cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-10662,https://securityvulnerability.io/vulnerability/CVE-2024-10662,Stack-Based Buffer Overflow in Tenda AC15 Router,"A critical vulnerability exists in the Tenda AC15 router, specifically in the formSetDeviceName function located within the /goform/SetOnlineDevName script. This security flaw allows for a stack-based buffer overflow due to inadequate input validation of the devName parameter. An attacker can exploit this vulnerability remotely, allowing them to potentially execute arbitrary code or disrupt the operation of the device. It is essential for users of the affected router model to apply the necessary security patches and updates to mitigate the risk of exploitation. For more detailed analysis and technical specifications, please refer to the security advisory links provided.",Tenda,Ac15,8.8,HIGH,0.0017000000225380063,false,false,false,true,true,false,false,2024-11-01T16:00:16.399Z,0
CVE-2024-10661,https://securityvulnerability.io/vulnerability/CVE-2024-10661,Buffer Overflow Vulnerability in Tenda AC15 Router,"A stack-based buffer overflow vulnerability has been identified in the Tenda AC15 router, specifically within the SetDlnaCfg function found in the /goform/SetDlnaCfg file. This vulnerability occurs due to improper handling of the scanList argument, which can be exploited by attackers to execute remote code. As this flaw has been publicly disclosed, it poses a significant threat to users of the affected firmware version 15.03.05.19. Immediate action should be taken to secure devices running this software to prevent unauthorized access and potential exploitation.",Tenda,Ac15,8.8,HIGH,0.0017000000225380063,false,false,false,true,true,false,false,2024-11-01T16:00:13.148Z,0
CVE-2024-10280,https://securityvulnerability.io/vulnerability/CVE-2024-10280,Null Pointer Dereference Vulnerability in Tenda Routers,"A vulnerability has been identified in various models of Tenda AC series routers, compromising the functionality of the websReadEvent within the /goform/GetIPTV module. The flaw lies in the manipulation of the Content-Length argument, which can lead to null pointer dereference, potentially allowing remote attackers to exploit the issue. This vulnerability affects Tenda models AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500, and AC1206, up to a specific version. The public disclosure of this exploit raises significant security concerns for users of affected products.",Tenda,Ac15 Firmware,7.5,HIGH,0.0024900001008063555,false,false,false,false,,false,false,2024-10-23T14:15:00.000Z,0
CVE-2023-36103,https://securityvulnerability.io/vulnerability/CVE-2023-36103,Remote Command Injection in Tenda AC15 Network Device,"The Tenda AC15, specifically the firmware version V15.03.05.20, is susceptible to a command injection vulnerability in its goform/SetIPTVCfg interface. This flaw enables remote attackers to execute arbitrary commands on the device by sending specially crafted POST requests. The exploitation of this vulnerability can lead to unauthorized access and manipulation of the affected device, posing significant security risks for users' networks.",Tenda,Ac15 Firmware,9.8,CRITICAL,0.0017500000540167093,false,false,false,false,,false,false,2024-09-10T00:00:00.000Z,0
CVE-2024-2855,https://securityvulnerability.io/vulnerability/CVE-2024-2855,Stack-Based Buffer Overflow Vulnerability in Tenda AC15 Router,"A serious security flaw has been identified in the Tenda AC15 router, specifically within the SetSysTimeCfg function of the firmware versions 15.03.05.18, 15.03.05.19, and 15.03.20. This vulnerability is characterized as a stack-based buffer overflow triggered by improper handling of input arguments. An attacker can exploit this weakness remotely, potentially causing critical disruptions or unauthorized access. With public disclosure of this exploit, users of affected firmware versions are strongly advised to implement security measures to safeguard their devices. Tenda has not issued a statement regarding this vulnerability, emphasizing the urgency for users to take proactive steps in protecting their networks.",Tenda,Ac15,9.8,CRITICAL,0.0009599999757483602,false,false,false,true,true,false,false,2024-03-24T06:00:06.171Z,0
CVE-2024-2852,https://securityvulnerability.io/vulnerability/CVE-2024-2852,Stack-Based Buffer Overflow in Tenda AC15 Parental Control Settings,"A significant vulnerability exists in Tenda AC15 routers, specifically in the parental control functionality. The issue stems from the saveParentControlInfo function located in /goform/saveParentControlInfo, which is susceptible to a stack-based buffer overflow. By manipulating the 'urls' parameter, attackers can execute arbitrary code remotely, leading to potential system compromise. This vulnerability has been publicly disclosed and poses a considerable risk to users. Tenda has yet to respond to vulnerability notifications, leaving devices exposed. Users are strongly advised to monitor for updates and apply any available security patches promptly.",Tenda,Ac15,9.8,CRITICAL,0.0009599999757483602,false,false,false,true,true,false,false,2024-03-24T04:31:04.363Z,0
CVE-2024-2851,https://securityvulnerability.io/vulnerability/CVE-2024-2851,OS Command Injection Vulnerability in Tenda AC15 Device,"A significant security flaw has been identified in the Tenda AC15 router, specifically in the formSetSambaConf function located in the /goform/setsambacfg file. This vulnerability arises from improper validation of the 'usbName' parameter, allowing for OS command injection. An attacker can exploit this flaw remotely, gaining the capability to execute arbitrary commands on the device, which poses severe risks to network integrity and data security. Despite the public disclosure of this vulnerability, Tenda has not responded to inquiries when initially informed. Users are advised to implement protective measures to mitigate potential exploitation.",Tenda,Ac15,9.8,CRITICAL,0.0008900000248104334,false,false,false,true,true,false,false,2024-03-24T03:00:06.055Z,0
CVE-2024-2850,https://securityvulnerability.io/vulnerability/CVE-2024-2850,Stack-based Buffer Overflow in Tenda AC15 Router,"A significant vulnerability exists in the Tenda AC15 router, specifically in the 'saveParentControlInfo' function located in the '/goform/saveParentControlInfo' endpoint. This security flaw arises from improper handling of input parameters, leading to a stack-based buffer overflow when maliciously crafted URLs are submitted. This vulnerability allows attackers to exploit the device remotely, contributing to a potential compromise of the router's functionality and security settings. Immediate action is advised to mitigate associated risks, as the exploit has been made public and can be utilized by attackers. Users are urged to update their firmware to mitigate this potential threat.",Tenda,Ac15,9.8,CRITICAL,0.0009599999757483602,false,false,false,true,true,false,false,2024-03-24T02:00:06.578Z,0
CVE-2024-2817,https://securityvulnerability.io/vulnerability/CVE-2024-2817,Tenda AC15 Vulnerable to Cross-Site Request Forgery (CSRF),"A vulnerability, which was classified as problematic, has been found in Tenda AC15 15.03.05.18. Affected by this issue is the function fromSysToolRestoreSet of the file /goform/SysToolRestoreSet. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257672. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",Tenda,Ac15,4.3,MEDIUM,0.0004900000058114529,false,false,false,true,true,false,false,2024-03-22T08:00:06.270Z,0
CVE-2024-2816,https://securityvulnerability.io/vulnerability/CVE-2024-2816,Tenda AC15 Vulnerable to Cross-Site Request Forgery (CSRF),A vulnerability classified as problematic was found in Tenda AC15 15.03.05.18. Affected by this vulnerability is the function fromSysToolReboot of the file /goform/SysToolReboot. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.,Tenda,Ac15,4.3,MEDIUM,0.0004900000058114529,false,false,false,true,true,false,false,2024-03-22T07:31:06.083Z,0
CVE-2024-2815,https://securityvulnerability.io/vulnerability/CVE-2024-2815,Stack-Based Buffer Overflow in Tenda AC15 Cookie Handler,"A critical vulnerability has been identified in the Tenda AC15 router, specifically within the R7WebsSecurityHandler function found in the Cookie Handler component. This issue arises from improper handling of input parameters, which leads to a stack-based buffer overflow when the password argument is manipulated. This flaw can be exploited remotely, putting the device and connected networks at risk of unauthorized access and control. It is important for users and administrators of the affected Tenda AC15 version 15.03.20_multi to take precautionary measures to mitigate potential threats. The vendor has been informed of this exploitation risk but has not provided a response or a fix as of yet.",Tenda,Ac15,9.8,CRITICAL,0.0009599999757483602,false,false,false,true,true,false,false,2024-03-22T07:31:04.644Z,0
CVE-2024-2814,https://securityvulnerability.io/vulnerability/CVE-2024-2814,Remote Stack-based Buffer Overflow in Tenda AC15 Router,"A serious security vulnerability has been identified in the Tenda AC15 router, specifically affecting version 15.03.20_multi. The issue resides in the 'fromDhcpListClient' function within the '/goform/DhcpListClient' file, where improper handling of the 'page' argument can lead to a stack-based buffer overflow. This flaw enables remote attackers to manipulate data and potentially execute arbitrary code on the device. Given that the vulnerability has been made public, users and organizations utilizing the Tenda AC15 router are strongly encouraged to apply available mitigations or patches promptly to protect against potential exploits. No response was received from Tenda when alerted to this critical security concern, highlighting the urgency for users to take immediate protective measures.",Tenda,Ac15,9.8,CRITICAL,0.0009599999757483602,false,false,false,true,true,false,false,2024-03-22T07:00:07.402Z,0
CVE-2024-2813,https://securityvulnerability.io/vulnerability/CVE-2024-2813,Stack-Based Buffer Overflow in Tenda AC15 Router,"A critical security vulnerability exists in the Tenda AC15 router, specifically within the form_fast_setting_wifi_set function located at /goform/fast_setting_wifi_set. The vulnerability arises due to improper handling of the 'ssid' argument, which can lead to a stack-based buffer overflow. This overflow can be triggered remotely, allowing attackers to execute arbitrary code and potentially gain control over the affected device. The vulnerability was publicly disclosed, and despite earlier contact with the vendor, no response has been received regarding mitigation. Users are strongly advised to assess their network security measures and patch any vulnerable devices promptly.",Tenda,Ac15,9.8,CRITICAL,0.0009599999757483602,false,false,false,true,true,false,false,2024-03-22T06:31:05.875Z,0
CVE-2024-2812,https://securityvulnerability.io/vulnerability/CVE-2024-2812,OS Command Injection Vulnerability in Tenda AC15,"A critical vulnerability has been identified in the Tenda AC15 router, specifically in the formWriteFacMac function accessible at /goform/WriteFacMac. This weakness arises from improper validation of the MAC address argument, leading to an OS command injection risk. Attackers can exploit this flaw remotely, enabling them to execute arbitrary commands on the host operating system. Although the vendor was notified before the public disclosure of this vulnerability, there was no communication or remediation response. Users of the affected firmware versions are strongly advised to take immediate protective measures to safeguard their network infrastructures.",Tenda,Ac15,8.8,HIGH,0.0008500000112690032,false,false,false,true,true,false,false,2024-03-22T06:31:04.518Z,0
CVE-2024-2811,https://securityvulnerability.io/vulnerability/CVE-2024-2811,Remote Stack-Based Buffer Overflow in Tenda AC15 Wi-Fi Router,"A serious vulnerability has been identified in the Tenda AC15 Wi-Fi router, specifically in the formWifiWpsStart function found in the /goform/WifiWpsStart file. This stack-based buffer overflow vulnerability can be exploited remotely, allowing attackers to manipulate the argument index and potentially execute malicious code. Despite the severity of this issue, Tenda has not responded to early disclosure attempts. Users are strongly advised to check for updates and apply any security patches to mitigate risks associated with this vulnerability.",Tenda,Ac15,9.8,CRITICAL,0.0009599999757483602,false,false,false,true,true,false,false,2024-03-22T06:00:07.629Z,0
CVE-2024-2810,https://securityvulnerability.io/vulnerability/CVE-2024-2810,Stack-Based Buffer Overflow in Tenda AC15 Wi-Fi Router,"A severe stack-based buffer overflow vulnerability has been identified in the Tenda AC15 Wi-Fi router within the formWifiWpsOOB function located in the /goform/WifiWpsOOB file. This flaw arises from improper handling of the 'index' argument, allowing attackers to manipulate the input and potentially execute remote code. Given that the exploit can be triggered without physical access to the device, the risk is heightened, especially in environments reliant on vulnerable versions. Despite early warnings, Tenda has not issued any response regarding this security issue, leaving users potentially exposed to exploitation. It's crucial for users of the affected versions to apply available security measures and monitor for potential attacks.",Tenda,Ac15,8.8,HIGH,0.0009599999757483602,false,false,false,true,true,false,false,2024-03-22T05:31:05.963Z,0
CVE-2024-2809,https://securityvulnerability.io/vulnerability/CVE-2024-2809,Stack-Based Buffer Overflow Vulnerability in Tenda AC15 Router,"A critical stack-based buffer overflow vulnerability has been identified in the Tenda AC15 router, specifically within the function formSetFirewallCfg of the /goform/SetFirewallCfg file. The vulnerability arises from the improper handling of the firewallEn argument, enabling attackers to remotely exploit this flaw. Given the public disclosure of this vulnerability, it poses significant risks as attackers can potentially gain unauthorized access to the router's firewall configurations. Despite early notifications to Tenda, no response has been received from the vendor, further emphasizing the urgency for users to mitigate risks associated with this exploit. Affected versions of Tenda AC15 include 15.03.05.18 and 15.03.20_multi.",Tenda,Ac15,9.8,CRITICAL,0.0009599999757483602,false,false,false,true,true,false,false,2024-03-22T05:31:04.573Z,0
CVE-2024-2808,https://securityvulnerability.io/vulnerability/CVE-2024-2808,Stack-based Buffer Overflow in Tenda AC15 Routers,"A severe stack-based buffer overflow vulnerability has been identified in Tenda AC15 routers, specifically in the formQuickIndex function located in the /goform/QuickIndex file. This vulnerability is triggered by improper handling of user-supplied input, particularly the PPPOEPassword argument. When exploited, it can allow an attacker to execute arbitrary code remotely, significantly compromising the security of the affected devices. The issue was publicly disclosed, yet Tenda has not addressed the matter despite being informed prior to the public release.",Tenda,Ac15,8.8,HIGH,0.0009599999757483602,false,false,false,true,true,false,false,2024-03-22T05:00:06.300Z,0
CVE-2024-2807,https://securityvulnerability.io/vulnerability/CVE-2024-2807,Stack-Based Buffer Overflow in Tenda AC15 Router,"A serious stack-based buffer overflow vulnerability has been identified in Tenda AC15 routers, specifically within the formExpandDlnaFile function of the /goform/expandDlnaFile endpoint. This flaw allows remote attackers to manipulate the filePath argument, potentially leading to unauthorized remote code execution. Attackers can exploit this vulnerability without user interaction, exposing the affected devices to significant risk. As of now, the vendor has failed to respond to security disclosures, making timely mitigation crucial for users of the affected firmware versions.",Tenda,Ac15,8.8,HIGH,0.0009599999757483602,false,false,false,true,true,false,false,2024-03-22T04:31:05.417Z,0
CVE-2024-2806,https://securityvulnerability.io/vulnerability/CVE-2024-2806,Stack-Based Buffer Overflow in Tenda AC15 Router,"A severe vulnerability has been discovered in the Tenda AC15 router, specifically within the addWifiMacFilter function located in the /goform/addWifiMacFilter file. The flaw arises from improper handling of the deviceId and deviceMac parameters, leading to a stack-based buffer overflow. This vulnerability can be exploited by an attacker remotely, putting users at risk of unauthorized access or control over the network. Although the vulnerability has been publicly disclosed, the vendor, Tenda, has not responded to early warnings regarding this issue, raising concerns about the patching and response time for affected users.",Tenda,Ac15,8.8,HIGH,0.0009599999757483602,false,false,false,true,true,false,false,2024-03-22T04:31:04.089Z,0
CVE-2024-2805,https://securityvulnerability.io/vulnerability/CVE-2024-2805,Buffer Overflow Vulnerability in Tenda AC15 Router,"A significant vulnerability has been identified in the Tenda AC15 router, specifically within the 'formSetSpeedWan' function found in the '/goform/SetSpeedWan' file. This security flaw can be exploited through remote commands that manipulate the 'speed_dir' argument, allowing for a stack-based buffer overflow. The vulnerable software versions are 15.03.05.18 and 15.03.20_multi. Since this vulnerability has been publicly disclosed, it poses a serious risk to network security. Users are urged to take immediate action to mitigate potential threats, as the vendor has not yet responded to communications regarding this issue.",Tenda,Ac15,8.8,HIGH,0.00044999999227002263,false,false,false,true,true,false,false,2024-03-22T03:00:06.426Z,0
CVE-2023-39673,https://securityvulnerability.io/vulnerability/CVE-2023-39673,,Tenda AC15 V1.0BR_V15.03.05.18_multi_TD01 was discovered to contain a buffer overflow via the function FUN_00010e34().,Tenda,Ac15 Firmware,9.8,CRITICAL,0.0023499999660998583,false,false,false,false,,false,false,2023-08-18T03:15:00.000Z,0
CVE-2023-30373,https://securityvulnerability.io/vulnerability/CVE-2023-30373,Stack-Based Buffer Overflow in Tenda AC15 Router,"The Tenda AC15 router, specifically version V15.03.05.19, has a vulnerability in the 'xian_pppoe_user' function that can lead to a stack-based buffer overflow. This weakness could allow a remote attacker to execute arbitrary code, potentially compromising the device's integrity and affecting the security of the network. Users of this router are advised to apply necessary updates and implement security measures to mitigate the risks posed by this vulnerability.",Tenda,Ac15 Firmware,9.8,CRITICAL,0.0015300000086426735,false,false,false,false,,false,false,2023-04-24T00:00:00.000Z,0
CVE-2023-30375,https://securityvulnerability.io/vulnerability/CVE-2023-30375,Stack-Based Buffer Overflow in Tenda AC15 Router,"The Tenda AC15 router running firmware version V15.03.05.19 is vulnerable to a stack-based buffer overflow due to a flaw in the 'getIfIp' function. This vulnerability could be exploited by attackers to execute arbitrary code or crash the device, potentially compromising network integrity. Users are advised to update their firmware to mitigate this risk.",Tenda,Ac15 Firmware,9.8,CRITICAL,0.0015300000086426735,false,false,false,false,,false,false,2023-04-24T00:00:00.000Z,0
CVE-2023-30371,https://securityvulnerability.io/vulnerability/CVE-2023-30371,Stack-Based Buffer Overflow in Tenda AC15 Router,"The Tenda AC15 router, specifically version V15.03.05.19, is susceptible to a stack-based buffer overflow due to vulnerabilities in the function 'sub_ED14'. An attacker could exploit this flaw to execute arbitrary code, leading to potential control over the device and network disruption. The vulnerability underscores the importance of maintaining updated firmware to mitigate risks associated with network devices.",Tenda,Ac15 Firmware,9.8,CRITICAL,0.0015300000086426735,false,false,false,false,,false,false,2023-04-24T00:00:00.000Z,0