Tenda Ac10 Firmware vulnerabilities

88 known vulnerabilities affecting tenda/ac10_firmware.

Total CVEs

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL45HIGH28MEDIUM14LOW1

Vulnerabilities

Page 4 of 5

CVE-2023-27016CRITICALCVSS 9.8v16.03.10.13_cn2023-04-07

CVE-2023-27016 [CRITICAL] CWE-787 CVE-2023-27016: Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the R7WebsSe Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the R7WebsSecurityHandler function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

nvd

CVE-2023-27017CRITICALCVSS 9.8v16.03.10.13_cn2023-04-07

CVE-2023-27017 [CRITICAL] CWE-787 CVE-2023-27017: Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_45DC Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_45DC58 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

nvd

CVE-2023-27015CRITICALCVSS 9.8v16.03.10.13_cn2023-04-07

CVE-2023-27015 [CRITICAL] CWE-787 CVE-2023-27015: Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_4A75 Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_4A75C0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

nvd

CVE-2023-27018CRITICALCVSS 9.8v16.03.10.13_cn2023-04-07

CVE-2023-27018 [CRITICAL] CWE-787 CVE-2023-27018: Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_45EC Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_45EC1C function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

nvd

CVE-2023-27013CRITICALCVSS 9.8v16.03.10.13_cn2023-04-07

CVE-2023-27013 [CRITICAL] CWE-787 CVE-2023-27013: Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the get_pare Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

nvd

CVE-2022-46109HIGHCVSS 7.5v15.03.06.232022-12-16

CVE-2022-46109 [HIGH] CWE-787 CVE-2022-46109: Tenda AC15 V15.03.06.23 is vulnerable to Buffer Overflow via function formSetClientState. Tenda AC15 V15.03.06.23 is vulnerable to Buffer Overflow via function formSetClientState.

nvd

CVE-2022-42165CRITICALCVSS 9.8v15.03.06.232022-10-17

CVE-2022-42165 [CRITICAL] CWE-787 CVE-2022-42165: Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetDeviceName. Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetDeviceName.

nvd

CVE-2022-42168CRITICALCVSS 9.8v15.03.06.232022-10-17

CVE-2022-42168 [CRITICAL] CWE-787 CVE-2022-42168: Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromSetIpMacBind. Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromSetIpMacBind.

nvd

CVE-2022-42171CRITICALCVSS 9.8v15.03.06.232022-10-17

CVE-2022-42171 [CRITICAL] CWE-787 CVE-2022-42171: Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/saveParentControlInfo. Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/saveParentControlInfo.

nvd

CVE-2022-42167CRITICALCVSS 9.8v15.03.06.232022-10-17

CVE-2022-42167 [CRITICAL] CWE-787 CVE-2022-42167: Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetFirewallCfg. Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetFirewallCfg.

nvd

CVE-2022-42169CRITICALCVSS 9.8v15.03.06.232022-10-17

CVE-2022-42169 [CRITICAL] CWE-787 CVE-2022-42169: Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/addWifiMacFilter. Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/addWifiMacFilter.

nvd

CVE-2022-42170CRITICALCVSS 9.8v15.03.06.232022-10-17

CVE-2022-42170 [CRITICAL] CWE-787 CVE-2022-42170: Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formWifiWpsStart. Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formWifiWpsStart.

nvd

CVE-2022-42164CRITICALCVSS 9.8v15.03.06.232022-10-17

CVE-2022-42164 [CRITICAL] CWE-787 CVE-2022-42164: Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetClientState. Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetClientState.

nvd

CVE-2022-42166CRITICALCVSS 9.8v15.03.06.232022-10-17

CVE-2022-42166 [CRITICAL] CWE-787 CVE-2022-42166: Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetSpeedWan. Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetSpeedWan.

nvd

CVE-2022-42163CRITICALCVSS 9.8v15.03.06.232022-10-17

CVE-2022-42163 [CRITICAL] CWE-787 CVE-2022-42163: Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromNatStaticSetting. Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromNatStaticSetting.

nvd

CVE-2022-32054CRITICALCVSS 9.8v15.03.06.262022-07-07

CVE-2022-32054 [CRITICAL] CWE-78 CVE-2022-32054: Tenda AC10 US_AC10V1.0RTL_V15.03.06.26_multi_TD01 was discovered to contain a remote code execution Tenda AC10 US_AC10V1.0RTL_V15.03.06.26_multi_TD01 was discovered to contain a remote code execution (RCE) vulnerability via the lanIp parameter.

nvd

CVE-2018-14559HIGHCVSS 7.5≤ 15.03.06.23_cn2019-04-25

CVE-2018-14559 [HIGH] CWE-119 CVE-2018-14559: An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A buffer overflow vulnerability exists in the router's web server (httpd). When processing the list parameters for a post request, the value

nvd

CVE-2018-14557HIGHCVSS 7.5≤ 15.03.06.23_cn2019-04-25

CVE-2018-14557 [HIGH] CWE-119 CVE-2018-14557: An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A buffer overflow vulnerability exists in the router's web server (httpd). When processing the page parameters for a post request, the value

nvd

CVE-2018-14558CRITICALCVSS 9.8KEV≤ 15.03.06.23_cn2018-10-30

CVE-2018-14558 [CRITICAL] CWE-78 CVE-2018-14558: An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted goform/setUsbUnload request. This occur

nvd

CVE-2018-18729CRITICALCVSS 9.8v15.03.06.23_cn2018-10-29

CVE-2018-18729 [CRITICAL] CWE-787 CVE-2018-18729: An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_C An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a heap-based buffer overflow vulnerability in the router's web server -- httpd. While processing the 'mac' parameter for a post request, the value is directly used in a strcpy

nvd

← Previous4 / 5Next →