CPE Details
Tenda AC15 Firmware 15.03.05.19
15.03.05.19
2020-07-15
18h31 +00:00
18h31 +00:00
2020-07-15
18h31 +00:00
18h31 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:o:tenda:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*
Informations
Vendor
tendaProduct
ac15_firmwareVersion
15.03.05.19Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| A vulnerability was found in Tenda AC15 up to 15.03.05.19 and classified as critical. This issue affects the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument mac leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 8.8 |
High |
||
| Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet. | 9.8 |
Critical |
||
| A vulnerability has been found in Tenda AC15 15.03.05.19 in the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument src leads to stack-based buffer overflow. | 6.5 |
Medium |
||
| A vulnerability was found in Tenda AC15 15.03.05.19 and classified as critical. This issue affects the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 8.7 |
High |
||
| A vulnerability has been found in Tenda AC15 15.03.05.19 and classified as critical. This vulnerability affects the function SetDlnaCfg of the file /goform/SetDlnaCfg. The manipulation of the argument scanList leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 8.7 |
High |
||
| A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 7.1 |
High |
||
| A vulnerability classified as critical was found in Tenda AC15 15.03.05.18/15.03.05.19/15.03.20. Affected by this vulnerability is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument time leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257779. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 9.8 |
Critical |
||
| Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow. | 9.8 |
Critical |
||
| In Tenda AC15 V15.03.05.19, the function GetValue contains a stack-based buffer overflow vulnerability. | 9.8 |
Critical |
||
| In Tenda AC15 V15.03.05.19, the function "sub_ED14" contains a stack-based buffer overflow vulnerability. | 9.8 |
Critical |
||
| In Tenda AC15 V15.03.05.19, The function "xkjs_ver32" contains a stack-based buffer overflow vulnerability. | 9.8 |
Critical |
||
| In Tenda AC15 V15.03.05.19, the function "xian_pppoe_user" contains a stack-based buffer overflow vulnerability. | 9.8 |
Critical |
||
| In Tenda AC15 V15.03.05.19, the function "getIfIp" contains a stack-based buffer overflow vulnerability. | 9.8 |
Critical |
||
| In Tenda AC15 V15.03.05.19, the function "henan_pppoe_user" contains a stack-based buffer overflow vulnerability. | 9.8 |
Critical |
||
| In Tenda AC15 V15.03.05.19, the function "sub_8EE8" contains a stack-based buffer overflow vulnerability. | 9.8 |
Critical |
||
| Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetIpMacBind. | 7.5 |
High |
||
| Tenda AC15 V15.03.05.18 was discovered to contain a stack overflow via the timeZone parameter in the form_fast_setting_wifi_set function. | 7.5 |
High |
||
| Tenda AC15 V15.03.05.19 contained a stack overflow via the function fromAddressNat. | 9.8 |
Critical |
||
| goform/AdvSetLanip endpoint on Tenda AC15 AC1900 15.03.05.19 devices allows remote attackers to execute arbitrary system commands via shell metacharacters in the lanIp POST parameter. | 9.8 |
Critical |
||
| The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter. | 9.8 |
Critical |
||
| An XSS issue in the /goform/WifiBasicSet endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute malicious payloads via the WifiName POST parameter. | 6.1 |
Medium |
||
| A hard-coded telnet credential in the tenda_login binary of Tenda AC15 AC1900 version 15.03.05.19 allows unauthenticated remote attackers to start a telnetd service on the device. | 9.8 |
Critical |
||
| A CSRF issue in the /goform/SysToolReboot endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to reboot the device and cause denial of service via a payload hosted by an attacker-controlled web page. | 6.5 |
Medium |
