Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

G3 Firmware Security Vulnerabilities - CVSS Score 9 - 10

cve
cve

CVE-2021-27691

Command Injection in Tenda G0 routers with firmware versions v15.11.0.6(9039)_CN and v15.11.0.5(5876)_CN , and Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted action/setDebugCfg reques...

9.8CVSS

9.8AI Score

0.003EPSS

2021-04-16 12:15 AM
59
5
cve
cve

CVE-2021-27692

Command Injection in Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted "action/umountUSBPartition" request. This occurs because the "formSetUSBPartitionUmount" function executes the "doS...

9.8CVSS

9.8AI Score

0.003EPSS

2021-04-16 12:15 AM
54
4
cve
cve

CVE-2021-45986

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetUSBShareInfo. This vulnerability allows attackers to execute arbitrary commands via the usbOrdinaryUserName parameter.

9.8CVSS

10AI Score

0.002EPSS

2022-02-04 02:15 AM
34
cve
cve

CVE-2021-45987

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetNetCheckTools. This vulnerability allows attackers to execute arbitrary commands via the hostName parameter.

9.8CVSS

10AI Score

0.002EPSS

2022-02-04 02:15 AM
37
cve
cve

CVE-2021-45990

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function uploadPicture. This vulnerability allows attackers to execute arbitrary commands via the pic_name parameter.

9.8CVSS

10AI Score

0.002EPSS

2022-02-04 02:15 AM
34
cve
cve

CVE-2022-24165

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetQvlanList. This vulnerability allows attackers to execute arbitrary commands via the qvlanIP parameter.

9.8CVSS

10AI Score

0.002EPSS

2022-02-04 02:15 AM
33
cve
cve

CVE-2022-24167

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetDMZ. This vulnerability allows attackers to execute arbitrary commands via the dmzHost1 parameter.

9.8CVSS

10AI Score

0.002EPSS

2022-02-04 02:15 AM
35
cve
cve

CVE-2022-24168

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetIpGroup. This vulnerability allows attackers to execute arbitrary commands via the IPGroupStartIP and IPGroupEndIP parameters.

9.8CVSS

10AI Score

0.002EPSS

2022-02-04 02:15 AM
34
cve
cve

CVE-2022-24170

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetIpSecTunnel. This vulnerability allows attackers to execute arbitrary commands via the IPsecLocalNet and IPsecRemoteNet parameters.

9.8CVSS

10AI Score

0.002EPSS

2022-02-04 02:15 AM
34
cve
cve

CVE-2022-24171

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetPppoeServer. This vulnerability allows attackers to execute arbitrary commands via the pppoeServerIP, pppoeServerStartIP, and pppoeServerEndIP parameters.

9.8CVSS

10AI Score

0.002EPSS

2022-02-04 02:15 AM
32