Tenda Ac15 Firmware vulnerabilities

CVE-2024-2815 [CRITICAL] CWE-121 CVE-2024-2815: A vulnerability classified as critical has been found in Tenda AC15 15.03.20_multi. Affected is the A vulnerability classified as critical has been found in Tenda AC15 15.03.20_multi. Affected is the function R7WebsSecurityHandler of the file /goform/execCommand of the component Cookie Handler. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed

CVE-2024-2813 [CRITICAL] CWE-121 CVE-2024-2813: A vulnerability was found in Tenda AC15 15.03.20_multi. It has been declared as critical. This vulne A vulnerability was found in Tenda AC15 15.03.20_multi. It has been declared as critical. This vulnerability affects the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the

CVE-2024-2807 [CRITICAL] CWE-121 CVE-2024-2807: A vulnerability classified as critical was found in Tenda AC15 15.03.05.18/15.03.20_multi. This vuln A vulnerability classified as critical was found in Tenda AC15 15.03.05.18/15.03.20_multi. This vulnerability affects the function formExpandDlnaFile of the file /goform/expandDlnaFile. The manipulation of the argument filePath leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public an

CVE-2024-2808 [CRITICAL] CWE-121 CVE-2024-2808: A vulnerability, which was classified as critical, has been found in Tenda AC15 15.03.05.18/15.03.20 A vulnerability, which was classified as critical, has been found in Tenda AC15 15.03.05.18/15.03.20_multi. This issue affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the pub

CVE-2024-2805 [HIGH] CWE-121 CVE-2024-2805: A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been rated as critical. A A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been rated as critical. Affected by this issue is the function formSetSpeedWan of the file /goform/SetSpeedWan. The manipulation of the argument speed_dir leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and m

CVE-2024-2812 [HIGH] CWE-78 CVE-2024-2812: A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been classified as critic A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been classified as critical. This affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2024-2817 [MEDIUM] CWE-352 CVE-2024-2817: A vulnerability, which was classified as problematic, has been found in Tenda AC15 15.03.05.18. Affe A vulnerability, which was classified as problematic, has been found in Tenda AC15 15.03.05.18. Affected by this issue is the function fromSysToolRestoreSet of the file /goform/SysToolRestoreSet. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The

CVE-2024-2816 [MEDIUM] CWE-352 CVE-2024-2816: A vulnerability classified as problematic was found in Tenda AC15 15.03.05.18. Affected by this vuln A vulnerability classified as problematic was found in Tenda AC15 15.03.05.18. Affected by this vulnerability is the function fromSysToolReboot of the file /goform/SysToolReboot. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identi

CVE-2023-39673 [CRITICAL] CWE-120 CVE-2023-39673: Tenda AC15 V1.0BR_V15.03.05.18_multi_TD01 was discovered to contain a buffer overflow via the functi Tenda AC15 V1.0BR_V15.03.05.18_multi_TD01 was discovered to contain a buffer overflow via the function FUN_00010e34().

CVE-2023-30371 [CRITICAL] CWE-787 CVE-2023-30371: In Tenda AC15 V15.03.05.19, the function "sub_ED14" contains a stack-based buffer overflow vulnerabi In Tenda AC15 V15.03.05.19, the function "sub_ED14" contains a stack-based buffer overflow vulnerability.

CVE-2023-30376 [CRITICAL] CWE-787 CVE-2023-30376: In Tenda AC15 V15.03.05.19, the function "henan_pppoe_user" contains a stack-based buffer overflow v In Tenda AC15 V15.03.05.19, the function "henan_pppoe_user" contains a stack-based buffer overflow vulnerability.

CVE-2023-30378 [CRITICAL] CWE-787 CVE-2023-30378: In Tenda AC15 V15.03.05.19, the function "sub_8EE8" contains a stack-based buffer overflow vulnerabi In Tenda AC15 V15.03.05.19, the function "sub_8EE8" contains a stack-based buffer overflow vulnerability.

CVE-2023-30375 [CRITICAL] CWE-787 CVE-2023-30375: In Tenda AC15 V15.03.05.19, the function "getIfIp" contains a stack-based buffer overflow vulnerabil In Tenda AC15 V15.03.05.19, the function "getIfIp" contains a stack-based buffer overflow vulnerability.

CVE-2023-30373 [CRITICAL] CWE-787 CVE-2023-30373: In Tenda AC15 V15.03.05.19, the function "xian_pppoe_user" contains a stack-based buffer overflow vu In Tenda AC15 V15.03.05.19, the function "xian_pppoe_user" contains a stack-based buffer overflow vulnerability.

CVE-2023-30369 [CRITICAL] CWE-787 CVE-2023-30369: Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow. Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow.

CVE-2023-30372 [CRITICAL] CWE-787 CVE-2023-30372: In Tenda AC15 V15.03.05.19, The function "xkjs_ver32" contains a stack-based buffer overflow vulnera In Tenda AC15 V15.03.05.19, The function "xkjs_ver32" contains a stack-based buffer overflow vulnerability.

CVE-2023-30370 [CRITICAL] CWE-787 CVE-2023-30370: In Tenda AC15 V15.03.05.19, the function GetValue contains a stack-based buffer overflow vulnerabili In Tenda AC15 V15.03.05.19, the function GetValue contains a stack-based buffer overflow vulnerability.

CVE-2022-44156 [HIGH] CWE-787 CVE-2022-44156: Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetIpMacBind. Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetIpMacBind.

CVE-2022-44168 [HIGH] CWE-787 CVE-2022-44168: Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function fromSetRouteStatic.. Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function fromSetRouteStatic..

CVE-2022-44167 [HIGH] CWE-787 CVE-2022-44167: Tenda AC15 V15.03.05.18 is avulnerable to Buffer Overflow via function formSetPPTPServer. Tenda AC15 V15.03.05.18 is avulnerable to Buffer Overflow via function formSetPPTPServer.