cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-11248,https://securityvulnerability.io/vulnerability/CVE-2024-11248,Stack-based Buffer Overflow in Tenda AC10 Router,"A significant vulnerability exists within the Tenda AC10 router, specifically in the formSetRebootTimer function located in the /goform/SetSysAutoRebbotCfg file. This vulnerability enables a stack-based buffer overflow due to improper handling of the rebootTime argument. The flaw permits threat actors to launch remote attacks, potentially leading to unauthorized access to the device. The disclosure of this exploit in public forums increases the urgency for device owners to address the vulnerability to safeguard their networks.",Tenda,Ac10 Firmware,8.8,HIGH,0.0010999999940395355,false,false,false,false,,false,false,2024-11-15T17:15:00.000Z,0
CVE-2024-11061,https://securityvulnerability.io/vulnerability/CVE-2024-11061,Stack-Based Buffer Overflow in Tenda AC10 Router,"A severe stack-based buffer overflow vulnerability exists in the Tenda AC10 router, specifically within the function FUN_0044db3c of the /goform/fast_setting_wifi_set file. By manipulating the timeZone argument, an attacker can potentially execute arbitrary code remotely. This vulnerability poses significant risks to users, as it can be exploited over the network without requiring any physical access to the device. Immediate action is advised to mitigate the risks associated with this critical vulnerability.",Tenda,Ac10,8.8,HIGH,0.0023300000466406345,false,false,false,true,true,false,false,2024-11-11T00:31:07.099Z,0
CVE-2024-11056,https://securityvulnerability.io/vulnerability/CVE-2024-11056,Stack-Based Buffer Overflow in Tenda AC10 Routers,"A critical security vulnerability identified in the Tenda AC10 router allows an attacker to exploit a stack-based buffer overflow in the /goform/WifiExtraSet function. This issue arises from improper handling of the wpapsk_crypto argument, which can lead to unauthorized access or execution of arbitrary code. Attackers can initiate this exploit remotely, making it especially dangerous for users of affected versions. As the exploit details have been disclosed publicly, it is crucial for users to take immediate action to secure their devices, such as applying relevant patches and enhancing their network security measures.",Tenda,Ac10,8.8,HIGH,0.001290000043809414,false,false,false,true,true,false,false,2024-11-10T16:31:06.581Z,0
CVE-2024-2856,https://securityvulnerability.io/vulnerability/CVE-2024-2856,Stack-Based Buffer Overflow Vulnerability in Tenda AC10,"A critical stack-based buffer overflow vulnerability has been identified in the Tenda AC10 router, specifically in the fromSetSysTime function located at /goform/SetSysTimeCfg. This vulnerability arises from improper handling of the timeZone argument, allowing remote attackers to leverage this flaw to execute arbitrary code on affected systems. The affected versions include Tenda AC10 firmware versions 16.03.10.13 and 16.03.10.20. This exploit poses significant risks as it enables the potential takeover of the device, threatening both individual users and broader network security. Despite multiple attempts to communicate this issue to Tenda, no response has been received, highlighting the urgency for users to assess the security measures of their affected devices.",Tenda,Ac10,8.8,HIGH,0.000910000002477318,false,false,false,true,true,false,false,2024-03-24T06:31:04.241Z,0
CVE-2024-2581,https://securityvulnerability.io/vulnerability/CVE-2024-2581,Stack-Based Buffer Overflow in Tenda AC10 Router,"A critical vulnerability exists in the Tenda AC10 router, specifically in the fromSetRouteStatic function located in the /goform/SetStaticRouteCfg file. This vulnerability can be exploited remotely and arises due to improper validation of the argument list, leading to a stack-based buffer overflow. Successful exploitation can allow attackers to execute arbitrary code on the affected device, potentially compromising the security of the network. The vulnerability has been publicly disclosed and is tagged as VDB-257081, highlighting its significance for users of the affected product.",Tenda,Ac10,8.8,HIGH,0.00044999999227002263,false,false,false,true,true,false,false,2024-03-18T03:00:06.600Z,0
CVE-2023-45480,https://securityvulnerability.io/vulnerability/CVE-2023-45480,,Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the src parameter in the function sub_47D878.,Tenda,Ac10 Firmware,9.8,CRITICAL,0.0022700000554323196,false,false,false,false,,false,false,2023-11-29T00:00:00.000Z,0
CVE-2023-45479,https://securityvulnerability.io/vulnerability/CVE-2023-45479,,Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the list parameter in the function sub_49E098.,Tenda,Ac10 Firmware,9.8,CRITICAL,0.0022700000554323196,false,false,false,false,,false,false,2023-11-29T00:00:00.000Z,0
CVE-2023-45483,https://securityvulnerability.io/vulnerability/CVE-2023-45483,,Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the time parameter in the function compare_parentcontrol_time.,Tenda,Ac10 Firmware,9.8,CRITICAL,0.0022700000554323196,false,false,false,false,,false,false,2023-11-29T00:00:00.000Z,0
CVE-2023-45484,https://securityvulnerability.io/vulnerability/CVE-2023-45484,,Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGuestBasic.,Tenda,Ac10 Firmware,9.8,CRITICAL,0.0022700000554323196,false,false,false,false,,false,false,2023-11-29T00:00:00.000Z,0
CVE-2023-45482,https://securityvulnerability.io/vulnerability/CVE-2023-45482,Stack Overflow Vulnerability in Tenda AC10 Router,"A stack overflow vulnerability has been identified in the Tenda AC10 router, specifically in the function responsible for retrieving parental control list information. This flaw allows attackers to manipulate the 'urls' parameter, potentially leading to unintended behavior and security breaches. Exploitation of this vulnerability could provide unauthorized access to sensitive settings, compromising the integrity and confidentiality of the device. It is crucial for users to apply updates and follow best security practices to mitigate the risks associated with this vulnerability.",Tenda,Ac10 Firmware,9.8,CRITICAL,0.0022700000554323196,false,false,false,false,,false,false,2023-11-29T00:00:00.000Z,0
CVE-2023-45481,https://securityvulnerability.io/vulnerability/CVE-2023-45481,,Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the firewallEn parameter in the function SetFirewallCfg.,Tenda,Ac10 Firmware,9.8,CRITICAL,0.0022700000554323196,false,false,false,false,,false,false,2023-11-29T00:00:00.000Z,0
CVE-2023-42320,https://securityvulnerability.io/vulnerability/CVE-2023-42320,,Buffer Overflow vulnerability in Tenda AC10V4 v.US_AC10V4.0si_V16.03.10.13_cn_TDC01 allows a remote attacker to cause a denial of service via the mac parameter in the GetParentControlInfo function.,Tenda,Ac10 Firmware,9.8,CRITICAL,0.006010000128298998,false,false,false,false,,false,false,2023-09-18T00:00:00.000Z,0
CVE-2023-38933,https://securityvulnerability.io/vulnerability/CVE-2023-38933,,"Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6 and AC9 V3.0 V15.03.06.42_multi, and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function.",Tenda,Ac10 Firmware,9.8,CRITICAL,0.0017999999690800905,false,false,false,false,,false,false,2023-08-07T00:00:00.000Z,0
CVE-2023-38937,https://securityvulnerability.io/vulnerability/CVE-2023-38937,,"Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, AC9 V3.0 V15.03.06.42_multi and AC10 v4.0 V16.03.10.13 were discovered to contain a stack overflow via the list parameter in the formSetVirtualSer function.",Tenda,Ac10 Firmware,9.8,CRITICAL,0.0017999999690800905,false,false,false,false,,false,false,2023-08-07T00:00:00.000Z,0
CVE-2023-38936,https://securityvulnerability.io/vulnerability/CVE-2023-38936,,"Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6, AC9 V3.0 V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function.",Tenda,Ac10 Firmware,9.8,CRITICAL,0.0022499999031424522,false,false,false,false,,false,false,2023-08-07T00:00:00.000Z,0
CVE-2023-38931,https://securityvulnerability.io/vulnerability/CVE-2023-38931,Stack Overflow Vulnerability in Tenda AC Series Routers,"A stack overflow vulnerability has been identified in multiple Tenda AC series routers. This issue arises from improper handling of the list parameter within the setaccount function, potentially leading to unauthorized access and exploitation of device functionality. Users are advised to implement security measures to mitigate potential risks associated with this vulnerability.",Tenda,Ac10 Firmware,9.8,CRITICAL,0.0017999999690800905,false,false,false,false,,false,false,2023-08-07T00:00:00.000Z,0
CVE-2023-37710,https://securityvulnerability.io/vulnerability/CVE-2023-37710,Stack Overflow Vulnerability in Tenda AC1206 and AC10 Products,"The Tenda AC1206 and AC10 devices have been found to be susceptible to a stack overflow vulnerability that occurs in the wpapsk_crypto parameter within the fromSetWirelessRepeat function. This flaw can potentially be exploited to compromise device security, allowing unauthorized access and manipulation of sensitive settings.",Tenda,Ac10 Firmware,9.8,CRITICAL,0.001930000027641654,false,false,false,false,,false,false,2023-07-10T00:00:00.000Z,0
CVE-2023-37711,https://securityvulnerability.io/vulnerability/CVE-2023-37711,Stack Overflow in Tenda AC1206 and AC10 Devices,"A stack overflow vulnerability exists in the Tenda AC1206 and AC10 devices, specifically within the saveParentControlInfo function, which improperly processes the deviceId parameter. This flaw can potentially allow attackers to execute arbitrary code, compromising the integrity and security of the affected devices.",Tenda,Ac10 Firmware,9.8,CRITICAL,0.001930000027641654,false,false,false,false,,false,false,2023-07-10T00:00:00.000Z,0
CVE-2023-37144,https://securityvulnerability.io/vulnerability/CVE-2023-37144,Command Injection Vulnerability in Tenda AC10 Router,"The Tenda AC10 router, specifically version 15.03.06.26, is prone to a command injection vulnerability that arises from improper validation of the 'mac' parameter within the 'formWriteFacMac' function. This security flaw allows an attacker to execute arbitrary commands on the device, potentially compromising the router's integrity and allowing unauthorized access. Users are advised to update their devices promptly to mitigate the risk posed by this vulnerability.",Tenda,Ac10 Firmware,9.8,CRITICAL,0.005659999791532755,false,false,false,false,,false,false,2023-07-07T00:00:00.000Z,0
CVE-2023-34568,https://securityvulnerability.io/vulnerability/CVE-2023-34568,,Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter time at /goform/PowerSaveSet.,Tenda,Ac10 Firmware,6.7,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2023-06-08T00:00:00.000Z,0
CVE-2023-34566,https://securityvulnerability.io/vulnerability/CVE-2023-34566,Stack Overflow in Tenda AC10 Router Affects Home Network Security,"A stack overflow vulnerability has been identified in the Tenda AC10 router, specifically in the firmware version US_AC10V4.0si_V16.03.10.13_cn. This vulnerability occurs via a parameter input at the /goform/saveParentControlInfo endpoint, potentially allowing an attacker to exploit the router and manipulate its operations. Users are advised to update their firmware to mitigate risks associated with this security flaw.",Tenda,Ac10 Firmware,9.8,CRITICAL,0.0022700000554323196,false,false,false,false,,false,false,2023-06-08T00:00:00.000Z,0
CVE-2023-34567,https://securityvulnerability.io/vulnerability/CVE-2023-34567,,Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list at /goform/SetVirtualServerCfg.,Tenda,Ac10 Firmware,6.7,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2023-06-08T00:00:00.000Z,0
CVE-2023-34569,https://securityvulnerability.io/vulnerability/CVE-2023-34569,,Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list at /goform/SetNetControlList.,Tenda,Ac10 Firmware,6.7,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2023-06-08T00:00:00.000Z,0
CVE-2023-34570,https://securityvulnerability.io/vulnerability/CVE-2023-34570,,Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter devName at /goform/SetOnlineDevName.,Tenda,Ac10 Firmware,6.7,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2023-06-08T00:00:00.000Z,0
CVE-2023-34571,https://securityvulnerability.io/vulnerability/CVE-2023-34571,,Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter shareSpeed at /goform/WifiGuestSet.,Tenda,Ac10 Firmware,6.7,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2023-06-08T00:00:00.000Z,0