Ax12 Firmware Security Vulnerabilities and Issues — Ax12 Firmware CVE List

Lucene search

TendaAx12 Firmware

31 matches found

CVE•added 2024/02/20 10:15 p.m.•3680 views

CVE-2023-47422

An access control issue in /usr/sbin/httpd in Tenda TX9 V1 V22.03.02.54, Tenda AX3 V3 V16.03.12.11, Tenda AX9 V1 V22.03.01.46, and Tenda AX12 V1 V22.03.01.46 allows attackers to bypass authentication on any endpoint via a crafted URL.

8.8CVSS6.9AI score0.00017EPSS

CVE•added 2022/05/03 4:15 p.m.•117 views

CVE-2022-28561

There is a stack overflow vulnerability in the /goform/setMacFilterCfg function in the httpd service of Tenda ax12 22.03.01.21_cn router. An attacker can obtain a stable shell through a carefully constructed payload

10CVSS9.5AI score0.0239EPSS

CVE•added 2022/03/10 5:47 p.m.•90 views

CVE-2022-25556

Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_42E328. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.

7.8CVSS7.6AI score0.00328EPSS

CVE•added 2022/03/10 5:47 p.m.•84 views

CVE-2022-25561

Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_42DE00. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.

7.8CVSS7.6AI score0.00328EPSS

CVE•added 2022/03/10 5:47 p.m.•79 views

CVE-2022-25560

Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_4327CC. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.

7.8CVSS7.6AI score0.00328EPSS

CVE•added 2022/03/10 5:44 p.m.•72 views

CVE-2021-46408

Tenda AX12 v22.03.01.21 was discovered to contain a stack buffer overflow in the function sub_422CE4. This vulnerability allows attackers to cause a Denial of Service (DoS) via the strcpy parameter.

7.8CVSS7.6AI score0.00328EPSS

CVE•added 2022/05/04 2:15 p.m.•67 views

CVE-2022-28082

Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the list parameter at /goform/SetNetControlList.

9.8CVSS9.6AI score0.02427EPSS

CVE•added 2022/04/25 4:16 p.m.•63 views

CVE-2022-27375

Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_422168 at /goform/WifiExtraSet.

7.1CVSS6.6AI score0.00101EPSS

CVE•added 2022/02/14 5:15 p.m.•62 views

CVE-2021-45392

A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01.21_CN in the sub_422CE4 function in page /goform/setIPv6Status via the prefixDelegate parameter, which causes a Denial of Service.

7.8CVSS7.5AI score0.03105EPSS

CVE•added 2022/02/16 2:15 p.m.•59 views

CVE-2021-45391

A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01.21_CN in the sub_422CE4 function in the goform/setIPv6Status binary file /usr/sbin/httpd via the conType parameter, which causes a Denial of Service.

7.5CVSS7.5AI score0.01EPSS

CVE•added 2022/04/25 4:16 p.m.•56 views

CVE-2022-27374

Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_42E328 at /goform/SysToolReboot.

7.1CVSS6.6AI score0.00101EPSS

CVE•added 2022/12/12 3:15 p.m.•54 views

CVE-2022-45043

Tenda AX12 V22.03.01.16_cn is vulnerable to command injection via goform/fast_setting_internet_set.

8.8CVSS8.9AI score0.01903EPSS

CVE•added 2022/12/12 3:15 p.m.•53 views

CVE-2022-45979

Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the ssid parameter at /goform/fast_setting_wifi_set .

7.5CVSS7.7AI score0.00084EPSS

CVE•added 2022/05/18 4:15 p.m.•52 views

CVE-2022-28917

Tenda AX12 v22.03.01.21_cn was discovered to contain a stack overflow via the lanIp parameter in /goform/AdvSetLanIp.

7.8CVSS7.7AI score0.00409EPSS

CVE•added 2024/01/10 9:15 a.m.•51 views

CVE-2023-49427

Buffer Overflow vulnerability in Tenda AX12 V22.03.01.46, allows remote attackers to cause a denial of service (DoS) via list parameter in SetNetControlList function.

7.5CVSS7.4AI score0.01061EPSS

CVE•added 2022/02/04 2:15 a.m.•50 views

CVE-2022-24143

Tenda AX3 v16.03.12.10_CN and AX12 22.03.01.2_CN was discovered to contain a stack overflow in the function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS) via the timeZone parameter.

7.8CVSS7.6AI score0.00328EPSS

CVE•added 2025/03/20 4:15 p.m.•50 views

CVE-2025-29214

Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow via the sub_42F69C function at /goform/setMacFilterCfg.

7.5CVSS7.9AI score0.00086EPSS

CVE•added 2025/03/20 6:15 p.m.•50 views

CVE-2025-29215

Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow via the sub_43fdcc function at /goform/SetNetControlList.

6.5CVSS7.9AI score0.00084EPSS

CVE•added 2022/08/25 4:15 p.m.•49 views

CVE-2022-37292

Tenda AX12 V22.03.01.21_CN is vulnerable to Buffer Overflow. This overflow is triggered in the sub_42FDE4 function, which satisfies the request of the upper-level interface function sub_430124, that is, handles the post request under /goform/SetIpMacBind.

5.5CVSS5.6AI score0.00049EPSS

CVE•added 2022/12/12 3:15 p.m.•48 views

CVE-2022-45980

Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via /goform/SysToolRestoreSet .

8.8CVSS8.8AI score0.06293EPSS

CVE•added 2023/01/05 2:15 p.m.•48 views

CVE-2022-45995

There is an unauthorized buffer overflow vulnerability in Tenda AX12 v22.03.01.21 _ cn. This vulnerability can cause the web service not to restart or even execute arbitrary code. It is a different vulnerability from CVE-2022-2414.

9.8CVSS7.9AI score0.91576EPSS

CVE•added 2024/07/16 7:15 p.m.•47 views

CVE-2024-40503

An issue in Tenda AX12 v.16.03.49.18_cn+ allows a remote attacker to cause a denial of service via the Routing functionality and ICMP packet handling.

6.5CVSS7AI score0.0022EPSS

CVE•added 2024/03/14 1:15 p.m.•46 views

CVE-2024-28383

Tenda AX12 v1.0 v22.03.01.16 was discovered to contain a stack overflow via the ssid parameter in the sub_431CF0 function.

9.8CVSS7.7AI score0.00237EPSS

CVE•added 2022/12/12 3:15 p.m.•42 views

CVE-2022-45977

Tenda AX12 V22.03.01.21_CN was found to have a command injection vulnerability via /goform/setMacFilterCfg function.

8.8CVSS8.8AI score0.02066EPSS

CVE•added 2023/12/07 2:15 p.m.•35 views

CVE-2023-49424

Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg.

9.8CVSS9.6AI score0.00369EPSS

CVE•added 2023/12/07 3:15 p.m.•35 views

CVE-2023-49428

Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac' parameter at /goform/SetOnlineDevName.

9.8CVSS9.7AI score0.02562EPSS

CVE•added 2024/07/19 3:15 p.m.•35 views

CVE-2024-39963

AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX9 V22.03.01.46 and AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX12 V1.0 V22.03.01.46 were discovered to contain an authenticated remote command execution (RCE) vulnerability via the macFilterType parameter at /goform/setMacFilterCfg.

8CVSS7.6AI score0.00329EPSS

CVE•added 2024/07/10 4:15 p.m.•35 views

CVE-2024-40412

Tenda AX12 v1.0 v22.03.01.46 contains a stack overflow in the deviceList parameter of the sub_42E410 function.

6.8CVSS7AI score0.0007EPSS

CVE•added 2023/12/07 3:15 p.m.•34 views

CVE-2023-49426

Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetStaticRouteCfg.

9.8CVSS9.6AI score0.00127EPSS

CVE•added 2023/12/07 3:15 p.m.•31 views

CVE-2023-49425

Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg .

9.8CVSS9.6AI score0.00127EPSS

CVE•added 2023/12/07 3:15 p.m.•28 views

CVE-2023-49437

Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList.

9.8CVSS9.7AI score0.01975EPSS