G3 Firmware Security Vulnerabilities and Issues — G3 Firmware CVE List

Lucene search

TendacnG3 Firmware

10 matches found

CVE•added 2022/02/04 2:15 a.m.•54 views

CVE-2022-24170

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetIpSecTunnel. This vulnerability allows attackers to execute arbitrary commands via the IPsecLocalNet and IPsecRemoteNet parameters.

9.8CVSS10AI score0.16002EPSS

CVE•added 2022/02/04 2:15 a.m.•52 views

CVE-2022-24167

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetDMZ. This vulnerability allows attackers to execute arbitrary commands via the dmzHost1 parameter.

9.8CVSS10AI score0.04477EPSS

CVE•added 2022/02/04 2:15 a.m.•48 views

CVE-2021-45987

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetNetCheckTools. This vulnerability allows attackers to execute arbitrary commands via the hostName parameter.

9.8CVSS10AI score0.02149EPSS

CVE•added 2022/02/04 2:15 a.m.•46 views

CVE-2022-24165

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetQvlanList. This vulnerability allows attackers to execute arbitrary commands via the qvlanIP parameter.

9.8CVSS10AI score0.16002EPSS

CVE•added 2022/02/04 2:15 a.m.•46 views

CVE-2022-24168

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetIpGroup. This vulnerability allows attackers to execute arbitrary commands via the IPGroupStartIP and IPGroupEndIP parameters.

9.8CVSS10AI score0.04477EPSS

CVE•added 2022/02/04 2:15 a.m.•44 views

CVE-2021-45986

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetUSBShareInfo. This vulnerability allows attackers to execute arbitrary commands via the usbOrdinaryUserName parameter.

9.8CVSS10AI score0.02149EPSS

CVE•added 2024/08/27 11:15 p.m.•44 views

CVE-2024-8224

A vulnerability, which was classified as critical, has been found in Tenda G3 15.11.0.20. This issue affects the function formSetDebugCfg of the file /goform/setDebugCfg. The manipulation of the argument enable/level/module leads to stack-based buffer overflow. The attack may be initiated remotely....

9.8CVSS8.8AI score0.00435EPSS

CVE•added 2022/02/04 2:15 a.m.•43 views

CVE-2021-45990

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function uploadPicture. This vulnerability allows attackers to execute arbitrary commands via the pic_name parameter.

9.8CVSS10AI score0.02149EPSS

CVE•added 2022/02/04 2:15 a.m.•42 views

CVE-2022-24171

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetPppoeServer. This vulnerability allows attackers to execute arbitrary commands via the pppoeServerIP, pppoeServerStartIP, and pppoeServerEndIP parameters.

9.8CVSS10AI score0.16002EPSS

CVE•added 2024/09/26 8:15 p.m.•42 views

CVE-2024-46628

Tenda G3 Router firmware v15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function.

9.8CVSS8.1AI score0.0789EPSS