Tenda Ax3 Firmware vulnerabilities

53 known vulnerabilities affecting tenda/ax3_firmware.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL16HIGH36MEDIUM1

Vulnerabilities

Page 2 of 3

CVE-2023-51812CRITICALCVSS 9.8v16.03.12.112024-01-04

CVE-2023-51812 [CRITICAL] CWE-77 CVE-2023-51812: Tenda AX3 v16.03.12.11 was discovered to contain a remote code execution (RCE) vulnerability via the Tenda AX3 v16.03.12.11 was discovered to contain a remote code execution (RCE) vulnerability via the list parameter at /goform/SetNetControlList.

nvd

CVE-2023-49409CRITICALCVSS 9.8v16.03.12.112023-12-07

CVE-2023-49409 [CRITICAL] CVE-2023-49409: Tenda AX3 V16.03.12.11 was discovered to contain a Command Execution vulnerability via the function Tenda AX3 V16.03.12.11 was discovered to contain a Command Execution vulnerability via the function /goform/telnet.

nvd

CVE-2023-49408CRITICALCVSS 9.8v16.03.12.112023-12-07

CVE-2023-49408 [CRITICAL] CWE-787 CVE-2023-49408: Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the function set_device_name. Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the function set_device_name.

nvd

CVE-2023-40915HIGHCVSS 7.5v16.03.12.112023-08-25

CVE-2023-40915 [HIGH] CWE-787 CVE-2023-40915: Tenda AX3 v16.03.12.11 has a stack buffer overflow vulnerability detected at function form_fast_sett Tenda AX3 v16.03.12.11 has a stack buffer overflow vulnerability detected at function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ssid parameter.

nvd

CVE-2023-27042HIGHCVSS 8.8v16.03.12.112023-03-24

CVE-2023-27042 [HIGH] CWE-787 CVE-2023-27042: Tenda AX3 V16.03.12.11 is vulnerable to Buffer Overflow via /goform/SetFirewallCfg. Tenda AX3 V16.03.12.11 is vulnerable to Buffer Overflow via /goform/SetFirewallCfg.

nvd

CVE-2023-27239CRITICALCVSS 9.8v16.03.12.112023-03-15

CVE-2023-27239 [CRITICAL] CWE-787 CVE-2023-27239: Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the shareSpeed parameter at /g Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the shareSpeed parameter at /goform/WifiGuestSet.

nvd

CVE-2023-27240CRITICALCVSS 9.8Exploitedv16.03.12.112023-03-15

CVE-2023-27240 [CRITICAL] CWE-77 CVE-2023-27240: Tenda AX3 V16.03.12.11 was discovered to contain a command injection vulnerability via the lanip par Tenda AX3 V16.03.12.11 was discovered to contain a command injection vulnerability via the lanip parameter at /goform/AdvSetLanip.

nvd

CVE-2023-24212CRITICALCVSS 9.8v16.03.12.112023-02-23

CVE-2023-24212 [CRITICAL] CWE-787 CVE-2023-24212: Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the timeType function at /gofo Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the timeType function at /goform/SetSysTimeCfg.

nvd

CVE-2022-24995CRITICALCVSS 9.8v16.03.12.10_cn2022-03-10

CVE-2022-24995 [CRITICAL] CWE-787 CVE-2022-24995: Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter.

nvd

CVE-2021-46393CRITICALCVSS 9.8v16.03.12.102022-03-04

CVE-2021-46393 [CRITICAL] CWE-787 CVE-2021-46393: There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v10 variable is directly retrieved from the http request parameter startIp. Then v10 will be splice to stack by function sscanf without any security check,which causes stack overflow. By POSTing the page /goform/SetPptpServerCf

nvd

CVE-2021-46394CRITICALCVSS 9.8v16.03.12.102022-03-04

CVE-2021-46394 [CRITICAL] CWE-787 CVE-2021-46394: There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v13 variable is directly retrieved from the http request parameter startIp. Then v13 will be splice to stack by function sscanf without any security check, which causes stack overflow. By POSTing the page /goform/SetPptpServerC

nvd

CVE-2022-24150CRITICALCVSS 9.8v16.03.12.10_cn2022-02-04

CVE-2022-24150 [CRITICAL] CWE-77 CVE-2022-24150: Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the functio Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function formSetSafeWanWebMan. This vulnerability allows attackers to execute arbitrary commands via the remoteIp parameter.

nvd

CVE-2022-24144CRITICALCVSS 9.8v16.03.12.10_cn2022-02-04

CVE-2022-24144 [CRITICAL] CWE-77 CVE-2022-24144: Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the functio Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function WanParameterSetting. This vulnerability allows attackers to execute arbitrary commands via the gateway, dns1, and dns2 parameters.

nvd

CVE-2022-24148CRITICALCVSS 9.8v16.03.12.10_cn2022-02-04

CVE-2022-24148 [CRITICAL] CWE-77 CVE-2022-24148: Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the functio Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function mDMZSetCfg. This vulnerability allows attackers to execute arbitrary commands via the dmzIp parameter.

nvd

CVE-2022-24156HIGHCVSS 7.5v16.03.12.10_cn2022-02-04

CVE-2022-24156 [HIGH] CWE-787 CVE-2022-24156: Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetVirtualS Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetVirtualSer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.

nvd

CVE-2022-24160HIGHCVSS 7.5v16.03.12.10_cn2022-02-04

CVE-2022-24160 [HIGH] CWE-787 CVE-2022-24160: Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetDeviceNa Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetDeviceName. This vulnerability allows attackers to cause a Denial of Service (DoS) via the devName parameter.

nvd

CVE-2022-24152HIGHCVSS 7.5v16.03.12.10_cn2022-02-04

CVE-2022-24152 [HIGH] CWE-787 CVE-2022-24152: Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetRouteSta Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetRouteStatic. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.

nvd

CVE-2022-24163HIGHCVSS 7.5v16.03.12.10_cn2022-02-04

CVE-2022-24163 [HIGH] CWE-787 CVE-2022-24163: Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the timeZone parameter.

nvd

CVE-2022-24146HIGHCVSS 7.5v16.03.12.10_cn2022-02-04

CVE-2022-24146 [HIGH] CWE-787 CVE-2022-24146: Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetQosBand. Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetQosBand. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.

nvd

CVE-2022-24161HIGHCVSS 7.5v16.03.12.10_cn2022-02-04

CVE-2022-24161 [HIGH] CWE-787 CVE-2022-24161: Tenda AX3 v16.03.12.10_CN was discovered to contain a heap overflow in the function GetParentControl Tenda AX3 v16.03.12.10_CN was discovered to contain a heap overflow in the function GetParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the mac parameter.

nvd

← Previous2 / 3Next →