Tenda W30E Firmware vulnerabilities

61 known vulnerabilities affecting tenda/w30e_firmware.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL17HIGH37MEDIUM6LOW1

Vulnerabilities

Page 2 of 4

CVE-2024-32292HIGHCVSS 8.8v1.0.1.25\(633\)2024-04-17

CVE-2024-32292 [HIGH] CWE-77 CVE-2024-32292: Tenda W30E v1.0 V1.0.1.25(633) firmware contains a command injection vulnerablility in the formexeCo Tenda W30E v1.0 V1.0.1.25(633) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter.

nvd

CVE-2024-32288MEDIUMCVSS 6.3v1.0.1.25\(633\)2024-04-17

CVE-2024-32288 [MEDIUM] CWE-121 CVE-2024-32288: Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page para Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page parameter in the fromwebExcptypemanFilter function.

nvd

CVE-2024-32287MEDIUMCVSS 6.5v1.0.1.25\(633\)2024-04-17

CVE-2024-32287 [MEDIUM] CWE-121 CVE-2024-32287: Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the qos parameter in Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the qos parameter in the fromqossetting function.

nvd

CVE-2024-32290MEDIUMCVSS 6.7v1.0.1.25\(633\)2024-04-17

CVE-2024-32290 [MEDIUM] CWE-121 CVE-2024-32290: Tenda W30E v1.0 v1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in Tenda W30E v1.0 v1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in the fromAddressNat function.

nvd

CVE-2024-3881HIGHCVSS 8.8v1.0.1.25\(633\)2024-04-16

CVE-2024-3881 [HIGH] CWE-121 CVE-2024-3881: A vulnerability was found in Tenda W30E 1.0.1.25(633) and classified as critical. This issue affects A vulnerability was found in Tenda W30E 1.0.1.25(633) and classified as critical. This issue affects the function frmL7PlotForm of the file /goform/frmL7ProtForm. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated i

nvd

CVE-2024-3882HIGHCVSS 8.8v1.0.1.25\(633\)2024-04-16

CVE-2024-3882 [HIGH] CWE-121 CVE-2024-3882: A vulnerability was found in Tenda W30E 1.0.1.25(633). It has been classified as critical. Affected A vulnerability was found in Tenda W30E 1.0.1.25(633). It has been classified as critical. Affected is the function fromRouteStatic of the file /goform/fromRouteStatic. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The

nvd

CVE-2024-3880HIGHCVSS 8.8v1.0.1.25\(633\)2024-04-16

CVE-2024-3880 [MEDIUM] CWE-78 CVE-2024-3880: A vulnerability has been found in Tenda W30E 1.0.1.25(633) and classified as critical. This vulnerab A vulnerability has been found in Tenda W30E 1.0.1.25(633) and classified as critical. This vulnerability affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-260914

nvd

CVE-2024-3879HIGHCVSS 8.8v1.0.1.25\(633\)2024-04-16

CVE-2024-3879 [HIGH] CWE-121 CVE-2024-3879: A vulnerability, which was classified as critical, was found in Tenda W30E 1.0.1.25(633). This affec A vulnerability, which was classified as critical, was found in Tenda W30E 1.0.1.25(633). This affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The ident

nvd

CVE-2023-49999CRITICALCVSS 9.8v16.01.0.12\(4843\)2023-12-07

CVE-2023-49999 [CRITICAL] CWE-787 CVE-2023-49999: Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the fun Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setUmountUSBPartition.

nvd

CVE-2023-50001CRITICALCVSS 9.8v16.01.0.12\(4843\)2023-12-07

CVE-2023-50001 [CRITICAL] CWE-787 CVE-2023-50001: Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formUpgrade Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formUpgradeMeshOnline.

nvd

CVE-2023-49411CRITICALCVSS 9.8v16.01.0.12\(4843\)2023-12-07

CVE-2023-49411 [CRITICAL] CWE-787 CVE-2023-49411: Tenda W30E V16.01.0.12(4843) contains a stack overflow vulnerability via the function formDeleteMesh Tenda W30E V16.01.0.12(4843) contains a stack overflow vulnerability via the function formDeleteMeshNode.

nvd

CVE-2023-49406CRITICALCVSS 9.8v16.01.0.12\(4843\)2023-12-07

CVE-2023-49406 [CRITICAL] CVE-2023-49406: Tenda W30E V16.01.0.12(4843) was discovered to contain a Command Execution vulnerability via the fun Tenda W30E V16.01.0.12(4843) was discovered to contain a Command Execution vulnerability via the function /goform/telnet.

nvd

CVE-2023-50000CRITICALCVSS 9.8v16.01.0.12\(4843\)2023-12-07

CVE-2023-50000 [CRITICAL] CWE-787 CVE-2023-50000: Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formResetMe Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formResetMeshNode.

nvd

CVE-2023-49405CRITICALCVSS 9.8v16.01.0.12\(4843\)2023-12-07

CVE-2023-49405 [CRITICAL] CWE-787 CVE-2023-49405: Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function UploadCfg. Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function UploadCfg.

nvd

CVE-2023-49403CRITICALCVSS 9.8v16.01.0.12\(4843\)2023-12-07

CVE-2023-49403 [CRITICAL] CWE-787 CVE-2023-49403: Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the fun Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setFixTools.

nvd

CVE-2023-49410CRITICALCVSS 9.8v16.01.0.12\(4843\)2023-12-07

CVE-2023-49410 [CRITICAL] CWE-787 CVE-2023-49410: Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function via the fun Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function via the function set_wan_status.

nvd

CVE-2023-49402CRITICALCVSS 9.8v16.01.0.12\(4843\)2023-12-07

CVE-2023-49402 [CRITICAL] CWE-787 CVE-2023-49402: Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function localMsg. Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function localMsg.

nvd

CVE-2023-50002CRITICALCVSS 9.8v16.01.0.12\(4843\)2023-12-07

CVE-2023-50002 [CRITICAL] CWE-787 CVE-2023-50002: Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formRebootM Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formRebootMeshNode.

nvd

CVE-2023-49404CRITICALCVSS 9.8v16.01.0.12\(4843\)2023-12-07

CVE-2023-49404 [CRITICAL] CWE-787 CVE-2023-49404: Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formAdvance Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formAdvancedSetListSet.

nvd

CVE-2023-25231CRITICALCVSS 9.8vv1.0.1.25\(633\)2023-02-27

CVE-2023-25231 [CRITICAL] CWE-787 CVE-2023-25231: Tenda Router W30E V1.0.1.25(633) is vulnerable to Buffer Overflow in function fromRouteStatic via pa Tenda Router W30E V1.0.1.25(633) is vulnerable to Buffer Overflow in function fromRouteStatic via parameters entrys and mitInterface.

nvd

← Previous2 / 4Next →