VARIoT IoT vulnerabilities database

Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formAdvancedSetListSet. Shenzhen Tenda Technology Co.,Ltd. of w30e An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability is caused by the function formAdvancedSetListSet failing to correctly verify the length of the input data. A remote attacker can use this vulnerability to execute arbitrary code on the system or cause a denial of service. attack

Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formRebootMeshNode. Shenzhen Tenda Technology Co.,Ltd. of w30e An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the function formRebootMeshNode failing to correctly verify the length of the input data. A remote attacker can use this vulnerability to execute arbitrary code on the system or cause a denial of service. attack

Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formUpgradeMeshOnline. Shenzhen Tenda Technology Co.,Ltd. of w30e An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the function formUpgradeMeshOnline failing to correctly verify the length of the input data. A remote attacker can use this vulnerability to execute arbitrary code on the system or cause a denial of service. attack

Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formResetMeshNode. Shenzhen Tenda Technology Co.,Ltd. of w30e An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the function formResetMeshNode failing to correctly verify the length of the input data. A remote attacker can use this vulnerability to execute arbitrary code on the system or cause a denial of service. attack

Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setUmountUSBPartition. Shenzhen Tenda Technology Co.,Ltd. of w30e An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. An attacker could exploit this vulnerability to cause arbitrary command execution

Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function via the function set_wan_status. Shenzhen Tenda Technology Co.,Ltd. of w30e An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. There is a buffer overflow vulnerability in Tenda W30E V16.01.0.12 (4843). This vulnerability is caused by the function set_wan_status failing to correctly verify the length of the input data. A remote attacker can use this vulnerability to execute arbitrary code on the system or cause a denial of service. attack

Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setFixTools. Shenzhen Tenda Technology Co.,Ltd. of w30e An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the failure of the setFixTools function to correctly filter special characters, commands, etc. in the constructed command. An attacker could exploit this vulnerability to cause arbitrary command execution

Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function localMsg. Shenzhen Tenda Technology Co.,Ltd. of w30e An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability is caused by the failure of the function localMsg to correctly verify the length of the input data. A remote attacker can use this vulnerability to execute arbitrary code on the system or cause a denial of service. attack

Tenda AX9 V22.03.01.46 is vulnerable to command injection. Shenzhen Tenda Technology Co.,Ltd. of ax9 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the failure of the list parameter of /goform/SetNetControlList to correctly filter special characters, commands, etc. in the constructed command. An attacker could exploit this vulnerability to cause arbitrary command execution

Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetNetControlList. Shenzhen Tenda Technology Co.,Ltd. of ax9 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability is caused by the "list" parameter of /goform/SetNetControlList failing to correctly verify the length of the input data. A remote attacker can use this vulnerability to execute arbitrary code on the system. or result in a denial of service attack

Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetVirtualServerCfg. Shenzhen Tenda Technology Co.,Ltd. of ax9 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the "list" parameter of /goform/SetVirtualServerCfg failing to correctly verify the length of the input data. A remote attacker can use this vulnerability to execute arbitrary code on the system. or result in a denial of service attack

Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'deviceList' parameter at /goform/setMacFilterCfg. Shenzhen Tenda Technology Co.,Ltd. of ax9 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability is caused by the "deviceList" parameter of /goform/setMacFilterCfg failing to correctly verify the length of the input data. A remote attacker can use this vulnerability to execute arbitrary code on the system. or result in a denial of service attack

Tenda AX9 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac' parameter at /goform/SetOnlineDevName. Shenzhen Tenda Technology Co.,Ltd. of ax9 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. in the constructed command. An attacker could exploit this vulnerability to cause arbitrary command execution

Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetStaticRouteCfg. Shenzhen Tenda Technology Co.,Ltd. of ax9 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the "list" parameter of /goform/SetStaticRouteCfg failing to correctly verify the length of the input data. A remote attacker can use this vulnerability to execute arbitrary code on the system. or result in a denial of service attack

Tenda AX9 V22.03.01.46 was discovered to contain a SQL command injection vulnerability in the 'setDeviceInfo' feature through the 'mac' parameter at /goform/setModules. Shenzhen Tenda Technology Co.,Ltd. of ax9 The firmware has SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. There is a command execution vulnerability in Tenda AX9 V22.03.01.46. in the constructed command. An attacker could exploit this vulnerability to cause arbitrary command execution

Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList. Shenzhen Tenda Technology Co.,Ltd. of AX12 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AX12 is a dual-band Gigabit Wifi 6 wireless router from China's Tenda Company. in the constructed command. An attacker could exploit this vulnerability to cause arbitrary command execution

Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac' parameter at /goform/SetOnlineDevName. Shenzhen Tenda Technology Co.,Ltd. of AX12 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AX12 is a dual-band Gigabit Wifi 6 wireless router from China's Tenda Company. in the constructed command. An attacker could exploit this vulnerability to cause arbitrary command execution

Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetStaticRouteCfg. Shenzhen Tenda Technology Co.,Ltd. of AX12 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg . Shenzhen Tenda Technology Co.,Ltd. of AX12 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg. Shenzhen Tenda Technology Co.,Ltd. of AX12 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state