Tendacn Pa6 Firmware vulnerabilities
4 known vulnerabilities affecting tendacn/pa6_firmware.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3
Vulnerabilities
Page 1 of 1
CVE-2024-0535P2CRITICALCVSS 9.8v1.0.1.212024-01-15
CVE-2024-0535 [CRITICAL] CWE-121 CVE-2024-0535: A vulnerability classified as critical was found in Tenda PA6 1.0.1.21. Affected by this vulnerabili
A vulnerability classified as critical was found in Tenda PA6 1.0.1.21. Affected by this vulnerability is the function cgiPortMapAdd of the file /portmap of the component httpd. The manipulation of the argument groupName leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be
nvd
CVE-2019-16213P2HIGHCVSS 8.8v1.0.1.212020-06-25
CVE-2019-16213 [HIGH] CWE-78 CVE-2019-16213: Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 could allow a remote authenticated attacker to execute a
Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted string, an attacker could modify the device name of an attached PLC adapter to inject and execute arbitrary commands on the system with root privileges.
nvd
CVE-2019-19505P3HIGHCVSS 8.8v1.0.1.212020-06-25
CVE-2019-19505 [HIGH] CWE-787 CVE-2019-19505: Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a stack-based buffer overflow, caused b
Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the "Wireless" section in the web-UI. By sending a specially crafted hostname, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
nvd
CVE-2019-19506P3HIGHCVSS 7.5v1.0.1.212020-06-25
CVE-2019-19506 [HIGH] CWE-835 CVE-2019-19506: Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a denial of service, caused by an error
Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a denial of service, caused by an error in the "homeplugd" process. By sending a specially crafted UDP packet, an attacker could exploit this vulnerability to cause the device to reboot.
nvd