Unspecified vulnerability in Tenda O6 (CNVD-2024-40284)

Tenda O6 is a wireless bridge from Tenda, China. A security vulnerability exists in Tenda O6 version V1.0.0.7, which is caused by a buffer overflow vulnerability in the formexeCommand function. No details of the vulnerability are available at this time...

CVE-2024-46049

Tenda O6 V3.0 firmware V1.0.0.72054 contains a stack overflow vulnerability in the formexeCommand function...

CVE-2023-51101

Tenda W9 V1.0.0.74456CN was discovered to contain a stack overflow via the function formSetUplinkInfo...

CVE-2023-51097

Tenda W9 V1.0.0.74456CN was discovered to contain a stack overflow via the function formSetAutoPing...

CVE-2023-51099

Tenda W9 V1.0.0.74456CN was discovered to contain a command injection vulnerability via the function formexeCommand...

Command injection

Tenda W9 V1.0.0.74456CN was discovered to contain a command injection vulnerability via the function formGetDiagnoseInfo...

Stack overflow

Tenda W9 V1.0.0.74456CN was discovered to contain a stack overflow via the function formWifiMacFilterSet...

CVE-2023-51102

Tenda W9 V1.0.0.74456CN was discovered to contain a stack overflow via the function formWifiMacFilterSet...

CVE-2023-51098

The CVE-2023-51098 entry concerns Tenda W9 firmware version 1.0.0.7(4456)_CN, where the formSetDiagnoseInfo function contains a vulnerability allowing command injection. The root cause is the lack of neutralization of special elements in that function, enabling a remote attacker to execute arbitr...

CVE-2023-51101

Tenda W9 V1.0.0.74456CN was discovered to contain a stack overflow via the function formSetUplinkInfo...

CVE-2023-51100

Tenda W9 is affected by CVE-2023-51100 in firmware version 1.0.0.7(4456)_CN. The vulnerability is a command injection via the formGetDiagnoseInfo function. The CVSS 3.1 score is 9.8 (CRITICAL): network-remote vector, no authentication, no user interaction required, with high impact on confidentia...

CVE-2023-51099

Tenda W9 firmware version 1.0.0.7(4456) CN contains a command injection in the formexeCommand function. The issue stems from lack of neutralization of special elements in formexeCommand, potentially allowing a remote attacker to execute arbitrary code. The PT-security entry notes a temporary work...

CVE-2023-51097

CVE-2023-51097 affects Tenda W9 firmware v1.0.0.7(4456) CN. A stack overflow in the formSetAutoPing function is documented, potentially enabling arbitrary code execution (high/severe impact per sources). Remediation noted: temporarily disable the formSetAutoPing feature; no patched firmware versi...