cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-50852,https://securityvulnerability.io/vulnerability/CVE-2024-50852,Command Injection Vulnerability in Tenda G3 Router,"The Tenda G3 v3.0 v15.11.0.20 is vulnerable to a command injection issue through the formSetUSBPartitionUmount function. This vulnerability may allow attackers to execute arbitrary commands on the router, compromising the integrity and availability of the device. Proper remediation mechanisms should be considered to ensure device security and protect against unauthorized access.",Tenda,G3 Firmware,8.8,HIGH,0.0006200000061653554,false,false,false,false,,false,false,2024-11-13T15:15:00.000Z,0
CVE-2024-50854,https://securityvulnerability.io/vulnerability/CVE-2024-50854,Stack Overflow Vulnerability in Tenda G3 from Tenda,"A stack overflow vulnerability has been found in Tenda G3 v3.0 v15.11.0.20 through the formSetPortMapping function. This flaw can potentially allow an attacker to execute arbitrary code or disrupt the normal operation of the device, raising significant security concerns for users relying on this product for secure networking. Proper mitigations and patches are required to safeguard against potential exploitation.",Tenda,G3 Firmware,8.8,HIGH,0.0004900000058114529,false,false,false,false,,false,false,2024-11-13T15:15:00.000Z,0
CVE-2024-50853,https://securityvulnerability.io/vulnerability/CVE-2024-50853,Command Injection Vulnerability in Tenda G3 Router Firmware,"The Tenda G3 router running firmware version 3.0 v15.11.0.20 contains a command injection vulnerability within the formSetDebugCfg function. This flaw allows an attacker to inject arbitrary commands into the system, which could lead to unauthorized access and manipulation of device configurations. Such vulnerabilities pose significant risks, potentially enabling attackers to execute harmful commands that could compromise the router’s integrity and the security of the network it supports. Users of Tenda G3 routers are advised to review their device settings and apply any available security updates to mitigate the risks associated with this vulnerability.",Tenda,G3 Firmware,8.8,HIGH,0.0006200000061653554,false,false,false,false,,false,false,2024-11-13T15:15:00.000Z,0
CVE-2024-46628,https://securityvulnerability.io/vulnerability/CVE-2024-46628,Remote Code Execution Vulnerability in Tenda G3 Router by Tenda,"The Tenda G3 Router firmware v15.03.05.05 has been identified as having a serious vulnerability that allows remote code execution. Specifically, the issue originates from improper handling of the usbPartitionName parameter in the formSetUSBPartitionUmount function. This flaw can potentially allow attackers to exploit the router, compromising security and enabling unauthorized access to sensitive data or network functionality.",Tenda,G3 Firmware,9.8,CRITICAL,0.0010900000343099236,false,false,false,false,,false,false,2024-09-26T00:00:00.000Z,0
CVE-2024-8225,https://securityvulnerability.io/vulnerability/CVE-2024-8225,Stack-Based Buffer Overflow in Tenda G3 Routers,"A significant stack-based buffer overflow vulnerability has been identified in Tenda G3 routers running version 15.11.0.20, specifically within the 'formSetSysTime' function of the 'SetSysTimeCfg' endpoint. This vulnerability can be exploited remotely by manipulating the 'sysTimePolicy' argument, potentially allowing an attacker to execute arbitrary code on the affected device. The exploit is public and has been disclosed, raising concerns for users' IoT security. Despite early notifications to Tenda, no response has been received, emphasizing the urgency for users to apply available security measures promptly.",Tenda,G3,9.8,CRITICAL,0.003530000103637576,false,false,false,true,true,false,false,2024-08-27T23:15:00.000Z,0
CVE-2024-8224,https://securityvulnerability.io/vulnerability/CVE-2024-8224,Stack-Based Buffer Overflow in Tenda G3 Router Firmware,"A serious stack-based buffer overflow vulnerability has been discovered in the Tenda G3 router firmware (version 15.11.0.20). This flaw exists in the formSetDebugCfg function within the /goform/setDebugCfg file, where improper handling of the enable, level, or module arguments can lead to potential exploitation. Attackers can exploit this vulnerability remotely, risking the safety of the device and data. Despite early notification to the vendor regarding this issue, there has been no response or patch provided, increasing the urgency for users to be aware of this risk and take appropriate measures to secure their devices.",Tenda,G3 Firmware,9.8,CRITICAL,0.003530000103637576,false,false,false,false,,false,false,2024-08-27T23:15:00.000Z,0
CVE-2024-4165,https://securityvulnerability.io/vulnerability/CVE-2024-4165,Stack-based Buffer Overflow Vulnerability in Tenda G3 Router,"A severe stack-based buffer overflow vulnerability has been identified in the Tenda G3 router's modifyDhcpRule function within the /goform/modifyDhcpRule file. By manipulating the bindDhcpIndex argument, an attacker can exploit this vulnerability to execute arbitrary code remotely. This issue not only allows for unauthorized access to the affected device but could also enable the attacker to disrupt network services or gain control over the router. The vulnerability has been disclosed publicly, raising concerns about its potential exploitation in real-world scenarios. As a precaution, users are strongly advised to assess their devices for security updates and consider the implementation of additional protective measures.",Tenda,G3,8.8,HIGH,0.00044999999227002263,false,false,false,true,true,false,false,2024-04-25T11:31:04.731Z,0
CVE-2024-4164,https://securityvulnerability.io/vulnerability/CVE-2024-4164,Stack-Based Buffer Overflow in Tenda G3 Router,"A critical vulnerability in the Tenda G3 router can be exploited through the formModifyPppAuthWhiteMac function, located in the /goform/ModifyPppAuthWhiteMac file. An attacker can manipulate the pppoeServerWhiteMacIndex argument, resulting in a stack-based buffer overflow. This security flaw allows for remote attacks, making unauthorized access and potentially harmful actions possible on affected devices. Despite early notifications to the vendor, Tenda has not addressed this serious issue, leaving users at risk of exploitation. It is essential for users of Tenda G3 15.11.0.17(9502) to take immediate precautions to secure their devices.",Tenda,G3,8.8,HIGH,0.00044999999227002263,false,false,false,true,true,false,false,2024-04-25T10:31:04.703Z,0
CVE-2022-36586,https://securityvulnerability.io/vulnerability/CVE-2022-36586,,"In Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE, there is a buffer overflow vulnerability caused by strcpy in function 0x869f4 in the httpd binary.",Tenda,G3 Firmware,9.8,CRITICAL,0.0021899999119341373,false,false,false,false,,false,false,2022-09-08T00:15:00.000Z,0
CVE-2022-36585,https://securityvulnerability.io/vulnerability/CVE-2022-36585,,"In Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE, in httpd binary, the addDhcpRule function has a buffer overflow caused by sscanf.",Tenda,G3 Firmware,9.8,CRITICAL,0.0021899999119341373,false,false,false,false,,false,false,2022-09-07T23:15:00.000Z,0
CVE-2022-36587,https://securityvulnerability.io/vulnerability/CVE-2022-36587,,"In Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE, there is a buffer overflow vulnerability caused by sprintf in function in the httpd binary.",Tenda,G3 Firmware,9.8,CRITICAL,0.0021899999119341373,false,false,false,false,,false,false,2022-09-07T16:31:12.000Z,0
CVE-2022-36584,https://securityvulnerability.io/vulnerability/CVE-2022-36584,,"In Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE, the getsinglepppuser function has a buffer overflow caused by sscanf.",Tenda,G3 Firmware,9.8,CRITICAL,0.003640000009909272,false,false,false,false,,false,false,2022-09-06T16:50:08.000Z,0