Tenda AC15 Firmware 15.03.05.20 Multi Tde01

CPE Details

Tenda AC15 Firmware 15.03.05.20 Multi Tde01
tenda
ac15_firmware
15.03.05.20_multi_tde01
2022-05-11
22h23 +00:00
2022-05-27
12h53 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:o:tenda:ac15_firmware:15.03.05.20_multi_tde01:*:*:*:*:*:*:*

Informations

Vendor

tenda

Product

ac15_firmware

Version

15.03.05.20_multi_tde01

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-28557 2022-05-04 13h18 +00:00 There is a command injection vulnerability at the /goform/setsambacfg interface of Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin device web, which can also cooperate with CVE-2021-44971 to cause unconditional arbitrary command execution
9.8
Critical
CVE-2022-28556 2022-05-04 13h13 +00:00 Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin is vulnerable to Buffer Overflow. The stack overflow vulnerability lies in the /goform/setpptpservercfg interface of the web. The sent post data startip and endip are copied to the stack using the sanf function, resulting in stack overflow. Similarly, this vulnerability can be used together with CVE-2021-44971
7.5
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.