Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-24095

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-23 Jan, 2023 | 00:00
Updated At-02 Aug, 2024 | 10:49
Rejected At-
Credits

TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formSystemCheck. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:23 Jan, 2023 | 00:00
Updated At:02 Aug, 2024 | 10:49
Rejected At:
▼CVE Numbering Authority (CNA)

TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formSystemCheck. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/chunklhit/cve/blob/master/TRENDNet/TEW-820AP/05/README.md
N/A
Hyperlink: https://github.com/chunklhit/cve/blob/master/TRENDNet/TEW-820AP/05/README.md
Resource: N/A
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/chunklhit/cve/blob/master/TRENDNet/TEW-820AP/05/README.md
x_transferred
Hyperlink: https://github.com/chunklhit/cve/blob/master/TRENDNet/TEW-820AP/05/README.md
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:23 Jan, 2023 | 15:15
Updated At:02 Aug, 2024 | 11:16

TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formSystemCheck. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
TRENDnet, Inc.
trendnet
>>tew-820ap_firmware>>1.01.b01
cpe:2.3:o:trendnet:tew-820ap_firmware:1.01.b01:*:*:*:*:*:*:*
TRENDnet, Inc.
trendnet
>>tew-820ap>>1.0r
cpe:2.3:h:trendnet:tew-820ap:1.0r:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/chunklhit/cve/blob/master/TRENDNet/TEW-820AP/05/README.mdcve@mitre.org
Exploit
Third Party Advisory
Hyperlink: https://github.com/chunklhit/cve/blob/master/TRENDNet/TEW-820AP/05/README.md
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

420Records found
CVE-2022-46588
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 31.76%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 00:00
Updated-11 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the sys_service parameter in the setup_wizard_mydlink (sub_4104B8) function.

Action-Not Available
Vendor-n/aTRENDnet, Inc.
Product-tew-755ap_firmwaretew-755apn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-46599
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 31.76%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 00:00
Updated-11 Apr, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the setlogo_num parameter in the icp_setlogo_img (sub_41DBF4) function.

Action-Not Available
Vendor-n/aTRENDnet, Inc.
Product-tew-755ap_firmwaretew-755apn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-46592
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 31.76%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 00:00
Updated-11 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the wps_sta_enrollee_pin parameter in the set_sta_enrollee_pin_5g function.

Action-Not Available
Vendor-n/aTRENDnet, Inc.
Product-tew-755ap_firmwaretew-755apn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-47897
Matching Score-4
Assigner-Imagination Technologies
ShareView Details
Matching Score-4
Assigner-Imagination Technologies
CVSS Score-8.8||HIGH
EPSS-0.12% / 32.25%
||
7 Day CHG~0.00%
Published-13 Jan, 2025 | 10:28
Updated-13 Jan, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GPU DDK - PVRSRVRGXGetEnabledHWPerfBlocksKM off-by-one OOB write

Software installed and run as a non-privileged user may conduct improper GPU system calls resulting in platform instability and reboots.

Action-Not Available
Vendor-Imagination Technologies Limited
Product-Graphics DDK
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4493
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.28% / 51.18%
||
7 Day CHG~0.00%
Published-05 May, 2024 | 03:00
Updated-27 Jan, 2025 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda i21 formSetAutoPing stack-based overflow

A vulnerability, which was classified as critical, was found in Tenda i21 1.0.0.14(4656). Affected is the function formSetAutoPing. The manipulation of the argument ping1/ping2 leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263082 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-i21i21_firmwarei21i21_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4496
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.30% / 53.08%
||
7 Day CHG~0.00%
Published-05 May, 2024 | 06:00
Updated-27 Jan, 2025 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda i21 formWifiMacFilterSet stack-based overflow

A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been classified as critical. This affects the function formWifiMacFilterSet. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263085 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-i21i21_firmwarei21
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4495
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.31% / 53.73%
||
7 Day CHG~0.00%
Published-05 May, 2024 | 05:31
Updated-27 Jan, 2025 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda i21 formWifiMacFilterGet stack-based overflow

A vulnerability was found in Tenda i21 1.0.0.14(4656) and classified as critical. Affected by this issue is the function formWifiMacFilterGet. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263084. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-i21i21_firmwarei21i21
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-12820
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.59% / 68.10%
||
7 Day CHG+0.05%
Published-19 Dec, 2024 | 10:57
Updated-21 Jan, 2025 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Under non-default configuration, a stack-based buffer overflow in FortiOS version 6.0.10 and below, version 5.6.12 and below may allow a remote attacker authenticated to the SSL VPN to crash the FortiClient NAC daemon (fcnacd) and potentially execute arbitrary code via requesting a large FortiClient file name. We are not aware of proof of concept code successfully achieving the latter.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiosFortiOS
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4492
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.28% / 50.74%
||
7 Day CHG~0.00%
Published-05 May, 2024 | 00:31
Updated-27 Jan, 2025 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda i21 setStaOffline formOfflineSet stack-based overflow

A vulnerability, which was classified as critical, has been found in Tenda i21 1.0.0.14(4656). This issue affects the function formOfflineSet of the file /goform/setStaOffline. The manipulation of the argument GO/ssidIndex leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263081 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-i21i21_firmwarei21
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4291
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.26% / 48.88%
||
7 Day CHG~0.00%
Published-27 Apr, 2024 | 20:00
Updated-27 Aug, 2025 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda A301 setBlackRule formAddMacfilterRule stack-based overflow

A vulnerability was found in Tenda A301 15.13.08.12_multi_TDE01. It has been rated as critical. This issue affects the function formAddMacfilterRule of the file /goform/setBlackRule. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-262223. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-a301a301_firmwareA301ac15
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-11100
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.30% / 84.09%
||
7 Day CHG~0.00%
Published-02 Apr, 2020 | 14:23
Updated-04 Aug, 2024 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.

Action-Not Available
Vendor-haproxyn/aDebian GNU/LinuxRed Hat, Inc.Canonical Ltd.openSUSEFedora Project
Product-ubuntu_linuxdebian_linuxopenshift_container_platformfedorahaproxyleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-10607
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.8||HIGH
EPSS-0.79% / 72.97%
||
7 Day CHG~0.00%
Published-27 Mar, 2020 | 13:27
Updated-04 Aug, 2024 | 11:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.

Action-Not Available
Vendor-n/aAdvantech (Advantech Co., Ltd.)
Product-webaccessAdvantech WebAccess
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-10273
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.30% / 84.09%
||
7 Day CHG~0.00%
Published-26 Mar, 2017 | 05:47
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack buffer overflow vulnerabilities in Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to execute arbitrary code or crash the web service via the (1) ateFunc, (2) ateGain, (3) ateTxCount, (4) ateChan, (5) ateRate, (6) ateMacID, (7) e2pTxPower1, (8) e2pTxPower2, (9) e2pTxPower3, (10) e2pTxPower4, (11) e2pTxPower5, (12) e2pTxPower6, (13) e2pTxPower7, (14) e2pTx2Power1, (15) e2pTx2Power2, (16) e2pTx2Power3, (17) e2pTx2Power4, (18) e2pTx2Power5, (19) e2pTx2Power6, (20) e2pTx2Power7, (21) ateTxFreqOffset, (22) ateMode, (23) ateBW, (24) ateAntenna, (25) e2pTxFreqOffset, (26) e2pTxPwDeltaB, (27) e2pTxPwDeltaG, (28) e2pTxPwDeltaMix, (29) e2pTxPwDeltaN, and (30) readE2P parameters of the /goform/formWlanMP endpoint.

Action-Not Available
Vendor-jensenofscandinavian/a
Product-air\n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-10214
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.00% / 82.90%
||
7 Day CHG~0.00%
Published-07 Mar, 2020 | 00:30
Updated-04 Aug, 2024 | 10:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is a stack-based buffer overflow in the httpd binary. It allows an authenticated user to execute arbitrary code via a POST to ntp_sync.cgi with a sufficiently long parameter ntp_server.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-825_firmwaredir-825n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4241
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.43% / 61.78%
||
7 Day CHG~0.00%
Published-26 Apr, 2024 | 21:00
Updated-27 Jan, 2025 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda W9 formQosManageDouble_auto stack-based overflow

A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been declared as critical. This vulnerability affects the function formQosManageDouble_auto. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack can be initiated remotely. The identifier of this vulnerability is VDB-262132. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-w9w9_firmwareW9w9
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4242
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.52% / 65.95%
||
7 Day CHG~0.00%
Published-26 Apr, 2024 | 21:00
Updated-27 Jan, 2025 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda W9 wifiSSIDget formwrlSSIDget stack-based overflow

A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been rated as critical. This issue affects the function formwrlSSIDget of the file /goform/wifiSSIDget. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262133 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-w9w9_firmwareW9
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4246
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.16% / 37.78%
||
7 Day CHG~0.00%
Published-27 Apr, 2024 | 08:31
Updated-27 Jan, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda i21 formQosManageDouble_auto stack-based overflow

A vulnerability, which was classified as critical, was found in Tenda i21 1.0.0.14(4656). This affects the function formQosManageDouble_auto. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The identifier VDB-262137 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-i21i21_firmwarei21i21
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4251
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.21% / 44.08%
||
7 Day CHG~0.00%
Published-27 Apr, 2024 | 13:00
Updated-27 Jan, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda i21 DhcpSetSe fromDhcpSetSer stack-based overflow

A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been rated as critical. Affected by this issue is the function fromDhcpSetSer of the file /goform/DhcpSetSe. The manipulation of the argument dhcpStartIp/dhcpEndIp/dhcpGw/dhcpMask/dhcpLeaseTime/dhcpDns1/dhcpDns2 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-262142 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-i21i21_firmwarei21i21_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4252
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.28% / 51.18%
||
7 Day CHG~0.00%
Published-27 Apr, 2024 | 13:31
Updated-27 Jan, 2025 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda i22 formSetUrlFilterRule stack-based overflow

A vulnerability classified as critical has been found in Tenda i22 1.0.0.3(4687). This affects the function formSetUrlFilterRule. The manipulation of the argument groupIndex leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-262143. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-i22i22_firmwarei22i22_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4248
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.18% / 39.61%
||
7 Day CHG~0.00%
Published-27 Apr, 2024 | 10:31
Updated-27 Jan, 2025 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda i21 formQosManage_user stack-based overflow

A vulnerability was found in Tenda i21 1.0.0.14(4656) and classified as critical. This issue affects the function formQosManage_user. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-262139. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-i21i21_firmwarei21i21_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4237
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.39% / 59.05%
||
7 Day CHG~0.00%
Published-26 Apr, 2024 | 19:00
Updated-27 Jan, 2025 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AX1806 execCommand R7WebsSecurityHandler stack-based overflow

A vulnerability, which was classified as critical, was found in Tenda AX1806 1.0.0.1. Affected is the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-262128. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ax1806_firmwareax1806AX1806ax1806_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4247
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.28% / 51.18%
||
7 Day CHG~0.00%
Published-27 Apr, 2024 | 09:31
Updated-27 Jan, 2025 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda i21 formQosManage_auto stack-based overflow

A vulnerability has been found in Tenda i21 1.0.0.14(4656) and classified as critical. This vulnerability affects the function formQosManage_auto. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack can be initiated remotely. VDB-262138 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-i21i21_firmwarei21i21
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4167
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.62% / 69.22%
||
7 Day CHG~0.00%
Published-25 Apr, 2024 | 12:00
Updated-21 Jan, 2025 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda 4G300 sub_422AA4 stack-based overflow

A vulnerability was found in Tenda 4G300 1.01.42 and classified as critical. Affected by this issue is the function sub_422AA4. The manipulation of the argument year/month/day/hour/minute/second leads to stack-based buffer overflow. The attack may be launched remotely. VDB-261986 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-4g300_firmware4g3004G3004g300
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4238
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.41% / 60.50%
||
7 Day CHG~0.00%
Published-26 Apr, 2024 | 20:00
Updated-27 Jan, 2025 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AX1806 SetOnlineDevName formSetDeviceName stack-based overflow

A vulnerability has been found in Tenda AX1806 1.0.0.1 and classified as critical. Affected by this vulnerability is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262129 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ax1806_firmwareax1806AX1806
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4250
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.18% / 39.61%
||
7 Day CHG~0.00%
Published-27 Apr, 2024 | 12:00
Updated-27 Jan, 2025 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda i21 wifiSSIDset formwrlSSIDset stack-based overflow

A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been declared as critical. Affected by this vulnerability is the function formwrlSSIDset of the file /goform/wifiSSIDset. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262141 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-i21i21_firmwarei21i21
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4168
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.62% / 69.22%
||
7 Day CHG~0.00%
Published-25 Apr, 2024 | 12:00
Updated-21 Jan, 2025 | 14:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda 4G300 sub_4260F0 stack-based overflow

A vulnerability was found in Tenda 4G300 1.01.42. It has been classified as critical. This affects the function sub_4260F0. The manipulation of the argument upfilen leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-261987. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-4g300_firmware4g3004G3004g300
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4245
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.10% / 28.24%
||
7 Day CHG~0.00%
Published-27 Apr, 2024 | 07:31
Updated-27 Jan, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda i21 formQosManageDouble_user stack-based overflow

A vulnerability, which was classified as critical, has been found in Tenda i21 1.0.0.14(4656). Affected by this issue is the function formQosManageDouble_user. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack may be launched remotely. The identifier of this vulnerability is VDB-262136. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-i21i21_firmwarei21
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4064
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.61% / 68.73%
||
7 Day CHG~0.00%
Published-23 Apr, 2024 | 20:00
Updated-21 Jan, 2025 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC8 execCommand R7WebsSecurityHandler stack-based overflow

A vulnerability was found in Tenda AC8 16.03.34.09. It has been declared as critical. This vulnerability affects the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-261790 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac8ac8_firmwareAC8ac8_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4243
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.52% / 65.95%
||
7 Day CHG~0.00%
Published-26 Apr, 2024 | 21:31
Updated-27 Jan, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda W9 wifiSSIDset formwrlSSIDset stack-based overflow

A vulnerability classified as critical has been found in Tenda W9 1.0.0.7(4456). Affected is the function formwrlSSIDset of the file /goform/wifiSSIDset. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-262134 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-w9w9_firmwareW9
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4170
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.61% / 68.91%
||
7 Day CHG~0.00%
Published-25 Apr, 2024 | 13:00
Updated-21 Jan, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda 4G300 sub_429A30 stack-based overflow

A vulnerability was found in Tenda 4G300 1.01.42. It has been rated as critical. This issue affects the function sub_429A30. The manipulation of the argument list1 leads to stack-based buffer overflow. The attack may be initiated remotely. The identifier VDB-261989 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-4g300_firmware4g3004G3004g300_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4239
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.37% / 58.14%
||
7 Day CHG~0.00%
Published-26 Apr, 2024 | 20:31
Updated-27 Jan, 2025 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AX1806 SetRebootTimer formSetRebootTimer stack-based overflow

A vulnerability was found in Tenda AX1806 1.0.0.1 and classified as critical. Affected by this issue is the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-262130 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ax1806_firmwareax1806AX1806ax1806_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4244
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.43% / 61.78%
||
7 Day CHG~0.00%
Published-26 Apr, 2024 | 21:31
Updated-27 Jan, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda W9 DhcpSetSer fromDhcpSetSer stack-based overflow

A vulnerability classified as critical was found in Tenda W9 1.0.0.7(4456). Affected by this vulnerability is the function fromDhcpSetSer of the file /goform/DhcpSetSer. The manipulation of the argument dhcpStartIp/dhcpEndIp/dhcpGw/dhcpMask/dhcpLeaseTime/dhcpDns1/dhcpDns2 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-262135. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-w9w9_firmwareW9
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4169
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.59% / 68.29%
||
7 Day CHG~0.00%
Published-25 Apr, 2024 | 12:31
Updated-21 Jan, 2025 | 14:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda 4G300 sub_4279CC stack-based overflow

A vulnerability was found in Tenda 4G300 1.01.42. It has been declared as critical. This vulnerability affects the function sub_42775C/sub_4279CC. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The identifier of this vulnerability is VDB-261988. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-4g300_firmware4g3004G3004g300
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4166
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.75% / 72.24%
||
7 Day CHG~0.00%
Published-25 Apr, 2024 | 11:31
Updated-21 Jan, 2025 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda 4G300 sub_41E858 stack-based overflow

A vulnerability has been found in Tenda 4G300 1.01.42 and classified as critical. Affected by this vulnerability is the function sub_41E858. The manipulation of the argument GO/page leads to stack-based buffer overflow. The attack can be launched remotely. The identifier VDB-261985 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-4g300_firmware4g3004G3004g300_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4121
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.17% / 37.98%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 18:00
Updated-15 Jan, 2025 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda W15E formQOSRuleDel stack-based overflow

A vulnerability classified as critical has been found in Tenda W15E 15.11.0.14. Affected is the function formQOSRuleDel. The manipulation of the argument qosIndex leads to stack-based buffer overflow. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-261864. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-w15e_firmwarew15eW15Ew15e_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4112
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.34% / 56.13%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 14:31
Updated-27 Jan, 2025 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda TX9 SetVirtualServerCfg sub_42CB94 stack-based overflow

A vulnerability classified as critical has been found in Tenda TX9 22.03.02.10. This affects the function sub_42CB94 of the file /goform/SetVirtualServerCfg. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261855. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-tx9_pro_firmwaretx9_proTX9tx9_pro_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4123
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.10% / 28.35%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 18:31
Updated-15 Jan, 2025 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda W15E SetPortMapping formSetPortMapping stack-based overflow

A vulnerability, which was classified as critical, has been found in Tenda W15E 15.11.0.14. Affected by this issue is the function formSetPortMapping of the file /goform/SetPortMapping. The manipulation of the argument portMappingServer/portMappingProtocol/portMappingWan/porMappingtInternal/portMappingExternal leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-261866 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-w15e_firmwarew15eW15E
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4113
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.24% / 47.37%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 15:00
Updated-27 Jan, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda TX9 SetSysTimeCfg sub_42D4DC stack-based overflow

A vulnerability classified as critical was found in Tenda TX9 22.03.02.10. This vulnerability affects the function sub_42D4DC of the file /goform/SetSysTimeCfg. The manipulation of the argument time leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261856. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-tx9_pro_firmwaretx9_proTX9tx9_pro_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4116
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.23% / 45.53%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 16:00
Updated-15 Jan, 2025 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda W15E DelDhcpRule formDelDhcpRule stack-based overflow

A vulnerability has been found in Tenda W15E 15.11.0.14 and classified as critical. Affected by this vulnerability is the function formDelDhcpRule of the file /goform/DelDhcpRule. The manipulation of the argument delDhcpIndex leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261859. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-w15e_firmwarew15eW15Ew15e
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4120
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.17% / 37.98%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 17:31
Updated-15 Jan, 2025 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda W15E modifyIpMacBind formIPMacBindModify stack-based overflow

A vulnerability was found in Tenda W15E 15.11.0.14. It has been rated as critical. This issue affects the function formIPMacBindModify of the file /goform/modifyIpMacBind. The manipulation of the argument IPMacBindRuleId/IPMacBindRuleIp/IPMacBindRuleMac/IPMacBindRuleRemark leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261863. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-w15e_firmwarew15eW15Ew15e
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4124
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.12% / 31.31%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 18:31
Updated-15 Jan, 2025 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda W15E SetRemoteWebManage formSetRemoteWebManage stack-based overflow

A vulnerability, which was classified as critical, was found in Tenda W15E 15.11.0.14. This affects the function formSetRemoteWebManage of the file /goform/SetRemoteWebManage. The manipulation of the argument remoteIP leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261867. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-w15e_firmwarew15eW15Ew15e
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4119
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.18% / 39.78%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 17:00
Updated-15 Jan, 2025 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda W15E delIpMacBind formIPMacBindDel stack-based overflow

A vulnerability was found in Tenda W15E 15.11.0.14. It has been declared as critical. This vulnerability affects the function formIPMacBindDel of the file /goform/delIpMacBind. The manipulation of the argument IPMacBindIndex leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-261862 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-w15e_firmwarew15eW15Ew15e
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4066
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.64% / 69.70%
||
7 Day CHG~0.00%
Published-23 Apr, 2024 | 21:00
Updated-21 Jan, 2025 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC8 AdvSetMacMtuWan fromAdvSetMacMtuWan stack-based overflow

A vulnerability classified as critical has been found in Tenda AC8 16.03.34.09. Affected is the function fromAdvSetMacMtuWan of the file /goform/AdvSetMacMtuWan. The manipulation of the argument wanMTU/wanSpeed/cloneType/mac/serviceName/serverName leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261792. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac8ac8_firmwareAC8ac8_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4126
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.57% / 67.56%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 19:31
Updated-15 Jan, 2025 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda W15E SetSysTimeCfg formSetSysTime stack-based overflow

A vulnerability was found in Tenda W15E 15.11.0.14 and classified as critical. This issue affects the function formSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument manualTime leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261869 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-w15e_firmwarew15eW15Ew15e_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4114
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.19% / 40.69%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 15:00
Updated-27 Jan, 2025 | 16:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda TX9 PowerSaveSet sub_42C014 stack-based overflow

A vulnerability, which was classified as critical, has been found in Tenda TX9 22.03.02.10. This issue affects the function sub_42C014 of the file /goform/PowerSaveSet. The manipulation of the argument time leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261857 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-tx9_pro_firmwaretx9_proTX9tx9_pro_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4065
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.77% / 72.50%
||
7 Day CHG~0.00%
Published-23 Apr, 2024 | 20:00
Updated-21 Jan, 2025 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC8 SetRebootTimer formSetRebootTimer stack-based overflow

A vulnerability was found in Tenda AC8 16.03.34.09. It has been rated as critical. This issue affects the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261791. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac8ac8_firmwareAC8ac8
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4111
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.34% / 56.13%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 14:00
Updated-27 Jan, 2025 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda TX9 SetLEDCfg sub_42BD7C stack-based overflow

A vulnerability was found in Tenda TX9 22.03.02.10. It has been rated as critical. Affected by this issue is the function sub_42BD7C of the file /goform/SetLEDCfg. The manipulation of the argument time leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-261854 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-tx9_pro_firmwaretx9_proTX9
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-2985
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-1.01% / 76.19%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 16:31
Updated-14 Jan, 2025 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda FH1202 QuickIndex formQuickIndex stack-based overflow

A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been declared as critical. This vulnerability affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258154 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-fh1202_firmwarefh1202FH1202fh1202
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4118
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.10% / 28.35%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 16:31
Updated-15 Jan, 2025 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda W15E addIpMacBind formIPMacBindAdd stack-based overflow

A vulnerability was found in Tenda W15E 15.11.0.14. It has been classified as critical. This affects the function formIPMacBindAdd of the file /goform/addIpMacBind. The manipulation of the argument IPMacBindRule leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261861 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-w15e_firmwarew15eW15Ew15e_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-41459
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.28% / 51.39%
||
7 Day CHG~0.00%
Published-24 Jul, 2024 | 00:00
Updated-02 Aug, 2024 | 04:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the PPPOEPassword parameter at ip/goform/QuickIndex.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-fh1201_firmwarefh1201n/afh1201_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 8
  • 9
  • Next
Details not found