Tenda Ax1806 Firmware vulnerabilities

61 known vulnerabilities affecting tenda/ax1806_firmware.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL20HIGH39MEDIUM2

Vulnerabilities

Page 2 of 4

CVE-2024-44552CRITICALCVSS 9.8v1.0.0.12024-08-26

CVE-2024-44552 [CRITICAL] CWE-787 CVE-2024-44552: Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the functi Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formGetIptv.

nvd

CVE-2024-44553CRITICALCVSS 9.8v1.0.0.12024-08-26

CVE-2024-44553 [CRITICAL] CWE-787 CVE-2024-44553: Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function form Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formGetIptv.

nvd

CVE-2024-41492HIGHCVSS 7.5v1.0.0.12024-07-19

CVE-2024-41492 [HIGH] CWE-121 CVE-2024-41492: A stack overflow in Tenda AX1806 v1.0.0.1 allows attackers to cause a Denial of Service (DoS) via a A stack overflow in Tenda AX1806 v1.0.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.

nvd

CVE-2024-40414CRITICALCVSS 9.8v1.0.0.12024-07-15

CVE-2024-40414 [CRITICAL] CWE-787 CVE-2024-40414: A vulnerability in /goform/SetNetControlList in the sub_656BC function in Tenda AX1806 1.0.0.1 firmw A vulnerability in /goform/SetNetControlList in the sub_656BC function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow.

nvd

CVE-2024-40415CRITICALCVSS 9.8v1.0.0.12024-07-15

CVE-2024-40415 [CRITICAL] CWE-787 CVE-2024-40415: A vulnerability in /goform/SetStaticRouteCfg in the sub_519F4 function in Tenda AX1806 1.0.0.1 firmw A vulnerability in /goform/SetStaticRouteCfg in the sub_519F4 function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow.

nvd

CVE-2024-40416CRITICALCVSS 9.8v1.0.0.12024-07-15

CVE-2024-40416 [CRITICAL] CWE-787 CVE-2024-40416: A vulnerability in /goform/SetVirtualServerCfg in the sub_6320C function in Tenda AX1806 1.0.0.1 fir A vulnerability in /goform/SetVirtualServerCfg in the sub_6320C function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow.

nvd

CVE-2024-40417MEDIUMCVSS 6.5v1.0.0.12024-07-10

CVE-2024-40417 [MEDIUM] CWE-121 CVE-2024-40417: A vulnerability was found in Tenda AX1806 1.0.0.1. Affected by this issue is the function formSetReb A vulnerability was found in Tenda AX1806 1.0.0.1. Affected by this issue is the function formSetRebootTimer of the file /goform/SetIpMacBind. The manipulation of the argument list leads to stack-based buffer overflow.

nvd

CVE-2024-35571CRITICALCVSS 9.8v1.0.0.12024-05-20

CVE-2024-35571 [CRITICAL] CWE-120 CVE-2024-35571: Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function form Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv.

nvd

CVE-2024-35580CRITICALCVSS 9.8v1.0.0.12024-05-20

CVE-2024-35580 [CRITICAL] CWE-121 CVE-2024-35580: Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function f Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formSetIptv.

nvd

CVE-2024-35578HIGHCVSS 8.0v1.0.0.12024-05-20

CVE-2024-35578 [HIGH] CWE-121 CVE-2024-35578: Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the functi Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formSetIptv.

nvd

CVE-2024-35579HIGHCVSS 7.7v1.0.0.12024-05-20

CVE-2024-35579 [HIGH] CWE-121 CVE-2024-35579: Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function for Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formSetIptv.

nvd

CVE-2024-35576MEDIUMCVSS 5.2v1.0.0.12024-05-20

CVE-2024-35576 [MEDIUM] CWE-121 CVE-2024-35576: Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function form Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formSetIptv.

nvd

CVE-2024-4238HIGHCVSS 8.8v1.0.0.12024-04-26

CVE-2024-4238 [HIGH] CWE-121 CVE-2024-4238: A vulnerability has been found in Tenda AX1806 1.0.0.1 and classified as critical. Affected by this A vulnerability has been found in Tenda AX1806 1.0.0.1 and classified as critical. Affected by this vulnerability is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may b

nvd

CVE-2024-4237HIGHCVSS 8.8v1.0.0.12024-04-26

CVE-2024-4237 [HIGH] CWE-121 CVE-2024-4237: A vulnerability, which was classified as critical, was found in Tenda AX1806 1.0.0.1. Affected is th A vulnerability, which was classified as critical, was found in Tenda AX1806 1.0.0.1. Affected is the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. T

nvd

CVE-2024-4239HIGHCVSS 8.8v1.0.0.12024-04-26

CVE-2024-4239 [HIGH] CWE-121 CVE-2024-4239: A vulnerability was found in Tenda AX1806 1.0.0.1 and classified as critical. Affected by this issue A vulnerability was found in Tenda AX1806 1.0.0.1 and classified as critical. Affected by this issue is the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VD

nvd

CVE-2023-47455CRITICALCVSS 9.1v1.0.0.12023-11-07

CVE-2023-47455 [CRITICAL] CWE-787 CVE-2023-47455: Tenda AX1806 V1.0.0.1 contains a heap overflow vulnerability in setSchedWifi function, in which the Tenda AX1806 V1.0.0.1 contains a heap overflow vulnerability in setSchedWifi function, in which the src and v12 are directly obtained from http request parameter schedStartTime and schedEndTime without checking their size.

nvd

CVE-2023-47456CRITICALCVSS 9.1v1.0.0.12023-11-07

CVE-2023-47456 [CRITICAL] CWE-787 CVE-2023-47456: Tenda AX1806 V1.0.0.1 contains a stack overflow vulnerability in function sub_455D4, called by funct Tenda AX1806 V1.0.0.1 contains a stack overflow vulnerability in function sub_455D4, called by function fromSetWirelessRepeat.

nvd

CVE-2022-34597CRITICALCVSS 9.8v1.0.0.12022-07-06

CVE-2022-34597 [CRITICAL] CWE-78 CVE-2022-34597: Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability via the function W Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability via the function WanParameterSetting.

nvd

CVE-2022-32032CRITICALCVSS 9.8v1.0.0.12022-07-01

CVE-2022-32032 [CRITICAL] CWE-787 CVE-2022-32032: Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the deviceList parameter in the Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the deviceList parameter in the function formAddMacfilterRule.

nvd

CVE-2022-32030HIGHCVSS 7.5v1.0.0.12022-07-01

CVE-2022-32030 [HIGH] CWE-787 CVE-2022-32030: Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the funct Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function formSetQosBand.

nvd

← Previous2 / 4Next →