G1 Firmware Security Vulnerabilities and Issues — G1 Firmware CVE List

Lucene search

TendacnG1 Firmware

8 matches found

CVE•added 2022/02/04 2:15 a.m.•54 views

CVE-2022-24170

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetIpSecTunnel. This vulnerability allows attackers to execute arbitrary commands via the IPsecLocalNet and IPsecRemoteNet parameters.

9.8CVSS10AI score0.16002EPSS

CVE•added 2022/02/04 2:15 a.m.•52 views

CVE-2022-24167

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetDMZ. This vulnerability allows attackers to execute arbitrary commands via the dmzHost1 parameter.

9.8CVSS10AI score0.04477EPSS

CVE•added 2022/02/04 2:15 a.m.•48 views

CVE-2021-45987

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetNetCheckTools. This vulnerability allows attackers to execute arbitrary commands via the hostName parameter.

9.8CVSS10AI score0.02149EPSS

CVE•added 2022/02/04 2:15 a.m.•46 views

CVE-2022-24165

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetQvlanList. This vulnerability allows attackers to execute arbitrary commands via the qvlanIP parameter.

9.8CVSS10AI score0.16002EPSS

CVE•added 2022/02/04 2:15 a.m.•46 views

CVE-2022-24168

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetIpGroup. This vulnerability allows attackers to execute arbitrary commands via the IPGroupStartIP and IPGroupEndIP parameters.

9.8CVSS10AI score0.04477EPSS

CVE•added 2022/02/04 2:15 a.m.•44 views

CVE-2021-45986

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetUSBShareInfo. This vulnerability allows attackers to execute arbitrary commands via the usbOrdinaryUserName parameter.

9.8CVSS10AI score0.02149EPSS

CVE•added 2022/02/04 2:15 a.m.•43 views

CVE-2021-45990

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function uploadPicture. This vulnerability allows attackers to execute arbitrary commands via the pic_name parameter.

9.8CVSS10AI score0.02149EPSS

CVE•added 2022/02/04 2:15 a.m.•42 views

CVE-2022-24171

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetPppoeServer. This vulnerability allows attackers to execute arbitrary commands via the pppoeServerIP, pppoeServerStartIP, and pppoeServerEndIP parameters.

9.8CVSS10AI score0.16002EPSS