15 matches found
Cross site request forgery (csrf)
Tenda AX12 V22.03.01.21CN was discovered to contain a Cross-Site Request Forgery CSRF via /goform/SysToolRestoreSet...
Stack overflow
Tenda AX12 v22.03.01.21CN was discovered to contain a stack overflow via the ssid parameter at /goform/fastsettingwifiset...
CVE-2022-45980
Tenda AX12 V22.03.01.21CN was discovered to contain a Cross-Site Request Forgery CSRF via /goform/SysToolRestoreSet...
CVE-2022-45977
The CVE-2022-45977 entry concerns Tenda AX12 (V22.03.01.21_CN) with a command injection vulnerability exposed through the /goform/setMacFilterCfg endpoint. Affected component is the web/LAN management interface; root cause described as command injection in that function. The CVSSv3.1 scores indic...
CVE-2022-45980
CVE-2022-45980 affects Tenda AX12 with firmware version V22.03.01.21_CN and is caused by a Cross-Site Request Forgery (CSRF) vulnerability on the /goform/SysToolRestoreSet endpoint. The NVD entry assigns a CVSS v3.1 base score of 8.8 (High) with NETWORK attack vector, LOW attack complexity, and u...
CVE-2022-37292
CVE-2022-37292 affects Tenda AX12 with version V22.03.01.21_CN and involves a buffer overflow in the sub_42FDE4 function, triggered by handling the POST request under /goform/SetIpMacBind via the upper-level sub_430124 interface. Public sources concur on the vulnerable component and endpoint, wit...
Tenda AX12 缓冲区错误漏洞
Tenda AX12 is a dual-band Gigabit Wifi 6 wireless router from Tenda China. A security vulnerability exists in Tenda AX12 version V22.03.01.21CN, no detailed vulnerability details are available at this time...
CVE-2022-28082
Tenda AX12 v22.03.01.21CN was discovered to contain a stack overflow via the list parameter at /goform/SetNetControlList...
Stack overflow
Tenda AX12 v22.03.01.21CN was discovered to contain a stack overflow via the list parameter at /goform/SetNetControlList...
CVE-2022-28082
CVE-2022-28082 affects the Tenda AX12 router (v22.03.01.21_CN). The vulnerability is a stack overflow triggered by the list parameter at the HTTP endpoint /goform/SetNetControlList. The NVD metrics indicate a high to critical impact: CVSS v3.1 base score 9.8 (NETWORK, NONE privileges, user intera...
Cross site request forgery (csrf)
Tenda AX12 V22.03.01.21CN was discovered to contain a Cross-Site Request Forgery CSRF via the function sub422168 at /goform/WifiExtraSet...
CVE-2022-27374
CVE-2022-27374 concerns the Tenda AX12 (V22.03.01.21_CN) router, where a Cross-Site Request Forgery (CSRF) vulnerability exists in the function sub_42E328 at /goform/SysToolReboot. This is reported across multiple sources (Red Hat, CNVD, CVE/NVD) and indicates an impact on availability (NVD CVSS:...
CVE-2022-27375
Tenda AX12 V22.03.01.21_CN firmware is affected by a Cross-Site Request Forgery (CSRF) vulnerability in the sub_422168 function at /goform/WifiExtraSet. The issue arises from insufficient validation of the request source, enabling an attacker to craft harmful requests that trick a logged-in (trus...
Tenda AX12 跨站请求伪造漏洞
Tenda AX12 is a dual-band gigabit Wifi 6 wireless router from Tenda, China.Tenda AX12 V22.03.01.21CN is vulnerable to cross-site request spoofing. users, an attacker could use the vulnerability to spoof malicious requests to trick victims into clicking to perform sensitive operations...
CVE-2021-45392
The CVE-2021-45392 issue affects Tenda Router AX12 (V22.03.01.21_CN). The vulnerability is a buffer overflow in the sub_422CE4 function of the /goform/setIPv6Status path, triggered via the prefixDelegate parameter, leading to Denial of Service. Connected sources (Red Hat, CNVD, CVE records) confi...