Tenda Ax3 Firmware vulnerabilities

53 known vulnerabilities affecting tenda/ax3_firmware.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL16HIGH36MEDIUM1

Vulnerabilities

Page 3 of 3

CVE-2022-24155HIGHCVSS 7.5v16.03.12.10_cn2022-02-04

CVE-2022-24155 [HIGH] CWE-787 CVE-2022-24155: Tenda AX3 v16.03.12.10_CN was discovered to contain a heap overflow in the function setSchedWifi. Th Tenda AX3 v16.03.12.10_CN was discovered to contain a heap overflow in the function setSchedWifi. This vulnerability allows attackers to cause a Denial of Service (DoS) via the schedStartTime and schedEndTime parameters.

nvd

CVE-2022-24153HIGHCVSS 7.5v16.03.12.10_cn2022-02-04

CVE-2022-24153 [HIGH] CWE-787 CVE-2022-24153: Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formAddMacfilte Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formAddMacfilterRule. This vulnerability allows attackers to cause a Denial of Service (DoS) via the devName parameter.

nvd

CVE-2022-24151HIGHCVSS 7.5v16.03.12.10_cn2022-02-04

CVE-2022-24151 [HIGH] CWE-787 CVE-2022-24151: Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetWifiGuse Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetWifiGusetBasic. This vulnerability allows attackers to cause a Denial of Service (DoS) via the shareSpeed parameter.

nvd

CVE-2022-24145HIGHCVSS 7.5v16.03.12.10_cn2022-02-04

CVE-2022-24145 [HIGH] CWE-787 CVE-2022-24145: Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formWifiBasicSe Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formWifiBasicSet. This vulnerability allows attackers to cause a Denial of Service (DoS) via the security and security_5g parameters.

nvd

CVE-2022-24143HIGHCVSS 7.5v16.03.12.10_cn2022-02-04

CVE-2022-24143 [HIGH] CWE-787 CVE-2022-24143: Tenda AX3 v16.03.12.10_CN and AX12 22.03.01.2_CN was discovered to contain a stack overflow in the f Tenda AX3 v16.03.12.10_CN and AX12 22.03.01.2_CN was discovered to contain a stack overflow in the function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS) via the timeZone parameter.

nvd

CVE-2022-24154HIGHCVSS 7.5v16.03.12.10_cn2022-02-04

CVE-2022-24154 [HIGH] CWE-787 CVE-2022-24154: Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetRebootTi Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetRebootTimer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the rebootTime parameter.

nvd

CVE-2022-24157HIGHCVSS 7.5v16.03.12.10_cn2022-02-04

CVE-2022-24157 [HIGH] CWE-787 CVE-2022-24157: Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetMacFilte Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetMacFilterCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the deviceList parameter.

nvd

CVE-2022-24149HIGHCVSS 7.5v16.03.12.10_cn2022-02-04

CVE-2022-24149 [HIGH] CWE-787 CVE-2022-24149: Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetWireless Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetWirelessRepeat. This vulnerability allows attackers to cause a Denial of Service (DoS) via the wpapsk_crypto parameter.

nvd

CVE-2022-24158HIGHCVSS 7.5v16.03.12.10_cn2022-02-04

CVE-2022-24158 [HIGH] CWE-787 CVE-2022-24158: Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetIpMacBin Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetIpMacBind. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.

nvd

CVE-2022-24147HIGHCVSS 7.5v16.03.12.10_cn2022-02-04

CVE-2022-24147 [HIGH] CWE-787 CVE-2022-24147: Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromAdvSetMacMt Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromAdvSetMacMtuWan. This vulnerability allows attackers to cause a Denial of Service (DoS) via the wanMTU, wanSpeed, cloneType, mac, and serviceName parameters.

nvd

CVE-2022-24159HIGHCVSS 7.5v16.03.12.10_cn2022-02-04

CVE-2022-24159 [HIGH] CWE-787 CVE-2022-24159: Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetPPTPServ Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetPPTPServer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the startIp and endIp parameters.

nvd

CVE-2022-24142HIGHCVSS 7.5v16.03.12.10_cn2022-02-04

CVE-2022-24142 [HIGH] CWE-787 CVE-2022-24142: Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetFirewall Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetFirewallCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the firewallEn parameter.

nvd

CVE-2022-24162HIGHCVSS 7.5v16.03.12.10_cn2022-02-04

CVE-2022-24162 [HIGH] CWE-787 CVE-2022-24162: Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function saveParentContr Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter.

nvd

← Previous3 / 3