Tenda M3 安全漏洞

Tenda M3 is an access control device produced by the Chinese company Tenda. Version 1.0.0.10 of Tenda M3 contains a security vulnerability. This vulnerability stems from incorrect handling of the parameter “policyType” in files located at “goform/setAdvPolicyData”, which may lead to a buffer...

CVE-2025-12213

CVE-2025-12213 affects Tenda O3 1.0.0.10(2478). The vulnerability is a stack-based overflow in the SetValue/GetValue handling of /goform/setVlanConfig via crafted lan input, enabling remote exploitation. Public disclosures exist. Connected sources (CNVD/CNNVD/NVD/PT-2025-43873) corroborate a buff...

CVE-2025-12212 Tenda O3 setNetworkService GetValue stack-based overflow

A weakness has been identified in Tenda O3 1.0.0.102478. This affects the function SetValue/GetValue of the file /goform/setNetworkService. This manipulation of the argument upnpEn causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the...

PT-2025-43871

Name of the Vulnerable Software and Affected Versions Tenda O3 version 1.0.0.102478 Description A security flaw exists in Tenda O3 version 1.0.0.102478. The issue is related to the SetValue/GetValue function within the /goform/setDmzInfo file. Manipulation of the dmzIP argument can lead to a...

PT-2025-7569 · Tenda · Tenda I12

Name of the Vulnerable Software and Affected Versions: Tenda i12 version 1.0.0.103805 Description: A buffer overflow issue was discovered in the formSetCfm function via the funcpara1 parameter. Recommendations: For Tenda i12 version 1.0.0.103805, as a temporary workaround, consider disabling the...

PT-2024-38114 · Tenda · Tenda O3

Name of the Vulnerable Software and Affected Versions: Tenda O3 version 1.0.0.102478 Description: A critical issue affects the function fromSafeSetMacFilter of the file /goform/setMacFilterList. The manipulation of the argument time leads to a stack-based buffer overflow. The attack may be...

PT-2024-38003 · Tenda · Tenda O3

Name of the Vulnerable Software and Affected Versions: Tenda O3 version 1.0.0.10 Description: A critical issue was found in the fromDhcpSetSer function. The manipulation of the arguments dhcpEn, startIP, endIP, preDNS, altDNS, mask, and gateway leads to a stack-based buffer overflow. This issue c...

PT-2024-38001 · Tenda · Tenda O3

Name of the Vulnerable Software and Affected Versions: Tenda O3 version 1.0.0.10 Description: A critical vulnerability was found in the function formQosSet. The manipulation of the arguments remark, ipRange, upSpeed, downSpeed, and enable leads to a stack-based buffer overflow. The attack can be...

WordPress Web Icons Plugin <= 1.0.0.10 is vulnerable to Cross Site Scripting (XSS)

Software Web Icons Type Plugin Vulnerable versions = 1.0.0.10 Fixed in 1.0.0.11 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29933 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 92c4582be5aa Credits LVT-tholv2k Required privilege...