Tenda Ac1206 Firmware vulnerabilities

CVE-2022-42080 [HIGH] CWE-787 CVE-2022-42080: Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a heap overflow via Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a heap overflow via sched_start_time parameter.

CVE-2022-42079 [HIGH] CWE-787 CVE-2022-42079: Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a stack overflow via Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a stack overflow via the function formWifiBasicSet.

CVE-2022-42081 [HIGH] CWE-787 CVE-2022-42081: Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a stack overflow via Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a stack overflow via sched_end_time parameter.

CVE-2022-42078 [MEDIUM] CWE-352 CVE-2022-42078: Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (C Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet.

CVE-2022-42077 [MEDIUM] CWE-352 CVE-2022-42077: Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (C Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.

CVE-2022-37808 [CRITICAL] CWE-787 CVE-2022-37808: Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the index parameter in the Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the index parameter in the function formWifiWpsOOB.

CVE-2022-37811 [CRITICAL] CWE-787 CVE-2022-37811: Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the startIp parameter in th Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the startIp parameter in the function formSetPPTPServer.

CVE-2022-37815 [CRITICAL] CWE-787 CVE-2022-37815: Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the PPPOEPassword parameter Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the PPPOEPassword parameter in the function formQuickIndex.

CVE-2022-37803 [CRITICAL] CWE-787 CVE-2022-37803: Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the page parameter in the f Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the page parameter in the function fromAddressNat.

CVE-2022-37806 [CRITICAL] CWE-787 CVE-2022-37806: Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the page parameter in the f Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the page parameter in the function fromDhcpListClient.

CVE-2022-37805 [CRITICAL] CWE-787 CVE-2022-37805: Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function fromWizardHand Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function fromWizardHandle.

CVE-2022-37804 [CRITICAL] CWE-787 CVE-2022-37804: Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the time parameter in the f Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the time parameter in the function saveParentControlInfo.

CVE-2022-37816 [CRITICAL] CWE-787 CVE-2022-37816: Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function fromSetIpMacBi Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function fromSetIpMacBind.

CVE-2022-37801 [CRITICAL] CWE-787 CVE-2022-37801: Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the list parameter at the f Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the list parameter at the function formSetQosBand.

CVE-2022-37814 [CRITICAL] CWE-787 CVE-2022-37814: Tenda AC1206 V15.03.06.23 was discovered to contain multiple stack overflows via the deviceMac and t Tenda AC1206 V15.03.06.23 was discovered to contain multiple stack overflows via the deviceMac and the device_id parameters in the function addWifiMacFilter.

CVE-2022-37802 [CRITICAL] CWE-787 CVE-2022-37802: Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the page parameter in the f Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the page parameter in the function fromNatStaticSetting.

CVE-2022-37800 [CRITICAL] CWE-787 CVE-2022-37800: Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the list parameter at the f Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the list parameter at the function fromSetRouteStatic.

CVE-2022-37809 [CRITICAL] CWE-787 CVE-2022-37809: Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the speed_dir parameter in Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the speed_dir parameter in the function formSetSpeedWan.

CVE-2022-37810 [CRITICAL] CWE-78 CVE-2022-37810: Tenda AC1206 V15.03.06.23 was discovered to contain a command injection vulnerability via the mac pa Tenda AC1206 V15.03.06.23 was discovered to contain a command injection vulnerability via the mac parameter in the function formWriteFacMac.

CVE-2022-37813 [CRITICAL] CWE-787 CVE-2022-37813: Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function fromSetSysTime Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function fromSetSysTime.