Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-24098

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-23 Jan, 2023 | 00:00
Updated At-02 Apr, 2025 | 15:55
Rejected At-
Credits

TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formSysLog. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:23 Jan, 2023 | 00:00
Updated At:02 Apr, 2025 | 15:55
Rejected At:
▼CVE Numbering Authority (CNA)

TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formSysLog. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/chunklhit/cve/blob/master/TRENDNet/TEW-820AP/04/README.md
N/A
Hyperlink: https://github.com/chunklhit/cve/blob/master/TRENDNet/TEW-820AP/04/README.md
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/chunklhit/cve/blob/master/TRENDNet/TEW-820AP/04/README.md
x_transferred
Hyperlink: https://github.com/chunklhit/cve/blob/master/TRENDNet/TEW-820AP/04/README.md
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-787CWE-787 Out-of-bounds Write
Type: CWE
CWE ID: CWE-787
Description: CWE-787 Out-of-bounds Write
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:23 Jan, 2023 | 15:15
Updated At:02 Apr, 2025 | 16:15

TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formSysLog. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
TRENDnet, Inc.
trendnet
>>tew-820ap_firmware>>1.01.b01
cpe:2.3:o:trendnet:tew-820ap_firmware:1.01.b01:*:*:*:*:*:*:*
TRENDnet, Inc.
trendnet
>>tew-820ap>>1.0r
cpe:2.3:h:trendnet:tew-820ap:1.0r:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE-787Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-787
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/chunklhit/cve/blob/master/TRENDNet/TEW-820AP/04/README.mdcve@mitre.org
Exploit
Third Party Advisory
https://github.com/chunklhit/cve/blob/master/TRENDNet/TEW-820AP/04/README.mdaf854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
Hyperlink: https://github.com/chunklhit/cve/blob/master/TRENDNet/TEW-820AP/04/README.md
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://github.com/chunklhit/cve/blob/master/TRENDNet/TEW-820AP/04/README.md
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

443Records found
CVE-2024-7581
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.61% / 69.38%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 15:00
Updated-07 Aug, 2024 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda A301 WifiBasicSet formWifiBasicSet stack-based overflow

A vulnerability classified as critical has been found in Tenda A301 15.13.08.12. This affects the function formWifiBasicSet of the file /goform/WifiBasicSet. The manipulation of the argument security leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-a301_firmwarea301A301a301_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-8229
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.69% / 71.47%
||
7 Day CHG~0.00%
Published-28 Aug, 2024 | 00:31
Updated-29 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda O6 operateMacFilter frommacFilterModify stack-based overflow

A vulnerability was found in Tenda O6 1.0.0.7(2054). It has been declared as critical. This vulnerability affects the function frommacFilterModify of the file /goform/operateMacFilter. The manipulation of the argument mac leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-o6_firmwareo6O6o6_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4251
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.24% / 47.19%
||
7 Day CHG~0.00%
Published-27 Apr, 2024 | 13:00
Updated-27 Jan, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda i21 DhcpSetSe fromDhcpSetSer stack-based overflow

A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been rated as critical. Affected by this issue is the function fromDhcpSetSer of the file /goform/DhcpSetSe. The manipulation of the argument dhcpStartIp/dhcpEndIp/dhcpGw/dhcpMask/dhcpLeaseTime/dhcpDns1/dhcpDns2 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-262142 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-i21i21_firmwarei21i21_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4246
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.22% / 44.60%
||
7 Day CHG~0.00%
Published-27 Apr, 2024 | 08:31
Updated-27 Jan, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda i21 formQosManageDouble_auto stack-based overflow

A vulnerability, which was classified as critical, was found in Tenda i21 1.0.0.14(4656). This affects the function formQosManageDouble_auto. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The identifier VDB-262137 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-i21i21_firmwarei21i21
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-7881
Matching Score-4
Assigner-KrCERT/CC
ShareView Details
Matching Score-4
Assigner-KrCERT/CC
CVSS Score-7.5||HIGH
EPSS-1.50% / 80.90%
||
7 Day CHG~0.00%
Published-26 Nov, 2021 | 16:29
Updated-04 Aug, 2024 | 09:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AfreecaTV streamer service stack-based buffer overflow

The vulnerability function is enabled when the streamer service related to the AfreecaTV communicated through web socket using 21201 port. A stack-based buffer overflow leading to remote code execution was discovered in strcpy() operate by "FanTicket" field. It is because of stored data without validation of length.

Action-Not Available
Vendor-afreecatvAfreecaTVMicrosoft Corporation
Product-windowsafreecatvafreecatvstreamer.exe
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-7909
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.42% / 61.60%
||
7 Day CHG~0.00%
Published-18 Aug, 2024 | 18:00
Updated-21 Aug, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK EX1200L cstecgi.cgi setLanguageCfg stack-based overflow

A vulnerability has been found in TOTOLINK EX1200L 9.3.5u.6146_B20201023 and classified as critical. Affected by this vulnerability is the function setLanguageCfg of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-TOTOLINK
Product-ex1200l_firmwareex1200lEX1200Lex1200l_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-8442
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.77% / 73.13%
||
7 Day CHG~0.00%
Published-30 Jan, 2020 | 00:34
Updated-04 Aug, 2024 | 09:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a heap-based buffer overflow in the rootcheck decoder component via an authenticated client.

Action-Not Available
Vendor-ossecn/a
Product-ossecn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4250
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.15% / 35.19%
||
7 Day CHG~0.00%
Published-27 Apr, 2024 | 12:00
Updated-27 Jan, 2025 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda i21 wifiSSIDset formwrlSSIDset stack-based overflow

A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been declared as critical. Affected by this vulnerability is the function formwrlSSIDset of the file /goform/wifiSSIDset. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262141 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-i21i21_firmwarei21i21
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-7583
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.61% / 69.38%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 16:00
Updated-08 Aug, 2024 | 20:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda i22 apPortalOneKeyAuth formApPortalOneKeyAuth buffer overflow

A vulnerability, which was classified as critical, has been found in Tenda i22 1.0.0.3(4687). This issue affects the function formApPortalOneKeyAuth of the file /goform/apPortalOneKeyAuth. The manipulation of the argument data leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-i22i22_firmwarei22i22_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4237
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.58% / 68.39%
||
7 Day CHG~0.00%
Published-26 Apr, 2024 | 19:00
Updated-27 Jan, 2025 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AX1806 execCommand R7WebsSecurityHandler stack-based overflow

A vulnerability, which was classified as critical, was found in Tenda AX1806 1.0.0.1. Affected is the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-262128. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ax1806_firmwareax1806AX1806ax1806_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-6962
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.25% / 47.71%
||
7 Day CHG~0.00%
Published-21 Jul, 2024 | 23:31
Updated-01 Aug, 2024 | 21:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda O3 formQosSet stack-based overflow

A vulnerability classified as critical was found in Tenda O3 1.0.0.10. This vulnerability affects the function formQosSet. The manipulation of the argument remark/ipRange/upSpeed/downSpeed/enable leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272116. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-o3o3_firmware1.0.0.10\(2478\)O3o3v2
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-7151
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.27% / 50.46%
||
7 Day CHG~0.00%
Published-27 Jul, 2024 | 20:00
Updated-01 Oct, 2024 | 20:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda O3 setMacFilter fromMacFilterSet stack-based overflow

A vulnerability was found in Tenda O3 1.0.0.10(2478). It has been declared as critical. This vulnerability affects the function fromMacFilterSet of the file /goform/setMacFilter. The manipulation of the argument remark leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-272554 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-o3_firmwareo3O3o3v2_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4122
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.22% / 44.85%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 18:00
Updated-15 Jan, 2025 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda W15E setDebugCfg formSetDebugCfg stack-based overflow

A vulnerability classified as critical was found in Tenda W15E 15.11.0.14. Affected by this vulnerability is the function formSetDebugCfg of the file /goform/setDebugCfg. The manipulation of the argument enable/level/module leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261865 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-w15e_firmwarew15eW15Ew15e
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4118
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.14% / 33.55%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 16:31
Updated-15 Jan, 2025 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda W15E addIpMacBind formIPMacBindAdd stack-based overflow

A vulnerability was found in Tenda W15E 15.11.0.14. It has been classified as critical. This affects the function formIPMacBindAdd of the file /goform/addIpMacBind. The manipulation of the argument IPMacBindRule leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261861 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-w15e_firmwarew15eW15Ew15e_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4117
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.26% / 49.14%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 16:00
Updated-15 Jan, 2025 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda W15E DelPortMapping formDelPortMapping stack-based overflow

A vulnerability was found in Tenda W15E 15.11.0.14 and classified as critical. Affected by this issue is the function formDelPortMapping of the file /goform/DelPortMapping. The manipulation of the argument portMappingIndex leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261860. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-w15e_firmwarew15eW15E
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4113
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.32% / 54.36%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 15:00
Updated-27 Jan, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda TX9 SetSysTimeCfg sub_42D4DC stack-based overflow

A vulnerability classified as critical was found in Tenda TX9 22.03.02.10. This vulnerability affects the function sub_42D4DC of the file /goform/SetSysTimeCfg. The manipulation of the argument time leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261856. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-tx9_pro_firmwaretx9_proTX9tx9_pro_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4111
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.32% / 54.36%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 14:00
Updated-27 Jan, 2025 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda TX9 SetLEDCfg sub_42BD7C stack-based overflow

A vulnerability was found in Tenda TX9 22.03.02.10. It has been rated as critical. Affected by this issue is the function sub_42BD7C of the file /goform/SetLEDCfg. The manipulation of the argument time leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-261854 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-tx9_pro_firmwaretx9_proTX9
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4121
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.22% / 44.85%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 18:00
Updated-15 Jan, 2025 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda W15E formQOSRuleDel stack-based overflow

A vulnerability classified as critical has been found in Tenda W15E 15.11.0.14. Affected is the function formQOSRuleDel. The manipulation of the argument qosIndex leads to stack-based buffer overflow. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-261864. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-w15e_firmwarew15eW15Ew15e_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4124
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.16% / 36.98%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 18:31
Updated-15 Jan, 2025 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda W15E SetRemoteWebManage formSetRemoteWebManage stack-based overflow

A vulnerability, which was classified as critical, was found in Tenda W15E 15.11.0.14. This affects the function formSetRemoteWebManage of the file /goform/SetRemoteWebManage. The manipulation of the argument remoteIP leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261867. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-w15e_firmwarew15eW15Ew15e
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-7563
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-8.8||HIGH
EPSS-1.04% / 77.14%
||
7 Day CHG~0.00%
Published-18 Nov, 2020 | 13:50
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause corruption of data, a crash, or code execution when uploading a specially crafted file on the controller over FTP.

Action-Not Available
Vendor-n/a
Product-modicon_quantum_140cpu65150c_firmwaremodicon_m340_bmx_p34-2010_firmwaremodicon_m340_bmx_noe_0100h_firmwaremodicon_tsxp575634modicon_quantum_140noe77101_firmwaremodicon_m340_bmx_noc_0401modicon_quantum_140cpu65160c_firmwaremodicon_tsxp576634_firmwaremodicon_tsxety5103modicon_tsxp576634modicon_quantum_140cpu65160modicon_quantum_140noe77111_firmwaremodicon_tsxp575634_firmwaremodicon_m340_bmx_noe_0110hmodicon_quantum_140cpu65160_firmwaremodicon_m340_bmx_noe_0100_firmwaremodicon_m340_bmx_noe_0110_firmwaremodicon_m340_bmx_noe_0110h_firmwaremodicon_quantum_140cpu65160cmodicon_m340_bmx_nor_0200hmodicon_quantum_140cpu65150_firmwaremodicon_m340_bmx_p34-2030modicon_quantum_140cpu65150cmodicon_quantum_140cpu65150modicon_tsxety5103_firmwaremodicon_quantum_140noe77101modicon_m340_bmx_noc_0401_firmwaremodicon_m340_bmx_noe_0100hmodicon_tsxety4103modicon_m340_bmx_noe_0110modicon_quantum_140noc78100modicon_m340_bmx_noe_0100modicon_tsxp574634_firmwaremodicon_quantum_140noc78100_firmwaremodicon_m340_bmx_nor_0200h_firmwaremodicon_quantum_140noe77111modicon_m340_bmx_p34-2010modicon_m340_bmx_p34-2030_firmwaremodicon_tsxety4103_firmwaremodicon_tsxp574634Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details)
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4112
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.32% / 54.36%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 14:31
Updated-27 Jan, 2025 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda TX9 SetVirtualServerCfg sub_42CB94 stack-based overflow

A vulnerability classified as critical has been found in Tenda TX9 22.03.02.10. This affects the function sub_42CB94 of the file /goform/SetVirtualServerCfg. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261855. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-tx9_pro_firmwaretx9_proTX9tx9_pro_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-6964
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.25% / 47.71%
||
7 Day CHG~0.00%
Published-22 Jul, 2024 | 01:00
Updated-01 Aug, 2024 | 21:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda O3 fromDhcpSetSer stack-based overflow

A vulnerability, which was classified as critical, was found in Tenda O3 1.0.0.10. Affected is the function fromDhcpSetSer. The manipulation of the argument dhcpEn/startIP/endIP/preDNS/altDNS/mask/gateway leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272118 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-o3o3_firmware1.0.0.10\(2478\)O303v2.0_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4125
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.77% / 73.19%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 19:00
Updated-15 Jan, 2025 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda W15E setStaticRoute formSetStaticRoute stack-based overflow

A vulnerability has been found in Tenda W15E 15.11.0.14 and classified as critical. This vulnerability affects the function formSetStaticRoute of the file /goform/setStaticRoute. The manipulation of the argument staticRouteIndex leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261868. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-w15e_firmwarew15eW15Ew15e_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4120
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.22% / 44.85%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 17:31
Updated-15 Jan, 2025 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda W15E modifyIpMacBind formIPMacBindModify stack-based overflow

A vulnerability was found in Tenda W15E 15.11.0.14. It has been rated as critical. This issue affects the function formIPMacBindModify of the file /goform/modifyIpMacBind. The manipulation of the argument IPMacBindRuleId/IPMacBindRuleIp/IPMacBindRuleMac/IPMacBindRuleRemark leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261863. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-w15e_firmwarew15eW15Ew15e
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-6965
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.58% / 68.40%
||
7 Day CHG~0.00%
Published-22 Jul, 2024 | 01:31
Updated-01 Aug, 2024 | 21:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda O3 fromVirtualSet stack-based overflow

A vulnerability has been found in Tenda O3 1.0.0.10 and classified as critical. Affected by this vulnerability is the function fromVirtualSet. The manipulation of the argument ip/localPort/publicPort/app leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272119. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-o3o3_firmware1.0.0.10\(2478\)O3o3v2o3v2_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4169
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.80% / 73.80%
||
7 Day CHG~0.00%
Published-25 Apr, 2024 | 12:31
Updated-21 Jan, 2025 | 14:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda 4G300 sub_4279CC stack-based overflow

A vulnerability was found in Tenda 4G300 1.01.42. It has been declared as critical. This vulnerability affects the function sub_42775C/sub_4279CC. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The identifier of this vulnerability is VDB-261988. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-4g300_firmware4g3004G3004g300
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-7152
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.27% / 50.46%
||
7 Day CHG~0.00%
Published-27 Jul, 2024 | 21:00
Updated-01 Nov, 2024 | 14:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda O3 setMacFilterList fromSafeSetMacFilter stack-based overflow

A vulnerability was found in Tenda O3 1.0.0.10(2478). It has been rated as critical. This issue affects the function fromSafeSetMacFilter of the file /goform/setMacFilterList. The manipulation of the argument time leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272555. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-o3_firmwareo3O3o3v2_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4166
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-1.02% / 76.90%
||
7 Day CHG~0.00%
Published-25 Apr, 2024 | 11:31
Updated-21 Jan, 2025 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda 4G300 sub_41E858 stack-based overflow

A vulnerability has been found in Tenda 4G300 1.01.42 and classified as critical. Affected by this vulnerability is the function sub_41E858. The manipulation of the argument GO/page leads to stack-based buffer overflow. The attack can be launched remotely. The identifier VDB-261985 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-4g300_firmware4g3004G3004g300_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-6963
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.78% / 73.33%
||
7 Day CHG~0.00%
Published-22 Jul, 2024 | 00:00
Updated-01 Aug, 2024 | 21:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda O3 formexeCommand stack-based overflow

A vulnerability, which was classified as critical, has been found in Tenda O3 1.0.0.10. This issue affects the function formexeCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272117 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-o3o3_firmware1.0.0.10\(2478\)O3o3v2_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4170
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.83% / 74.25%
||
7 Day CHG~0.00%
Published-25 Apr, 2024 | 13:00
Updated-21 Jan, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda 4G300 sub_429A30 stack-based overflow

A vulnerability was found in Tenda 4G300 1.01.42. It has been rated as critical. This issue affects the function sub_429A30. The manipulation of the argument list1 leads to stack-based buffer overflow. The attack may be initiated remotely. The identifier VDB-261989 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-4g300_firmware4g3004G3004g300_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4127
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.52% / 66.37%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 19:31
Updated-15 Jan, 2025 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda W15E guestWifiRuleRefresh stack-based overflow

A vulnerability was found in Tenda W15E 15.11.0.14. It has been classified as critical. Affected is the function guestWifiRuleRefresh. The manipulation of the argument qosGuestDownstream leads to stack-based buffer overflow. It is possible to launch the attack remotely. VDB-261870 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-w15e_firmwarew15eW15Ew15e
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4114
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.15% / 35.19%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 15:00
Updated-27 Jan, 2025 | 16:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda TX9 PowerSaveSet sub_42C014 stack-based overflow

A vulnerability, which was classified as critical, has been found in Tenda TX9 22.03.02.10. This issue affects the function sub_42C014 of the file /goform/PowerSaveSet. The manipulation of the argument time leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261857 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-tx9_pro_firmwaretx9_proTX9tx9_pro_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4119
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.24% / 47.38%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 17:00
Updated-15 Jan, 2025 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda W15E delIpMacBind formIPMacBindDel stack-based overflow

A vulnerability was found in Tenda W15E 15.11.0.14. It has been declared as critical. This vulnerability affects the function formIPMacBindDel of the file /goform/delIpMacBind. The manipulation of the argument IPMacBindIndex leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-261862 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-w15e_firmwarew15eW15Ew15e
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4116
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.24% / 47.38%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 16:00
Updated-15 Jan, 2025 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda W15E DelDhcpRule formDelDhcpRule stack-based overflow

A vulnerability has been found in Tenda W15E 15.11.0.14 and classified as critical. Affected by this vulnerability is the function formDelDhcpRule of the file /goform/DelDhcpRule. The manipulation of the argument delDhcpIndex leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261859. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-w15e_firmwarew15eW15Ew15e
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4168
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.57% / 68.19%
||
7 Day CHG~0.00%
Published-25 Apr, 2024 | 12:00
Updated-21 Jan, 2025 | 14:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda 4G300 sub_4260F0 stack-based overflow

A vulnerability was found in Tenda 4G300 1.01.42. It has been classified as critical. This affects the function sub_4260F0. The manipulation of the argument upfilen leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-261987. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-4g300_firmware4g3004G3004g300
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4167
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.57% / 68.19%
||
7 Day CHG~0.00%
Published-25 Apr, 2024 | 12:00
Updated-21 Jan, 2025 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda 4G300 sub_422AA4 stack-based overflow

A vulnerability was found in Tenda 4G300 1.01.42 and classified as critical. Affected by this issue is the function sub_422AA4. The manipulation of the argument year/month/day/hour/minute/second leads to stack-based buffer overflow. The attack may be launched remotely. VDB-261986 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-4g300_firmware4g3004G3004g300
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-57704
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.19% / 41.33%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 00:00
Updated-17 Mar, 2025 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability. Affected by this vulnerability is the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime leads to stack-based buffer overflow.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac8_firmwareac8n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4126
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.77% / 73.19%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 19:31
Updated-15 Jan, 2025 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda W15E SetSysTimeCfg formSetSysTime stack-based overflow

A vulnerability was found in Tenda W15E 15.11.0.14 and classified as critical. This issue affects the function formSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument manualTime leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261869 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-w15e_firmwarew15eW15Ew15e_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4115
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.15% / 35.40%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 15:31
Updated-15 Jan, 2025 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda W15E AddDnsForward formAddDnsForward stack-based overflow

A vulnerability, which was classified as critical, was found in Tenda W15E 15.11.0.14. Affected is the function formAddDnsForward of the file /goform/AddDnsForward. The manipulation of the argument DnsForwardRule leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-261858 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-w15e_firmwarew15eW15E
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-41459
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.49% / 65.02%
||
7 Day CHG~0.00%
Published-24 Jul, 2024 | 00:00
Updated-02 Aug, 2024 | 04:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the PPPOEPassword parameter at ip/goform/QuickIndex.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-fh1201_firmwarefh1201n/afh1201_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4064
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.83% / 74.12%
||
7 Day CHG~0.00%
Published-23 Apr, 2024 | 20:00
Updated-21 Jan, 2025 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC8 execCommand R7WebsSecurityHandler stack-based overflow

A vulnerability was found in Tenda AC8 16.03.34.09. It has been declared as critical. This vulnerability affects the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-261790 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac8ac8_firmwareAC8ac8_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4065
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.58% / 68.40%
||
7 Day CHG~0.00%
Published-23 Apr, 2024 | 20:00
Updated-21 Jan, 2025 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC8 SetRebootTimer formSetRebootTimer stack-based overflow

A vulnerability was found in Tenda AC8 16.03.34.09. It has been rated as critical. This issue affects the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261791. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac8ac8_firmwareAC8ac8
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4066
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.87% / 74.88%
||
7 Day CHG~0.00%
Published-23 Apr, 2024 | 21:00
Updated-21 Jan, 2025 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC8 AdvSetMacMtuWan fromAdvSetMacMtuWan stack-based overflow

A vulnerability classified as critical has been found in Tenda AC8 16.03.34.09. Affected is the function fromAdvSetMacMtuWan of the file /goform/AdvSetMacMtuWan. The manipulation of the argument wanMTU/wanSpeed/cloneType/mac/serviceName/serverName leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261792. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac8ac8_firmwareAC8ac8_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-3907
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.59% / 68.80%
||
7 Day CHG~0.00%
Published-17 Apr, 2024 | 11:00
Updated-17 Jan, 2025 | 21:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC500 setcfm formSetCfm stack-based overflow

A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been rated as critical. This issue affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261143. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac500ac500_firmwareAC500ac500
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-3875
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-1.01% / 76.73%
||
7 Day CHG~0.00%
Published-16 Apr, 2024 | 18:00
Updated-21 Jan, 2025 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda F1202 Natlimit fromNatlimit stack-based overflow

A vulnerability was found in Tenda F1202 1.2.0.20(408). It has been rated as critical. This issue affects the function fromNatlimit of the file /goform/Natlimit. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260909 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-f1202f1202_firmwareF1202
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-6189
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.59% / 68.73%
||
7 Day CHG~0.00%
Published-20 Jun, 2024 | 14:00
Updated-01 Nov, 2024 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda A301 WifiExtraSet fromSetWirelessRepeat stack-based overflow

A vulnerability was found in Tenda A301 15.13.08.12. It has been classified as critical. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269160. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-a301_firmwarea301A301a301
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-3909
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.25% / 48.46%
||
7 Day CHG~0.00%
Published-17 Apr, 2024 | 11:31
Updated-07 Feb, 2025 | 01:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC500 execCommand formexeCommand stack-based overflow

A vulnerability classified as critical was found in Tenda AC500 2.0.1.9(1307). Affected by this vulnerability is the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261145 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac500ac500_firmwareAC500ac500_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-3906
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.61% / 69.33%
||
7 Day CHG~0.00%
Published-17 Apr, 2024 | 10:31
Updated-21 Jan, 2025 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC500 QuickIndex formQuickIndex stack-based overflow

A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been declared as critical. This vulnerability affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-261142 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac500ac500_firmwareAC500ac500
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-3876
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.59% / 68.80%
||
7 Day CHG~0.00%
Published-16 Apr, 2024 | 18:00
Updated-21 Jan, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda F1202 VirtualSer fromVirtualSer stack-based overflow

A vulnerability classified as critical has been found in Tenda F1202 1.2.0.20(408). Affected is the function fromVirtualSer of the file /goform/VirtualSer. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-260910 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-f1202f1202_firmwareF1202f1202_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-3881
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.34% / 56.67%
||
7 Day CHG~0.00%
Published-16 Apr, 2024 | 19:31
Updated-27 Jan, 2025 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda W30E frmL7ProtForm frmL7PlotForm stack-based overflow

A vulnerability was found in Tenda W30E 1.0.1.25(633) and classified as critical. This issue affects the function frmL7PlotForm of the file /goform/frmL7ProtForm. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260915. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-w30ew30e_firmwareW30Ew30e
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 8
  • 9
  • Next
Details not found