Tenda AC V10U Firmware 15.03.06.48

CPE Details

Tenda AC V10U Firmware 15.03.06.48
tenda
ac10u_firmware
15.03.06.48
2024-08-05
11h07 +00:00
2024-08-05
11h07 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:o:tenda:ac10u_firmware:15.03.06.48:*:*:*:*:*:*:*

Informations

Vendor

tenda

Product

ac10u_firmware

Version

15.03.06.48

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-10280 2024-10-23 13h31 +00:00 A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
7.1
High
CVE-2024-32306 2024-04-16 22h00 +00:00 Tenda AC10U v1.0 Firmware v15.03.06.49 has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function.
5.7
Medium
CVE-2024-30612 2024-03-27 23h00 +00:00 Tenda AC10U v15.03.06.48 has a stack overflow vulnerability in the deviceId, limitSpeed, limitSpeedUp parameter from formSetClientState function.
8.1
High
CVE-2024-2853 2024-03-24 05h00 +00:00 A vulnerability was found in Tenda AC10U 15.03.06.48/15.03.06.49. It has been rated as critical. This issue affects the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257777 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
9.8
Critical
CVE-2024-2764 2024-03-21 20h31 +00:00 A vulnerability, which was classified as critical, was found in Tenda AC10U 15.03.06.48. This affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument endIP leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257601 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
8.8
High
CVE-2024-2763 2024-03-21 20h31 +00:00 A vulnerability, which was classified as critical, has been found in Tenda AC10U 15.03.06.48. Affected by this issue is the function formSetCfm of the file goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257600. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
8.8
High
CVE-2024-2711 2024-03-20 18h00 +00:00 A vulnerability was found in Tenda AC10U 15.03.06.48. It has been rated as critical. Affected by this issue is the function addWifiMacFilter of the file /goform/addWifiMacFilter. The manipulation of the argument deviceMac leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257462 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
8.8
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.