An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input vector controlled by malicious attack get copied to the stack variable.
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request.
A firmware update vulnerability exists in the Firmware Signature Validation functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted malicious file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command injection vulnerability via the mac parameter at ip/goform/WriteFacMac.
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request.
In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.
In Tenda AC9 v1.0 V15.03.05.14_multi, the cloneType parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.
In Tenda AC9 v1.0 V15.03.05.14_multi, the mac parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.
Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formSetIptv.
Tenda AC8 V16.03.34.06 is vulnerable to Buffer Overflow in the fromSetRouteStatic function via the parameter list.
Tenda AC10 V1.0 V15.03.06.23 has a command injection vulnerablility located in the formexeCommand function. The str variable receives the cmdinput parameter from a POST request and is later assigned to the cmd_buf variable, which is directly used in the doSystemCmd function, causing an arbitrary command execution.
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the sysScheduleRebootSet function.
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a stack overflow via the ip parameter in the setPing function.
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysTimeInfoSet function.
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function formGetWeiXinConfig.
Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formSetAutoPing.
Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the remoteIp parameter from formSetSafeWanWebMan function.
Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setFixTools.
A vulnerability, which was classified as critical, was found in Tenda AC7 1200M 15.03.06.44. Affected is the function TendaTelnet of the file /goform/telnet. The manipulation of the argument lan_ip leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function "add_white_node,"
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceList at /goform/setMacFilterCfg.
Tengda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function "R7WebsSecurityHandler."
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list at /goform/SetStaticRouteCfg.
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list at /goform/SetNetControlList.
A security flaw has been discovered in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/wirelessRestart of the component HTTP Request Handler. The manipulation of the argument GO results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be exploited.
A vulnerability was determined in Tenda W6-S 1.0.0.4(510). This impacts an unknown function of the file /bin/httpd of the component R7websSsecurityHandler. Executing manipulation of the argument Cookie can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
A security flaw has been discovered in Tenda WH450 1.0.0.18. Impacted is an unknown function of the file /goform/DhcpListClient of the component HTTP Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be exploited.
A vulnerability was detected in Tenda WH450 1.0.0.18. Impacted is an unknown function of the file /goform/NatStaticSetting. The manipulation of the argument page results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public and may be used.
A vulnerability has been found in Tenda WH450 1.0.0.18. This issue affects some unknown processing of the file /goform/SafeUrlFilter. The manipulation of the argument page leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
A security vulnerability has been detected in Tenda WH450 1.0.0.18. Affected by this issue is some unknown functionality of the file /goform/L7Im of the component HTTP Request Handler. Such manipulation of the argument page leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function.
Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function frmL7ProtForm.
A vulnerability was found in Tenda WH450 1.0.0.18. This affects an unknown function of the file /goform/PPTPDClient of the component HTTP Request Handler. Performing manipulation of the argument Username results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made public and could be used.
A flaw has been found in Tenda WH450 1.0.0.18. The affected element is an unknown function of the file /goform/Natlimit of the component HTTP Request Handler. This manipulation of the argument page causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used.
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at ip/goform/NatStaticSetting.
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the mitInterface parameter in ip/goform/addressNat.
Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page parameter in the fromVirtualSer function.
Tenda AC7V1.0 v15.03.06.44 firmware has a stack overflow vulnerability via the PPW parameter in the fromWizardHandle function.
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the addWifiMacFilter function.
Tenda AX1803 v1.0.0.1 contains a stack overflow via the serverName parameter in the function fromAdvSetMacMtuWan.
Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the mitInterface parameter from fromAddressNat function.
Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGuestBasic.
Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability in the entrys parameter of the fromAddressNat function.
Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the time parameter from saveParentControlInfo function.
Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the page parameter from fromAddressNat function.
Tenda AC5 router V15.03.06.28 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at ip/goform/WriteFacMac.
Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the urls parameter of the saveParentControlInfo function.
Tenda AC18 v15.03.05.19(6318_)_cn was discovered to contain a command injection vulnerability via the deviceName parameter in the setUsbUnload function.
Tenda AC5 V15.03.06.28 is vulnerable to Buffer Overflow via the initWebs function.
Tenda AC18 V15.03.05.05 contains a command injection vulnerablility in the deviceName parameter of formsetUsbUnload function.