Tenda Rx9 Pro Firmware vulnerabilities

CVE-2024-10351 [HIGH] CWE-121 CVE-2024-10351: A vulnerability was found in Tenda RX9 Pro 22.03.02.20. It has been rated as critical. This issue af A vulnerability was found in Tenda RX9 Pro 22.03.02.20. It has been rated as critical. This issue affects the function sub_424CE0 of the file /goform/setMacFilterCfg of the component POST Request Handler. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclos

CVE-2024-10282 [HIGH] CWE-121 CVE-2024-10282: A vulnerability classified as critical was found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. A A vulnerability classified as critical was found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. Affected by this vulnerability is the function sub_42EA38 of the file /goform/SetVirtualServerCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the publ

CVE-2024-10281 [HIGH] CWE-121 CVE-2024-10281: A vulnerability classified as critical has been found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02. A vulnerability classified as critical has been found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. Affected is the function sub_42EEE0 of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may

CVE-2024-10283 [HIGH] CWE-121 CVE-2024-10283: A vulnerability, which was classified as critical, has been found in Tenda RX9 and RX9 Pro 22.03.02. A vulnerability, which was classified as critical, has been found in Tenda RX9 and RX9 Pro 22.03.02.20. Affected by this issue is the function sub_4337EC of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public an

CVE-2023-43886 [HIGH] CWE-787 CVE-2023-43886: A buffer overflow in the HTTP server component of Tenda RX9 Pro v22.03.02.20 might allow an authenti A buffer overflow in the HTTP server component of Tenda RX9 Pro v22.03.02.20 might allow an authenticated attacker to overwrite memory.

CVE-2023-43885 [HIGH] CWE-862 CVE-2023-43885: Missing error handling in the HTTP server component of Tenda RX9 Pro Firmware V22.03.02.20 allows au Missing error handling in the HTTP server component of Tenda RX9 Pro Firmware V22.03.02.20 allows authenticated attackers to arbitrarily lock the device.

CVE-2022-38829 [CRITICAL] CWE-120 CVE-2022-38829: Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/setMacFilterCfg. Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/setMacFilterCfg.

CVE-2022-38831 [CRITICAL] CWE-120 CVE-2022-38831: Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/SetNetControlList Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/SetNetControlList

CVE-2022-38830 [CRITICAL] CWE-120 CVE-2022-38830: Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/setIPv6Status. Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/setIPv6Status.