Tendacn G3 Firmware vulnerabilities

CVE-2021-45995 [HIGH] CWE-787 CVE-2021-45995: Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the func Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetStaticRoute. This vulnerability allows attackers to cause a Denial of Service (DoS) via the staticRouteNet, staticRouteMask, and staticRouteGateway parameters.

CVE-2022-24169 [HIGH] CWE-787 CVE-2022-24169: Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the func Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formIPMacBindAdd. This vulnerability allows attackers to cause a Denial of Service (DoS) via the IPMacBindRule parameter.

CVE-2021-45996 [HIGH] CWE-787 CVE-2021-45996: Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the func Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetPortMapping. This vulnerability allows attackers to cause a Denial of Service (DoS) via the portMappingServer, portMappingProtocol, portMappingWan, porMappingtInternal, and portMappingExternal parameters.

CVE-2021-45997 [HIGH] CWE-787 CVE-2021-45997: Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the func Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetPortMapping. This vulnerability allows attackers to cause a Denial of Service (DoS) via the portMappingServer, portMappingProtocol, portMappingWan, porMappingtInternal, and portMappingExternal parameters.

CVE-2022-24166 [HIGH] CWE-787 CVE-2022-24166: Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the func Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the manualTime parameter.

CVE-2021-45989 [HIGH] CWE-787 CVE-2021-45989: Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the func Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function guestWifiRuleRefresh. This vulnerability allows attackers to cause a Denial of Service (DoS) via the qosGuestUpstream and qosGuestDownstream parameters.

CVE-2021-27692 [CRITICAL] CWE-78 CVE-2021-27692: Command Injection in Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0 Command Injection in Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted "action/umountUSBPartition" request. This occurs because the "formSetUSBPartitionUmount" function executes the "doSystemCmd" function with untrusted input.

CVE-2021-27691 [CRITICAL] CWE-78 CVE-2021-27691: Command Injection in Tenda G0 routers with firmware versions v15.11.0.6(9039)_CN and v15.11.0.5(5876 Command Injection in Tenda G0 routers with firmware versions v15.11.0.6(9039)_CN and v15.11.0.5(5876)_CN , and Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted action/setDebugCfg request. This occurs because the "formSetDebugCfg" functi