CVE-2022-28557

There is a command injection vulnerability at the /goform/setsambacfg interface of Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin device web, which can also cooperate with CVE-2021-44971 to cause unconditional arbitrary command execution

CVE-2022-28556

Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin is vulnerable to Buffer Overflow. The stack overflow vulnerability lies in the /goform/setpptpservercfg interface of the web. The sent post data startip and endip are copied to the stack using the sanf function, resulting in stack overflow. Simi...

CVE-2021-44971

Multiple Tenda devices are affected by authentication bypass, such as AC15V1.0 Firmware V15.03.05.20_multi?AC5V1.0 Firmware V15.03.06.48_multi and so on. an attacker can obtain sensitive information, and even combine it with authenticated command injection to implement RCE.

CVE-2022-44169

Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function formSetVirtualSer.

CVE-2022-44156

Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetIpMacBind.

CVE-2022-37175

Tenda ac15 firmware V15.03.05.18 httpd server has stack buffer overflow in /goform/formWifiBasicSet.

CVE-2022-43259

Tenda AC15 V15.03.05.18 was discovered to contain a stack overflow via the timeZone parameter in the form_fast_setting_wifi_set function.

CVE-2022-44168

Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function fromSetRouteStatic..

CVE-2022-44167

Tenda AC15 V15.03.05.18 is avulnerable to Buffer Overflow via function formSetPPTPServer.

CVE-2022-40851

Tenda AC15 V15.03.05.19 contained a stack overflow via the function fromAddressNat.