount/weixinAccount/weixinName/smsSignature/adRedirectUrl/adCopyRight/smsContent/adItemU...

CVE-2025-15233

A security flaw has been discovered in Tenda M3 1.0.0.134903. This issue affects the function formSetAdInfoDetails of the file /goform/setAdInfoDetail. The manipulation of the argument adName/smsPassword/smsAccount/weixinAccount/weixinName/smsSignature/adRedirectUrl/adCopyRight/smsContent/adItemU...

EUVD-2025-205699

A security flaw has been discovered in Tenda M3 1.0.0.134903. This issue affects the function formSetAdInfoDetails of the file /goform/setAdInfoDetail. The manipulation of the argument adName/smsPassword/smsAccount/weixinAccount/weixinName/smsSignature/adRedirectUrl/adCopyRight/smsContent/adItemU...

CVE-2025-15233

A security flaw has been discovered in Tenda M3 1.0.0.134903. This issue affects the function formSetAdInfoDetails of the file /goform/setAdInfoDetail. The manipulation of the argument adName/smsPassword/smsAccount/weixinAccount/weixinName/smsSignature/adRedirectUrl/adCopyRight/smsContent/adItemU...

CVE-2025-15233

CVE-2025-15233 affects Tenda M3 1.0.0.13(4903). The heap-based buffer overflow occurs in the function formSetAdInfoDetails within /goform/setAdInfoDetail when manipulating arguments including adName, smsPassword, smsAccount, weixinAccount, weixinName, smsSignature, adRedirectUrl, adCopyRight, sms...

PT-2025-53853

Name of the Vulnerable Software and Affected Versions Tenda M3 version 1.0.0.134903 Description A security issue exists in Tenda M3 version 1.0.0.134903. The formSetAdInfoDetails function within the /goform/setAdInfoDetail file is susceptible to a heap-based buffer overflow. This occurs through t...

CVE-2022-27078

Tenda M3 1.10 V1.0.0.124856 was discovered to contain a command injection vulnerability via the component /goform/setAdInfoDetail...

CVE-2022-27078

Tenda M3 1.10 V1.0.0.124856 was discovered to contain a command injection vulnerability via the component /goform/setAdInfoDetail...

CVE-2022-27078

Tenda M3 1.10 V1.0.0.124856 was discovered to contain a command injection vulnerability via the component /goform/setAdInfoDetail...

Command injection

Tenda M3 1.10 V1.0.0.124856 was discovered to contain a command injection vulnerability via the component /goform/setAdInfoDetail...

PT-2022-18206 · Tenda · Tenda M3

Name of the Vulnerable Software and Affected Versions: Tenda M3 version 1.10 V1.0.0.124856 Description: A command injection issue was found in the component "/goform/setAdInfoDetail" of the affected software. Recommendations: For version 1.10 V1.0.0.124856, consider restricting access to the...

Tenda M3 命令注入漏洞

Tenda M3 is an access control from Tenda, a Chinese company. Tenda M3 is vulnerable to command injection, which stems from the component /goform/setAdInfoDetail fails to properly filter the construction of command special characters, commands, etc., and can be exploited by attackers to cause...