Vulnerabilites related to tendacn - ac9_firmware
Vulnerability from fkie_nvd
Published
2021-09-30 21:15
Modified
2024-11-21 05:12
Severity ?
Summary
A stack-based buffer overflow in the httpd server on Tenda AC9 V15.03.06.60_EN allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via a crafted POST request to /goform/SetStaticRouteCfg.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cwe.mitre.org/data/definitions/121.html | Technical Description | |
| cve@mitre.org | https://github.com/grapefruitvul/vulinfo/blob/master/tenda/vul1.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cwe.mitre.org/data/definitions/121.html | Technical Description | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/grapefruitvul/vulinfo/blob/master/tenda/vul1.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | ac9_firmware | 15.03.06.60_en | |
| tendacn | ac9 | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac9_firmware:15.03.06.60_en:*:*:*:*:*:*:*",
"matchCriteriaId": "90D4EF6F-3B6B-47F4-9093-FE81634DE235",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac9:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA49FEFD-41B5-4038-883D-989AB85D6CF5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow in the httpd server on Tenda AC9 V15.03.06.60_EN allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via a crafted POST request to /goform/SetStaticRouteCfg."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en el servidor httpd en Tenda AC9 versi\u00f3n V15.03.06.60_ES, permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (DoS) por medio de una petici\u00f3n POST dise\u00f1ada a /goform/SetStaticRouteCfg"
}
],
"id": "CVE-2020-20746",
"lastModified": "2024-11-21T05:12:16.037",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-30T21:15:07.960",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Technical Description"
],
"url": "https://cwe.mitre.org/data/definitions/121.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/grapefruitvul/vulinfo/blob/master/tenda/vul1.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description"
],
"url": "https://cwe.mitre.org/data/definitions/121.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/grapefruitvul/vulinfo/blob/master/tenda/vul1.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-22 17:15
Modified
2024-11-21 05:01
Severity ?
Summary
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/SetNetControlList list parameter for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://joel-malwarebenchmark.github.io | Exploit, Third Party Advisory | |
| cve@mitre.org | https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13394-Tenda-vulnerability/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://joel-malwarebenchmark.github.io | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13394-Tenda-vulnerability/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | ac6_firmware | v15.03.05.19_multi_td01 | |
| tendacn | ac6 | 1.0 | |
| tendacn | ac9_firmware | v15.03.05.19\(6318\) | |
| tendacn | ac9 | 1.0 | |
| tendacn | ac15_firmware | v15.03.05.19_multi_td01 | |
| tendacn | ac15 | 1.0 | |
| tendacn | ac18_firmware | v15.03.05.19\(6318\) | |
| tendacn | ac18 | - | |
| tendacn | ac9_firmware | v15.03.06.42_multi | |
| tendacn | ac9 | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac6_firmware:v15.03.05.19_multi_td01:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC0673D-8596-4496-A29B-7E7F38584B29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac6:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37AC63F5-DB8A-40B5-AA46-A2F9C9BCFB12",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac9_firmware:v15.03.05.19\\(6318\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FA1D8A5D-204B-4EB2-8889-E48396A33017",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac9:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E3CCB3-34B7-4904-9C38-48CA34E44C84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac15_firmware:v15.03.05.19_multi_td01:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A8E101-F4DE-40EE-8412-86830A94E5D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac15:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0979C5E5-E098-4B24-86BC-02ED33FBFDA4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac18_firmware:v15.03.05.19\\(6318\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3188ED22-AA0D-440F-AD0E-9440F0B9526B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac18:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCF0F551-6E6C-48D6-9C2A-740B84AF0349",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac9_firmware:v15.03.06.42_multi:*:*:*:*:*:*:*",
"matchCriteriaId": "87C452F1-095D-4C6C-84D5-94593AEBDDC3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac9:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA49FEFD-41B5-4038-883D-989AB85D6CF5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the /goform/SetNetControlList list parameter for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en dispositivos Tenda AC6 versiones V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, y AC18 V15.03.05.19(6318 _)_CN. Se presenta una vulnerabilidad de desbordamiento de b\u00fafer en el servidor web del enrutador: httpd. Mientras se procesa el par\u00e1metro list de /goform/SetNetControlList para una petici\u00f3n POST, un valor es usado directamente en un strcpy para una variable local colocada en la pila, que sobrescribe la direcci\u00f3n de retorno de una funci\u00f3n. Un atacante puede construir una carga \u00fatil para llevar a cabo ataques de ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"id": "CVE-2020-13394",
"lastModified": "2024-11-21T05:01:10.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-22T17:15:11.363",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://joel-malwarebenchmark.github.io"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13394-Tenda-vulnerability/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://joel-malwarebenchmark.github.io"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13394-Tenda-vulnerability/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-29 11:15
Modified
2024-11-21 06:06
Severity ?
Summary
Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the urls parameter.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://tenda.com | Not Applicable | |
| cve@mitre.org | https://github.com/Lyc-heng/routers/blob/main/routers/stack2.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tenda.com | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Lyc-heng/routers/blob/main/routers/stack2.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | ac9_firmware | * | |
| tendacn | ac9 | 3.0 | |
| tendacn | ac9_firmware | * | |
| tendacn | ac9 | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac9_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB151239-C968-4822-BC79-E8F44055D3FA",
"versionEndIncluding": "15.03.06.42_multi",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac9:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA49FEFD-41B5-4038-883D-989AB85D6CF5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac9_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB7D423D-053F-47CC-9BD2-676B60BB86DB",
"versionEndIncluding": "15.03.05.19\\(6318\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac9:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E3CCB3-34B7-4904-9C38-48CA34E44C84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the urls parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad de desbordamiento del b\u00fafer en Tenda versiones AC9 V1.0 hasta V15.03.05.19(6318), y AC9 V3.0 V15.03.06.42_multi, permite a atacantes ejecutar c\u00f3digo arbitrario por medio del par\u00e1metro urls"
}
],
"id": "CVE-2021-31624",
"lastModified": "2024-11-21T06:06:02.587",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-29T11:15:08.383",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://tenda.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Lyc-heng/routers/blob/main/routers/stack2.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://tenda.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Lyc-heng/routers/blob/main/routers/stack2.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-02 03:29
Modified
2024-11-21 03:52
Severity ?
Summary
An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-04/tenda.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-04/tenda.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | ac10_firmware | * | |
| tendacn | ac10 | - | |
| tendacn | ac9_firmware | 15.03.05.19 | |
| tendacn | ac9 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "018743D2-3F52-43DF-8C7A-F28139690D53",
"versionEndIncluding": "15.03.06.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FE0DA72-D225-4BAE-8813-816AB8F0B3FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac9_firmware:15.03.05.19:*:*:*:*:*:*:*",
"matchCriteriaId": "5678A346-17EF-4626-BAE4-B1F5C8AFB9CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7871810-DC61-4B96-8C3D-2DA1FE202C91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection."
},
{
"lang": "es",
"value": "\"Se ha descubierto un problema en dispositivos \nTenda AC9 V15.03.05.19(6318)_CN y AC10 V15.03.06.23_CN. El par\u00e1metro mac en una petici\u00f3n POST se emplea directamente en una llamada doSystemCmd, provocando la inyecci\u00f3n de comandos del sistema operativo.\""
}
],
"id": "CVE-2018-16334",
"lastModified": "2024-11-21T03:52:32.727",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-02T03:29:00.760",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-04/tenda.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-04/tenda.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-22 17:15
Modified
2024-11-21 05:01
Severity ?
Summary
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/SetSpeedWan speed_dir parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://joel-malwarebenchmark.github.io | Exploit, Third Party Advisory | |
| cve@mitre.org | https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13391-Tenda-vulnerability/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://joel-malwarebenchmark.github.io | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13391-Tenda-vulnerability/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | ac6_firmware | v15.03.05.19_multi_td01 | |
| tendacn | ac6 | 1.0 | |
| tendacn | ac9_firmware | v15.03.05.19\(6318\) | |
| tendacn | ac9 | 1.0 | |
| tendacn | ac15_firmware | v15.03.05.19_multi_td01 | |
| tendacn | ac15 | 1.0 | |
| tendacn | ac18_firmware | v15.03.05.19\(6318\) | |
| tendacn | ac18 | - | |
| tendacn | ac9_firmware | v15.03.06.42_multi | |
| tendacn | ac9 | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac6_firmware:v15.03.05.19_multi_td01:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC0673D-8596-4496-A29B-7E7F38584B29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac6:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37AC63F5-DB8A-40B5-AA46-A2F9C9BCFB12",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac9_firmware:v15.03.05.19\\(6318\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FA1D8A5D-204B-4EB2-8889-E48396A33017",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac9:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E3CCB3-34B7-4904-9C38-48CA34E44C84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac15_firmware:v15.03.05.19_multi_td01:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A8E101-F4DE-40EE-8412-86830A94E5D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac15:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0979C5E5-E098-4B24-86BC-02ED33FBFDA4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac18_firmware:v15.03.05.19\\(6318\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3188ED22-AA0D-440F-AD0E-9440F0B9526B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac18:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCF0F551-6E6C-48D6-9C2A-740B84AF0349",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac9_firmware:v15.03.06.42_multi:*:*:*:*:*:*:*",
"matchCriteriaId": "87C452F1-095D-4C6C-84D5-94593AEBDDC3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac9:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA49FEFD-41B5-4038-883D-989AB85D6CF5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the /goform/SetSpeedWan speed_dir parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en dispositivos Tenda AC6 versiones V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, y AC18 V15.03.05.19 (6318_)_CN. Se presenta una vulnerabilidad de desbordamiento de b\u00fafer en el servidor web del enrutador: httpd. Mientras se procesa el par\u00e1metro speed_dir de /goform/SetSpeedWan para una petici\u00f3n POST, un valor es usado directamente en un sprintf para una variable local colocada en la pila, que sobrescribe la direcci\u00f3n de retorno de una funci\u00f3n. Un atacante puede construir una carga \u00fatil para llevar a cabo ataques de ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"id": "CVE-2020-13391",
"lastModified": "2024-11-21T05:01:09.953",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-22T17:15:11.177",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://joel-malwarebenchmark.github.io"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13391-Tenda-vulnerability/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://joel-malwarebenchmark.github.io"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13391-Tenda-vulnerability/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-22 17:15
Modified
2024-11-21 05:01
Severity ?
Summary
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/addressNat entrys and mitInterface parameters for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://joel-malwarebenchmark.github.io | Exploit, Third Party Advisory | |
| cve@mitre.org | https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13390-Tenda-vulnerability/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://joel-malwarebenchmark.github.io | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13390-Tenda-vulnerability/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | ac6_firmware | v15.03.05.19_multi_td01 | |
| tendacn | ac6 | 1.0 | |
| tendacn | ac9_firmware | v15.03.05.19\(6318\) | |
| tendacn | ac9 | 1.0 | |
| tendacn | ac15_firmware | v15.03.05.19_multi_td01 | |
| tendacn | ac15 | 1.0 | |
| tendacn | ac18_firmware | v15.03.05.19\(6318\) | |
| tendacn | ac18 | - | |
| tendacn | ac9_firmware | v15.03.06.42_multi | |
| tendacn | ac9 | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac6_firmware:v15.03.05.19_multi_td01:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC0673D-8596-4496-A29B-7E7F38584B29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac6:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37AC63F5-DB8A-40B5-AA46-A2F9C9BCFB12",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac9_firmware:v15.03.05.19\\(6318\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FA1D8A5D-204B-4EB2-8889-E48396A33017",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac9:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E3CCB3-34B7-4904-9C38-48CA34E44C84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac15_firmware:v15.03.05.19_multi_td01:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A8E101-F4DE-40EE-8412-86830A94E5D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac15:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0979C5E5-E098-4B24-86BC-02ED33FBFDA4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac18_firmware:v15.03.05.19\\(6318\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3188ED22-AA0D-440F-AD0E-9440F0B9526B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac18:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCF0F551-6E6C-48D6-9C2A-740B84AF0349",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac9_firmware:v15.03.06.42_multi:*:*:*:*:*:*:*",
"matchCriteriaId": "87C452F1-095D-4C6C-84D5-94593AEBDDC3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac9:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA49FEFD-41B5-4038-883D-989AB85D6CF5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the /goform/addressNat entrys and mitInterface parameters for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en dispositivos Tenda AC6 versiones V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, y AC18 V15.03.05.19 (6318_)_CN. Se presenta una vulnerabilidad de desbordamiento de b\u00fafer en el servidor web del enrutador: httpd. Mientras se procesan las entradas /goform/addressNat y par\u00e1metros mitInterface para una petici\u00f3n POST, un valor es usado directamente en un sprintf para una variable local colocada en la pila, que sobrescribe la direcci\u00f3n de retorno de una funci\u00f3n. Un atacante puede construir una carga \u00fatil para llevar a cabo ataques de ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"id": "CVE-2020-13390",
"lastModified": "2024-11-21T05:01:09.810",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-22T17:15:11.097",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://joel-malwarebenchmark.github.io"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13390-Tenda-vulnerability/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://joel-malwarebenchmark.github.io"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13390-Tenda-vulnerability/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-29 11:15
Modified
2024-11-21 05:13
Severity ?
Summary
Stack-based buffer overflow in Tenda AC-10U AC1200 Router US_AC10UV1.0RTL_V15.03.06.48_multi_TDE01 allows remote attackers to execute arbitrary code via the timeZone parameter to goform/SetSysTimeCfg.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cwe.mitre.org/data/definitions/121.html | Technical Description | |
| cve@mitre.org | https://github.com/1sd3d/Tendown/tree/master/PoCs/Auth/bof11 | Broken Link | |
| cve@mitre.org | https://github.com/Lyc-heng/routers/blob/main/routers/stack1.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cwe.mitre.org/data/definitions/121.html | Technical Description | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/1sd3d/Tendown/tree/master/PoCs/Auth/bof11 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Lyc-heng/routers/blob/main/routers/stack1.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | ac10u_firmware | 15.03.06.48_multi_tde01 | |
| tendacn | ac10u | 1.0 | |
| tendacn | ac9_firmware | 15.03.05.19\(6318\) | |
| tendacn | ac9 | 1.0 | |
| tendacn | ac9_firmware | 15.03.06.42_multi | |
| tendacn | ac9 | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac10u_firmware:15.03.06.48_multi_tde01:*:*:*:*:*:*:*",
"matchCriteriaId": "79A5D098-A57A-4887-8FAD-6BC8D494C235",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac10u:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BFF286BB-A1D3-4E51-AB31-B5A531A8B440",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac9_firmware:15.03.05.19\\(6318\\):*:*:*:*:*:*:*",
"matchCriteriaId": "155D1EC2-F6ED-4D3B-9C4D-CF3265BA80D0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac9:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E3CCB3-34B7-4904-9C38-48CA34E44C84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac9_firmware:15.03.06.42_multi:*:*:*:*:*:*:*",
"matchCriteriaId": "C41D8303-D9CC-4E43-9F6E-5185AD348DD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac9:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA49FEFD-41B5-4038-883D-989AB85D6CF5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Tenda AC-10U AC1200 Router US_AC10UV1.0RTL_V15.03.06.48_multi_TDE01 allows remote attackers to execute arbitrary code via the timeZone parameter to goform/SetSysTimeCfg."
},
{
"lang": "es",
"value": "Un desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria en el router AC-10U AC1200 de Tenda versi\u00f3n US_AC10UV1.0RTL_V15.03.06.48_multi_TDE01, permite a atacantes remotos ejecutar c\u00f3digo arbitrario por medio del par\u00e1metro timeZone de goform/SetSysTimeCfg"
}
],
"id": "CVE-2020-22079",
"lastModified": "2024-11-21T05:13:06.180",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-29T11:15:08.310",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Technical Description"
],
"url": "https://cwe.mitre.org/data/definitions/121.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://github.com/1sd3d/Tendown/tree/master/PoCs/Auth/bof11"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Lyc-heng/routers/blob/main/routers/stack1.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description"
],
"url": "https://cwe.mitre.org/data/definitions/121.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://github.com/1sd3d/Tendown/tree/master/PoCs/Auth/bof11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Lyc-heng/routers/blob/main/routers/stack1.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-03-14 14:15
Modified
2025-04-03 15:46
Severity ?
Summary
Tenda AC9 v15.03.05.19(6318) was discovered to contain a buffer overflow via the formWifiWpsOOB function.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/WhereisDoujo/CVE/issues/6 | Exploit, Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | ac9_firmware | 15.03.05.19\(6318\) | |
| tendacn | ac9 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac9_firmware:15.03.05.19\\(6318\\):*:*:*:*:*:*:*",
"matchCriteriaId": "155D1EC2-F6ED-4D3B-9C4D-CF3265BA80D0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac9:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC4AED9B-6D36-4AB3-90CF-260C2B73C87D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC9 v15.03.05.19(6318) was discovered to contain a buffer overflow via the formWifiWpsOOB function."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Tenda AC9 v15.03.05.19(6318) conten\u00eda un desbordamiento de b\u00fafer a trav\u00e9s de la funci\u00f3n formWifiWpsOOB."
}
],
"id": "CVE-2025-29032",
"lastModified": "2025-04-03T15:46:23.280",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 4.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-03-14T14:15:18.623",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/WhereisDoujo/CVE/issues/6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-07 15:15
Modified
2024-11-21 08:20
Severity ?
Summary
Tenda AC9 V3.0BR_V15.03.06.42_multi_TD01 was discovered stack overflow via parameter 'firewall_value' at url /goform/SetFirewallCfg.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/GleamingEyes/vul/blob/main/tenda_ac9/SetFirewallCfg.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/GleamingEyes/vul/blob/main/tenda_ac9/SetFirewallCfg.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | ac9_firmware | 15.03.06.42_multi_td0 | |
| tendacn | ac9 | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac9_firmware:15.03.06.42_multi_td0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B8F0DC-1319-4DA8-BAA9-2C6467607E4F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac9:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA49FEFD-41B5-4038-883D-989AB85D6CF5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC9 V3.0BR_V15.03.06.42_multi_TD01 was discovered stack overflow via parameter \u0027firewall_value\u0027 at url /goform/SetFirewallCfg."
},
{
"lang": "es",
"value": "Tenda AC9 V3.0BR_V15.03.06.42_multi_TD01 se descubri\u00f3 un desbordamiento de pila a trav\u00e9s del par\u00e1metro \u0027firewall_value\u0027 en url /goform/SetFirewallCfg."
}
],
"id": "CVE-2023-40942",
"lastModified": "2024-11-21T08:20:19.703",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-07T15:15:07.767",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/GleamingEyes/vul/blob/main/tenda_ac9/SetFirewallCfg.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/GleamingEyes/vul/blob/main/tenda_ac9/SetFirewallCfg.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-22 17:15
Modified
2024-11-21 05:01
Severity ?
Summary
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/setcfm funcpara1 parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://joel-malwarebenchmark.github.io | Exploit, Third Party Advisory | |
| cve@mitre.org | https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13392-Tenda-vulnerability/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://joel-malwarebenchmark.github.io | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13392-Tenda-vulnerability/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | ac6_firmware | v15.03.05.19_multi_td01 | |
| tendacn | ac6 | 1.0 | |
| tendacn | ac9_firmware | v15.03.05.19\(6318\) | |
| tendacn | ac9 | 1.0 | |
| tendacn | ac15_firmware | v15.03.05.19_multi_td01 | |
| tendacn | ac15 | 1.0 | |
| tendacn | ac18_firmware | v15.03.05.19\(6318\) | |
| tendacn | ac18 | - | |
| tendacn | ac9_firmware | v15.03.06.42_multi | |
| tendacn | ac9 | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac6_firmware:v15.03.05.19_multi_td01:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC0673D-8596-4496-A29B-7E7F38584B29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac6:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37AC63F5-DB8A-40B5-AA46-A2F9C9BCFB12",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac9_firmware:v15.03.05.19\\(6318\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FA1D8A5D-204B-4EB2-8889-E48396A33017",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac9:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E3CCB3-34B7-4904-9C38-48CA34E44C84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac15_firmware:v15.03.05.19_multi_td01:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A8E101-F4DE-40EE-8412-86830A94E5D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac15:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0979C5E5-E098-4B24-86BC-02ED33FBFDA4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac18_firmware:v15.03.05.19\\(6318\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3188ED22-AA0D-440F-AD0E-9440F0B9526B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac18:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCF0F551-6E6C-48D6-9C2A-740B84AF0349",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac9_firmware:v15.03.06.42_multi:*:*:*:*:*:*:*",
"matchCriteriaId": "87C452F1-095D-4C6C-84D5-94593AEBDDC3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac9:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA49FEFD-41B5-4038-883D-989AB85D6CF5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the /goform/setcfm funcpara1 parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en dispositivos Tenda AC6 versiones V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, y AC18 V15.03.05.19(6318 _)_CN. Se presenta una vulnerabilidad de desbordamiento de b\u00fafer en el servidor web del enrutador: httpd. Mientras procesa el par\u00e1metro funcpara1 de /goform/setcfm para una petici\u00f3n POST, un valor es usado directamente en un sprintf para una variable local colocada en la pila, que sobrescribe la direcci\u00f3n de retorno de una funci\u00f3n. Un atacante puede construir una carga \u00fatil para llevar a cabo ataques de ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"id": "CVE-2020-13392",
"lastModified": "2024-11-21T05:01:10.107",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-22T17:15:11.237",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://joel-malwarebenchmark.github.io"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13392-Tenda-vulnerability/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://joel-malwarebenchmark.github.io"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13392-Tenda-vulnerability/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-22 17:15
Modified
2024-11-21 05:01
Severity ?
Summary
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/saveParentControlInfo deviceId and time parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://joel-malwarebenchmark.github.io | Exploit, Third Party Advisory | |
| cve@mitre.org | https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13393-Tenda-vulnerability/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://joel-malwarebenchmark.github.io | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13393-Tenda-vulnerability/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | ac6_firmware | v15.03.05.19_multi_td01 | |
| tendacn | ac6 | 1.0 | |
| tendacn | ac9_firmware | v15.03.05.19\(6318\) | |
| tendacn | ac9 | 1.0 | |
| tendacn | ac15_firmware | v15.03.05.19_multi_td01 | |
| tendacn | ac15 | 1.0 | |
| tendacn | ac18_firmware | v15.03.05.19\(6318\) | |
| tendacn | ac18 | - | |
| tendacn | ac9_firmware | v15.03.06.42_multi | |
| tendacn | ac9 | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac6_firmware:v15.03.05.19_multi_td01:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC0673D-8596-4496-A29B-7E7F38584B29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac6:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37AC63F5-DB8A-40B5-AA46-A2F9C9BCFB12",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac9_firmware:v15.03.05.19\\(6318\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FA1D8A5D-204B-4EB2-8889-E48396A33017",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac9:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E3CCB3-34B7-4904-9C38-48CA34E44C84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac15_firmware:v15.03.05.19_multi_td01:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A8E101-F4DE-40EE-8412-86830A94E5D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac15:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0979C5E5-E098-4B24-86BC-02ED33FBFDA4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac18_firmware:v15.03.05.19\\(6318\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3188ED22-AA0D-440F-AD0E-9440F0B9526B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac18:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCF0F551-6E6C-48D6-9C2A-740B84AF0349",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac9_firmware:v15.03.06.42_multi:*:*:*:*:*:*:*",
"matchCriteriaId": "87C452F1-095D-4C6C-84D5-94593AEBDDC3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac9:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA49FEFD-41B5-4038-883D-989AB85D6CF5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the /goform/saveParentControlInfo deviceId and time parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en dispositivos Tenda AC6 versiones V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, y AC18 V15.03.05.19(6318 _)_CN. Se presenta una vulnerabilidad de desbordamiento de b\u00fafer en el servidor web del enrutador: httpd. Mientras se procesa el deviceId /goform/saveParentControlInfo y los par\u00e1metros de tiempo para una petici\u00f3n POST, un valor es directamente usado en una strcpy para una variable local colocada en la pila, que sobrescribe la direcci\u00f3n de retorno de una funci\u00f3n. Un atacante puede construir una carga \u00fatil para llevar a cabo ataques de ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"id": "CVE-2020-13393",
"lastModified": "2024-11-21T05:01:10.260",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-22T17:15:11.300",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://joel-malwarebenchmark.github.io"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13393-Tenda-vulnerability/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://joel-malwarebenchmark.github.io"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13393-Tenda-vulnerability/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-02 03:29
Modified
2024-11-21 03:52
Severity ?
Summary
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server. While processing the ssid parameter for a POST request, the value is directly used in a sprintf call to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/ZIllR0/Routers/blob/master/Tenda/oob1.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/ZIllR0/Routers/blob/master/Tenda/oob1.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | ac18_firmware | * | |
| tendacn | ac18 | - | |
| tendacn | ac15_firmware | 15.03.05.19 | |
| tendacn | ac15 | - | |
| tendacn | ac10_firmware | 15.03.06.23 | |
| tendacn | ac10 | - | |
| tendacn | ac9_firmware | 15.03.05.19 | |
| tendacn | ac9 | - | |
| tendacn | ac7_firmware | 15.03.06.44 | |
| tendacn | ac7 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac18_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1F87AEF-C34D-411D-808F-4A5F60493DA3",
"versionEndIncluding": "15.03.05.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac18:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCF0F551-6E6C-48D6-9C2A-740B84AF0349",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*",
"matchCriteriaId": "7CF021B8-0BA1-42C9-A2A4-4B4BF18F8D4B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EEDF33B-0D03-492A-BCD1-0E6B79F783EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac10_firmware:15.03.06.23:*:*:*:*:*:*:*",
"matchCriteriaId": "C7952445-9298-49B5-9F77-DEF7B18C9483",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FE0DA72-D225-4BAE-8813-816AB8F0B3FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac9_firmware:15.03.05.19:*:*:*:*:*:*:*",
"matchCriteriaId": "5678A346-17EF-4626-BAE4-B1F5C8AFB9CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7871810-DC61-4B96-8C3D-2DA1FE202C91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac7_firmware:15.03.06.44:*:*:*:*:*:*:*",
"matchCriteriaId": "82F2488A-65A0-4830-A520-979F8E6ADBB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D8C8522-F517-4702-828F-D79C803574FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server. While processing the ssid parameter for a POST request, the value is directly used in a sprintf call to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en dispositivos Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN y AC18 V15.03.05.19(6318)_CN. Hay una vulnerabilidad de desbordamiento de b\u00fafer en el servidor web del router. Al procesar el par\u00e1metro ssid para una petici\u00f3n POST, el valor se emplea directamente en una llamada sprintf a una variable local colocada en la pila, que sobrescribe la direcci\u00f3n de retorno de la funci\u00f3n, provocando un desbordamiento de b\u00fafer."
}
],
"id": "CVE-2018-16333",
"lastModified": "2024-11-21T03:52:32.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-02T03:29:00.620",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ZIllR0/Routers/blob/master/Tenda/oob1.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ZIllR0/Routers/blob/master/Tenda/oob1.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-19 22:15
Modified
2024-11-21 07:12
Severity ?
Summary
Tenda AC9 V15.03.2.13 is vulnerable to Buffer Overflow via httpd, form_fast_setting_wifi_set. httpd.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://tenda.com | Product | |
| cve@mitre.org | https://www.cnblogs.com/Amalll/p/16606980.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tenda.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cnblogs.com/Amalll/p/16606980.html | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | ac9_firmware | 15.03.2.13 | |
| tendacn | ac9 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac9_firmware:15.03.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3A8DEAB5-8E48-4789-A2BA-AB0691D5644D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7871810-DC61-4B96-8C3D-2DA1FE202C91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC9 V15.03.2.13 is vulnerable to Buffer Overflow via httpd, form_fast_setting_wifi_set. httpd."
},
{
"lang": "es",
"value": "Tenda AC9 versi\u00f3n V15.03.2.13, es vulnerable a un desbordamiento del b\u00fafer por medio de httpd, form_fast_setting_wifi_set. httpd."
}
],
"id": "CVE-2022-36233",
"lastModified": "2024-11-21T07:12:38.320",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-19T22:15:09.110",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://tenda.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.cnblogs.com/Amalll/p/16606980.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://tenda.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.cnblogs.com/Amalll/p/16606980.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-29 11:15
Modified
2024-11-21 06:06
Severity ?
Summary
Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the index parameter.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://tenda.com | Not Applicable | |
| cve@mitre.org | https://github.com/Lyc-heng/routers/blob/main/routers/stack3.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tenda.com | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Lyc-heng/routers/blob/main/routers/stack3.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | ac9_firmware | * | |
| tendacn | ac9 | 3.0 | |
| tendacn | ac9_firmware | * | |
| tendacn | ac9 | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac9_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB151239-C968-4822-BC79-E8F44055D3FA",
"versionEndIncluding": "15.03.06.42_multi",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac9:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA49FEFD-41B5-4038-883D-989AB85D6CF5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac9_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB7D423D-053F-47CC-9BD2-676B60BB86DB",
"versionEndIncluding": "15.03.05.19\\(6318\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac9:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E3CCB3-34B7-4904-9C38-48CA34E44C84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the index parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad de desbordamiento del b\u00fafer en Tenda versiones AC9 V1.0 hasta V15.03.05.19(6318), y AC9 V3.0 V15.03.06.42_multi, permite a atacantes ejecutar c\u00f3digo arbitrario por medio del par\u00e1metro index"
}
],
"id": "CVE-2021-31627",
"lastModified": "2024-11-21T06:06:02.757",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-29T11:15:08.433",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://tenda.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Lyc-heng/routers/blob/main/routers/stack3.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://tenda.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Lyc-heng/routers/blob/main/routers/stack3.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-01 15:29
Modified
2024-11-21 04:12
Severity ?
Summary
Stack-based Buffer Overflow in httpd on Tenda AC9 devices V15.03.05.14_EN allows remote attackers to cause a denial of service or possibly have unspecified other impact.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/VulDetailsPublication/Poc/tree/master/Tenda/AC9 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/VulDetailsPublication/Poc/tree/master/Tenda/AC9 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | ac9_firmware | 15.03.05.14_en | |
| tenda | ac9 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac9_firmware:15.03.05.14_en:*:*:*:*:*:*:*",
"matchCriteriaId": "2174914C-39DA-4FA1-9322-F5EE2C531B31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD1430E-DC2E-4042-9389-1FD90ECDBE4D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based Buffer Overflow in httpd on Tenda AC9 devices V15.03.05.14_EN allows remote attackers to cause a denial of service or possibly have unspecified other impact."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en httpd en dispositivos Tenda AC9 V15.03.05.14_EN permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (DoS) u otro tipo de impacto sin especificar."
}
],
"id": "CVE-2018-7561",
"lastModified": "2024-11-21T04:12:22.127",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-01T15:29:00.213",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/VulDetailsPublication/Poc/tree/master/Tenda/AC9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/VulDetailsPublication/Poc/tree/master/Tenda/AC9"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-22 17:15
Modified
2024-11-21 05:01
Severity ?
Summary
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/openSchedWifi schedStartTime and schedEndTime parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://joel-malwarebenchmark.github.io | Exploit, Third Party Advisory | |
| cve@mitre.org | https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13389-Tenda-vulnerability/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://joel-malwarebenchmark.github.io | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13389-Tenda-vulnerability/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | ac6_firmware | v15.03.05.19_multi_td01 | |
| tendacn | ac6 | 1.0 | |
| tendacn | ac9_firmware | v15.03.05.19\(6318\) | |
| tendacn | ac9 | 1.0 | |
| tendacn | ac15_firmware | v15.03.05.19_multi_td01 | |
| tendacn | ac15 | 1.0 | |
| tendacn | ac18_firmware | v15.03.05.19\(6318\) | |
| tendacn | ac18 | - | |
| tendacn | ac9_firmware | v15.03.06.42_multi | |
| tendacn | ac9 | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac6_firmware:v15.03.05.19_multi_td01:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC0673D-8596-4496-A29B-7E7F38584B29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac6:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37AC63F5-DB8A-40B5-AA46-A2F9C9BCFB12",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac9_firmware:v15.03.05.19\\(6318\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FA1D8A5D-204B-4EB2-8889-E48396A33017",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac9:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3E3CCB3-34B7-4904-9C38-48CA34E44C84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac15_firmware:v15.03.05.19_multi_td01:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A8E101-F4DE-40EE-8412-86830A94E5D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac15:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0979C5E5-E098-4B24-86BC-02ED33FBFDA4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac18_firmware:v15.03.05.19\\(6318\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3188ED22-AA0D-440F-AD0E-9440F0B9526B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac18:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCF0F551-6E6C-48D6-9C2A-740B84AF0349",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac9_firmware:v15.03.06.42_multi:*:*:*:*:*:*:*",
"matchCriteriaId": "87C452F1-095D-4C6C-84D5-94593AEBDDC3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac9:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA49FEFD-41B5-4038-883D-989AB85D6CF5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the /goform/openSchedWifi schedStartTime and schedEndTime parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en dispositivos Tenda AC6 versiones V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, y AC18 V15.03.05.19 (6318_)_CN. Se presenta una vulnerabilidad de desbordamiento de b\u00fafer en el servidor web del enrutador: httpd. Mientras se procesan los par\u00e1metros schedStartTime y schedEndTime de /goform/openSchedWifi para una petici\u00f3n POST, un valor es usado directamente en una strcpy para una variable local colocada en la pila, que sobrescribe la direcci\u00f3n de retorno de una funci\u00f3n. Un atacante puede construir una carga \u00fatil para llevar a cabo ataques de ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"id": "CVE-2020-13389",
"lastModified": "2024-11-21T05:01:09.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-22T17:15:11.033",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://joel-malwarebenchmark.github.io"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13389-Tenda-vulnerability/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://joel-malwarebenchmark.github.io"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13389-Tenda-vulnerability/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-07-21 12:29
Modified
2024-11-21 03:49
Severity ?
Summary
Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/ZIllR0/Routers/blob/master/Tendaoob1.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/ZIllR0/Routers/blob/master/Tendaoob1.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | ac7_firmware | * | |
| tendacn | ac7 | - | |
| tendacn | ac9_firmware | * | |
| tendacn | ac9 | - | |
| tendacn | ac10_firmware | * | |
| tendacn | ac10 | - | |
| tendacn | ac15_firmware | * | |
| tendacn | ac15 | - | |
| tendacn | ac18_firmware | * | |
| tendacn | ac18 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac7_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FD0F68A-7B1F-47EA-87A4-534F3076EEB6",
"versionEndIncluding": "15.03.06.44_cn",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D8C8522-F517-4702-828F-D79C803574FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac9_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F518F97C-6E41-4488-BC74-A55D00342473",
"versionEndIncluding": "v15.03.05.19\\(6318\\)_cn",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7871810-DC61-4B96-8C3D-2DA1FE202C91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C539B44-DC11-406C-8AEB-30570A1263B1",
"versionEndIncluding": "15.03.06.23_cn",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FE0DA72-D225-4BAE-8813-816AB8F0B3FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac15_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85FC79AC-BE8A-481E-9782-C000CB45FAC0",
"versionEndIncluding": "15.03.05.19_cn",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EEDF33B-0D03-492A-BCD1-0E6B79F783EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:ac18_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B058E65F-5459-42B1-A5EC-A62635C3751A",
"versionEndIncluding": "15.03.05.19\\(6318\\)_cn",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:ac18:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCF0F551-6E6C-48D6-9C2A-740B84AF0349",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI."
},
{
"lang": "es",
"value": "Los dispositivos Tenda AC7 hasta la versi\u00f3n V15.03.06.44_CN, AC9 hasta la versi\u00f3n V15.03.05.19(6318)_CN y AC10 hasta la versi\u00f3n V15.03.06.23_CN tienen un desbordamiento de b\u00fafer basado en pila mediante unos par\u00e1metros limitSpeed o limitSpeedup largos en un URI /goform sin especificar."
}
],
"id": "CVE-2018-14492",
"lastModified": "2024-11-21T03:49:10.740",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-21T12:29:00.333",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ZIllR0/Routers/blob/master/Tendaoob1.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ZIllR0/Routers/blob/master/Tendaoob1.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-13390 (GCVE-0-2020-13390)
Vulnerability from cvelistv5
Published
2020-05-22 16:07
Modified
2024-08-04 12:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/addressNat entrys and mitInterface parameters for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:18:17.683Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://joel-malwarebenchmark.github.io"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13390-Tenda-vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the /goform/addressNat entrys and mitInterface parameters for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-26T20:36:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://joel-malwarebenchmark.github.io"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13390-Tenda-vulnerability/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13390",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the /goform/addressNat entrys and mitInterface parameters for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://joel-malwarebenchmark.github.io",
"refsource": "MISC",
"url": "https://joel-malwarebenchmark.github.io"
},
{
"name": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13390-Tenda-vulnerability/",
"refsource": "MISC",
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13390-Tenda-vulnerability/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13390",
"datePublished": "2020-05-22T16:07:03",
"dateReserved": "2020-05-22T00:00:00",
"dateUpdated": "2024-08-04T12:18:17.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-22079 (GCVE-0-2020-22079)
Vulnerability from cvelistv5
Published
2021-10-29 10:19
Modified
2024-08-04 14:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in Tenda AC-10U AC1200 Router US_AC10UV1.0RTL_V15.03.06.48_multi_TDE01 allows remote attackers to execute arbitrary code via the timeZone parameter to goform/SetSysTimeCfg.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:51:10.418Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cwe.mitre.org/data/definitions/121.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/1sd3d/Tendown/tree/master/PoCs/Auth/bof11"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Lyc-heng/routers/blob/main/routers/stack1.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Tenda AC-10U AC1200 Router US_AC10UV1.0RTL_V15.03.06.48_multi_TDE01 allows remote attackers to execute arbitrary code via the timeZone parameter to goform/SetSysTimeCfg."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-10T20:18:55",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cwe.mitre.org/data/definitions/121.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/1sd3d/Tendown/tree/master/PoCs/Auth/bof11"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Lyc-heng/routers/blob/main/routers/stack1.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-22079",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Tenda AC-10U AC1200 Router US_AC10UV1.0RTL_V15.03.06.48_multi_TDE01 allows remote attackers to execute arbitrary code via the timeZone parameter to goform/SetSysTimeCfg."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cwe.mitre.org/data/definitions/121.html",
"refsource": "MISC",
"url": "https://cwe.mitre.org/data/definitions/121.html"
},
{
"name": "https://github.com/1sd3d/Tendown/tree/master/PoCs/Auth/bof11",
"refsource": "MISC",
"url": "https://github.com/1sd3d/Tendown/tree/master/PoCs/Auth/bof11"
},
{
"name": "https://github.com/Lyc-heng/routers/blob/main/routers/stack1.md",
"refsource": "MISC",
"url": "https://github.com/Lyc-heng/routers/blob/main/routers/stack1.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-22079",
"datePublished": "2021-10-29T10:19:30",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:51:10.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-20746 (GCVE-0-2020-20746)
Vulnerability from cvelistv5
Published
2021-09-30 20:41
Modified
2024-08-04 14:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A stack-based buffer overflow in the httpd server on Tenda AC9 V15.03.06.60_EN allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via a crafted POST request to /goform/SetStaticRouteCfg.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:22:25.430Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cwe.mitre.org/data/definitions/121.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/grapefruitvul/vulinfo/blob/master/tenda/vul1.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow in the httpd server on Tenda AC9 V15.03.06.60_EN allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via a crafted POST request to /goform/SetStaticRouteCfg."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-10T20:17:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cwe.mitre.org/data/definitions/121.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/grapefruitvul/vulinfo/blob/master/tenda/vul1.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-20746",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack-based buffer overflow in the httpd server on Tenda AC9 V15.03.06.60_EN allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via a crafted POST request to /goform/SetStaticRouteCfg."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cwe.mitre.org/data/definitions/121.html",
"refsource": "MISC",
"url": "https://cwe.mitre.org/data/definitions/121.html"
},
{
"name": "https://github.com/grapefruitvul/vulinfo/blob/master/tenda/vul1.md",
"refsource": "MISC",
"url": "https://github.com/grapefruitvul/vulinfo/blob/master/tenda/vul1.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-20746",
"datePublished": "2021-09-30T20:41:27",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:22:25.430Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13393 (GCVE-0-2020-13393)
Vulnerability from cvelistv5
Published
2020-05-22 16:06
Modified
2024-08-04 12:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/saveParentControlInfo deviceId and time parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:18:17.648Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://joel-malwarebenchmark.github.io"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13393-Tenda-vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the /goform/saveParentControlInfo deviceId and time parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-26T20:41:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://joel-malwarebenchmark.github.io"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13393-Tenda-vulnerability/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the /goform/saveParentControlInfo deviceId and time parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://joel-malwarebenchmark.github.io",
"refsource": "MISC",
"url": "https://joel-malwarebenchmark.github.io"
},
{
"name": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13393-Tenda-vulnerability/",
"refsource": "MISC",
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13393-Tenda-vulnerability/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13393",
"datePublished": "2020-05-22T16:06:41",
"dateReserved": "2020-05-22T00:00:00",
"dateUpdated": "2024-08-04T12:18:17.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-29032 (GCVE-0-2025-29032)
Vulnerability from cvelistv5
Published
2025-03-14 00:00
Modified
2025-03-19 18:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Tenda AC9 v15.03.05.19(6318) was discovered to contain a buffer overflow via the formWifiWpsOOB function.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-29032",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-19T15:41:51.798619Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T18:39:43.112Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC9 v15.03.05.19(6318) was discovered to contain a buffer overflow via the formWifiWpsOOB function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T13:44:51.953Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/WhereisDoujo/CVE/issues/6"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-29032",
"datePublished": "2025-03-14T00:00:00.000Z",
"dateReserved": "2025-03-11T00:00:00.000Z",
"dateUpdated": "2025-03-19T18:39:43.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7561 (GCVE-0-2018-7561)
Vulnerability from cvelistv5
Published
2018-03-01 15:00
Modified
2024-08-05 06:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based Buffer Overflow in httpd on Tenda AC9 devices V15.03.05.14_EN allows remote attackers to cause a denial of service or possibly have unspecified other impact.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:04.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/VulDetailsPublication/Poc/tree/master/Tenda/AC9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based Buffer Overflow in httpd on Tenda AC9 devices V15.03.05.14_EN allows remote attackers to cause a denial of service or possibly have unspecified other impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-01T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/VulDetailsPublication/Poc/tree/master/Tenda/AC9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7561",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow in httpd on Tenda AC9 devices V15.03.05.14_EN allows remote attackers to cause a denial of service or possibly have unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/VulDetailsPublication/Poc/tree/master/Tenda/AC9",
"refsource": "MISC",
"url": "https://github.com/VulDetailsPublication/Poc/tree/master/Tenda/AC9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7561",
"datePublished": "2018-03-01T15:00:00",
"dateReserved": "2018-02-28T00:00:00",
"dateUpdated": "2024-08-05T06:31:04.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16333 (GCVE-0-2018-16333)
Vulnerability from cvelistv5
Published
2018-09-02 03:00
Modified
2024-08-05 10:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server. While processing the ssid parameter for a POST request, the value is directly used in a sprintf call to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:24:31.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ZIllR0/Routers/blob/master/Tenda/oob1.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server. While processing the ssid parameter for a POST request, the value is directly used in a sprintf call to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-02T02:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ZIllR0/Routers/blob/master/Tenda/oob1.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16333",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server. While processing the ssid parameter for a POST request, the value is directly used in a sprintf call to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ZIllR0/Routers/blob/master/Tenda/oob1.md",
"refsource": "MISC",
"url": "https://github.com/ZIllR0/Routers/blob/master/Tenda/oob1.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16333",
"datePublished": "2018-09-02T03:00:00",
"dateReserved": "2018-09-01T00:00:00",
"dateUpdated": "2024-08-05T10:24:31.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36233 (GCVE-0-2022-36233)
Vulnerability from cvelistv5
Published
2022-08-19 21:31
Modified
2024-08-03 10:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Tenda AC9 V15.03.2.13 is vulnerable to Buffer Overflow via httpd, form_fast_setting_wifi_set. httpd.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:00:04.233Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://tenda.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cnblogs.com/Amalll/p/16606980.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC9 V15.03.2.13 is vulnerable to Buffer Overflow via httpd, form_fast_setting_wifi_set. httpd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-19T21:31:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://tenda.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cnblogs.com/Amalll/p/16606980.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tenda AC9 V15.03.2.13 is vulnerable to Buffer Overflow via httpd, form_fast_setting_wifi_set. httpd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tenda.com",
"refsource": "MISC",
"url": "http://tenda.com"
},
{
"name": "https://www.cnblogs.com/Amalll/p/16606980.html",
"refsource": "MISC",
"url": "https://www.cnblogs.com/Amalll/p/16606980.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36233",
"datePublished": "2022-08-19T21:31:12",
"dateReserved": "2022-07-18T00:00:00",
"dateUpdated": "2024-08-03T10:00:04.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31627 (GCVE-0-2021-31627)
Vulnerability from cvelistv5
Published
2021-10-29 10:32
Modified
2024-08-03 23:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the index parameter.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:03:33.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://tenda.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Lyc-heng/routers/blob/main/routers/stack3.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the index parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-29T10:32:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://tenda.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Lyc-heng/routers/blob/main/routers/stack3.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31627",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the index parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tenda.com",
"refsource": "MISC",
"url": "http://tenda.com"
},
{
"name": "https://github.com/Lyc-heng/routers/blob/main/routers/stack3.md",
"refsource": "MISC",
"url": "https://github.com/Lyc-heng/routers/blob/main/routers/stack3.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31627",
"datePublished": "2021-10-29T10:32:17",
"dateReserved": "2021-04-23T00:00:00",
"dateUpdated": "2024-08-03T23:03:33.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13392 (GCVE-0-2020-13392)
Vulnerability from cvelistv5
Published
2020-05-22 16:06
Modified
2024-08-04 12:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/setcfm funcpara1 parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:18:17.686Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://joel-malwarebenchmark.github.io"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13392-Tenda-vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the /goform/setcfm funcpara1 parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-26T20:38:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://joel-malwarebenchmark.github.io"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13392-Tenda-vulnerability/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the /goform/setcfm funcpara1 parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://joel-malwarebenchmark.github.io",
"refsource": "MISC",
"url": "https://joel-malwarebenchmark.github.io"
},
{
"name": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13392-Tenda-vulnerability/",
"refsource": "MISC",
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13392-Tenda-vulnerability/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13392",
"datePublished": "2020-05-22T16:06:47",
"dateReserved": "2020-05-22T00:00:00",
"dateUpdated": "2024-08-04T12:18:17.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14492 (GCVE-0-2018-14492)
Vulnerability from cvelistv5
Published
2018-07-21 12:00
Modified
2024-09-16 18:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:29:51.711Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ZIllR0/Routers/blob/master/Tendaoob1.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-21T12:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ZIllR0/Routers/blob/master/Tendaoob1.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14492",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ZIllR0/Routers/blob/master/Tendaoob1.md",
"refsource": "MISC",
"url": "https://github.com/ZIllR0/Routers/blob/master/Tendaoob1.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14492",
"datePublished": "2018-07-21T12:00:00Z",
"dateReserved": "2018-07-21T00:00:00Z",
"dateUpdated": "2024-09-16T18:18:05.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13389 (GCVE-0-2020-13389)
Vulnerability from cvelistv5
Published
2020-05-22 16:07
Modified
2024-08-04 12:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/openSchedWifi schedStartTime and schedEndTime parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:18:17.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://joel-malwarebenchmark.github.io"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13389-Tenda-vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the /goform/openSchedWifi schedStartTime and schedEndTime parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-26T20:33:58",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://joel-malwarebenchmark.github.io"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13389-Tenda-vulnerability/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the /goform/openSchedWifi schedStartTime and schedEndTime parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://joel-malwarebenchmark.github.io",
"refsource": "MISC",
"url": "https://joel-malwarebenchmark.github.io"
},
{
"name": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13389-Tenda-vulnerability/",
"refsource": "MISC",
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13389-Tenda-vulnerability/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13389",
"datePublished": "2020-05-22T16:07:10",
"dateReserved": "2020-05-22T00:00:00",
"dateUpdated": "2024-08-04T12:18:17.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13391 (GCVE-0-2020-13391)
Vulnerability from cvelistv5
Published
2020-05-22 16:06
Modified
2024-08-04 12:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/SetSpeedWan speed_dir parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:18:17.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://joel-malwarebenchmark.github.io"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13391-Tenda-vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the /goform/SetSpeedWan speed_dir parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-26T20:37:29",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://joel-malwarebenchmark.github.io"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13391-Tenda-vulnerability/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13391",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the /goform/SetSpeedWan speed_dir parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://joel-malwarebenchmark.github.io",
"refsource": "MISC",
"url": "https://joel-malwarebenchmark.github.io"
},
{
"name": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13391-Tenda-vulnerability/",
"refsource": "MISC",
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13391-Tenda-vulnerability/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13391",
"datePublished": "2020-05-22T16:06:55",
"dateReserved": "2020-05-22T00:00:00",
"dateUpdated": "2024-08-04T12:18:17.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40942 (GCVE-0-2023-40942)
Vulnerability from cvelistv5
Published
2023-09-07 00:00
Modified
2024-09-26 17:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Tenda AC9 V3.0BR_V15.03.06.42_multi_TD01 was discovered stack overflow via parameter 'firewall_value' at url /goform/SetFirewallCfg.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:46:11.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/GleamingEyes/vul/blob/main/tenda_ac9/SetFirewallCfg.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:ac9v3.0br:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac9v3.0br",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V15.03.06.42_multi_TD01"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40942",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T17:34:57.218929Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T17:38:40.912Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC9 V3.0BR_V15.03.06.42_multi_TD01 was discovered stack overflow via parameter \u0027firewall_value\u0027 at url /goform/SetFirewallCfg."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-07T14:33:43.109474",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/GleamingEyes/vul/blob/main/tenda_ac9/SetFirewallCfg.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-40942",
"datePublished": "2023-09-07T00:00:00",
"dateReserved": "2023-08-22T00:00:00",
"dateUpdated": "2024-09-26T17:38:40.912Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16334 (GCVE-0-2018-16334)
Vulnerability from cvelistv5
Published
2018-09-02 03:00
Modified
2024-08-05 10:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:24:32.306Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-04/tenda.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-02T02:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-04/tenda.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-04/tenda.md",
"refsource": "MISC",
"url": "https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-04/tenda.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16334",
"datePublished": "2018-09-02T03:00:00",
"dateReserved": "2018-09-01T00:00:00",
"dateUpdated": "2024-08-05T10:24:32.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13394 (GCVE-0-2020-13394)
Vulnerability from cvelistv5
Published
2020-05-22 16:06
Modified
2024-08-04 12:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/SetNetControlList list parameter for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:18:17.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://joel-malwarebenchmark.github.io"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13394-Tenda-vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the /goform/SetNetControlList list parameter for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-26T20:43:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://joel-malwarebenchmark.github.io"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13394-Tenda-vulnerability/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router\u0027s web server -- httpd. While processing the /goform/SetNetControlList list parameter for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://joel-malwarebenchmark.github.io",
"refsource": "MISC",
"url": "https://joel-malwarebenchmark.github.io"
},
{
"name": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13394-Tenda-vulnerability/",
"refsource": "MISC",
"url": "https://joel-malwarebenchmark.github.io/blog/2020/04/28/cve-2020-13394-Tenda-vulnerability/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13394",
"datePublished": "2020-05-22T16:06:34",
"dateReserved": "2020-05-22T00:00:00",
"dateUpdated": "2024-08-04T12:18:17.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31624 (GCVE-0-2021-31624)
Vulnerability from cvelistv5
Published
2021-10-29 10:25
Modified
2024-08-03 23:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the urls parameter.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:03:33.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://tenda.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Lyc-heng/routers/blob/main/routers/stack2.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the urls parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-29T10:25:47",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://tenda.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Lyc-heng/routers/blob/main/routers/stack2.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31624",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the urls parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tenda.com",
"refsource": "MISC",
"url": "http://tenda.com"
},
{
"name": "https://github.com/Lyc-heng/routers/blob/main/routers/stack2.md",
"refsource": "MISC",
"url": "https://github.com/Lyc-heng/routers/blob/main/routers/stack2.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31624",
"datePublished": "2021-10-29T10:25:47",
"dateReserved": "2021-04-23T00:00:00",
"dateUpdated": "2024-08-03T23:03:33.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}