Ax3 Firmware Security Vulnerabilities and Issues — Ax3 Firmware CVE List

Lucene search

TendaAx3 Firmware

12 matches found

CVE•added 2022/03/10 5:46 p.m.•84 views

CVE-2022-24995

Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter.

9.8CVSS9.5AI score0.00618EPSS

CVE•added 2022/03/04 2:15 p.m.•68 views

CVE-2021-46394

There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v13 variable is directly retrieved from the http request parameter startIp. Then v13 will be splice to stack by function sscanf without any security check, which causes stack ov...

9.8CVSS9.8AI score0.02585EPSS

CVE•added 2022/03/04 1:15 p.m.•65 views

CVE-2021-46393

There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v10 variable is directly retrieved from the http request parameter startIp. Then v10 will be splice to stack by function sscanf without any security check,which causes stack ove...

9.8CVSS9.8AI score0.03509EPSS

CVE•added 2023/03/15 6:15 a.m.•64 views

CVE-2023-27240

Tenda AX3 V16.03.12.11 was discovered to contain a command injection vulnerability via the lanip parameter at /goform/AdvSetLanip.

9.8CVSS9.8AI score0.0268EPSS

CVE•added 2022/02/04 2:15 a.m.•51 views

CVE-2022-24148

Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function mDMZSetCfg. This vulnerability allows attackers to execute arbitrary commands via the dmzIp parameter.

9.8CVSS10AI score0.09429EPSS

CVE•added 2022/02/04 2:15 a.m.•51 views

CVE-2022-24150

Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function formSetSafeWanWebMan. This vulnerability allows attackers to execute arbitrary commands via the remoteIp parameter.

9.8CVSS10AI score0.09429EPSS

CVE•added 2023/03/15 6:15 a.m.•43 views

CVE-2023-27239

Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the shareSpeed parameter at /goform/WifiGuestSet.

9.8CVSS9.7AI score0.00121EPSS

CVE•added 2022/02/04 2:15 a.m.•42 views

CVE-2022-24144

Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function WanParameterSetting. This vulnerability allows attackers to execute arbitrary commands via the gateway, dns1, and dns2 parameters.

9.8CVSS10AI score0.13084EPSS

CVE•added 2023/12/07 6:15 p.m.•38 views

CVE-2023-49409

Tenda AX3 V16.03.12.11 was discovered to contain a Command Execution vulnerability via the function /goform/telnet.

9.8CVSS9.6AI score0.00145EPSS

CVE•added 2023/02/23 11:15 p.m.•35 views

CVE-2023-24212

Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the timeType function at /goform/SetSysTimeCfg.

9.8CVSS9.6AI score0.00121EPSS

CVE•added 2023/12/07 6:15 p.m.•30 views

CVE-2023-49408

Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the function set_device_name.

9.8CVSS9.7AI score0.00121EPSS

CVE•added 2024/01/04 7:15 p.m.•28 views

CVE-2023-51812

Tenda AX3 v16.03.12.11 was discovered to contain a remote code execution (RCE) vulnerability via the list parameter at /goform/SetNetControlList.

9.8CVSS9.8AI score0.01361EPSS