CVE-2023-41557

CVE-2023-41557 affects Tenda AC7 (v1.0, v15.03.06.44) and Tenda AC5 (v1.0RTL, v15.03.06.28). A stack overflow is triggered via the entrys and mitInterface parameters at /goform/addressNat, enabling a high-severity, network-based impact with no user interaction. CVSS v3.1 indicates a critical base...

CVE-2023-38936

Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6, AC9 V3.0 V15.03.06.42multi and FH1205 V2.0.0.7775 were discovered to contain a stack overflow via the speeddir parameter in the formSetSpeedWan function...

CVE-2023-38935

CVE-2023-38935 affects multiple Tenda models (AC1206, AC8, AC5, AC10, AC9) with versions listed in the initial entry. A stack overflow via the list parameter in the formSetQosBand function is reported across sources; the CVSSv3.1 base score is 9.8 (CRITICAL) with NETWORK attack vector, no privile...

CVE-2023-31587

Tenda AC5 router V15.03.06.28 was discovered to contain a remote code execution RCE vulnerability via the Mac parameter at ip/goform/WriteFacMac...

CVE-2023-31587

CVE-2023-31587 affects Tenda AC5 router V15.03.06.28. A remote code execution (RCE) vulnerability exists via the Mac parameter at ip/goform/WriteFacMac, arising from insufficient input validation on the Mac field. Documented impact is arbitrary code execution with network access. Several sources ...

Buffer overflow

Tenda AC5 V15.03.06.28 is vulnerable to Buffer Overflow via the initWebs function...

CVE-2023-30368

CVE-2023-30368 affects Tenda AC5 devices with firmware version 15.03.06.28. The vulnerability is a buffer overflow in the initWebs function, leading to potential memory corruption. The CVSS data in the initial document indicates a CRITICAL base score (9.8) with network attack vector, no user inte...