cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-2853,https://securityvulnerability.io/vulnerability/CVE-2024-2853,OS Command Injection Vulnerability in Tenda AC10U Router,"A severe vulnerability has been identified in the Tenda AC10U router, specifically within the formSetSambaConf function of the /goform/setsambacfg file. This security flaw enables an attacker to manipulate the usbName argument, which can result in OS command injection. The attack can be initiated remotely, making it particularly dangerous for users. Despite early disclosure attempts to Tenda, the vendor has not responded to address this critical issue. As the vulnerability is publicly disclosed, it poses a significant risk to all users of affected versions 15.03.06.48 and 15.03.06.49.",Tenda,Ac10u,9.8,CRITICAL,0.0011099999537691474,false,,false,false,true,2024-03-24T05:00:06.000Z,true,false,false,,2024-03-24T05:00:06.892Z,0
CVE-2024-2764,https://securityvulnerability.io/vulnerability/CVE-2024-2764,Remote Stack-Based Buffer Overflow in Tenda AC10U,"A severe stack-based buffer overflow vulnerability has been identified in the Tenda AC10U router, specifically within the function formSetPPTPServer located at /goform/SetPptpServerCfg. By manipulating the endIP parameter, an attacker can exploit this vulnerability remotely, potentially leading to unauthorized access and control of the device. This issue, which has been disclosed to the public, underscores the critical need for users to secure their devices against potential threats. Affected users should take immediate action to safeguard their systems, as the vendor has not responded to prior notifications regarding this vulnerability.",Tenda,Ac10u,8.8,HIGH,0.0030700000934302807,false,,false,false,true,2024-03-21T20:31:05.000Z,true,false,false,,2024-03-21T20:31:05.130Z,0
CVE-2024-2763,https://securityvulnerability.io/vulnerability/CVE-2024-2763,Stack-based Buffer Overflow in Tenda AC10U Router,"A serious vulnerability has been identified in the Tenda AC10U router, specifically within the formSetCfm function inside the goform/setcfm file. This issue arises due to a stack-based buffer overflow that can be triggered by manipulating the funcpara1 argument. The vulnerability allows an attacker to execute arbitrary code remotely, potentially compromising the device without the need for local access. Despite being disclosed to the vendor prior to public announcement, Tenda has not responded to these concerns. Organizations using the affected version are strongly advised to evaluate their security posture and apply necessary updates or mitigations to mitigate potential risks.",Tenda,Ac10u,8.8,HIGH,0.0030700000934302807,false,,false,false,true,2024-03-21T20:31:03.000Z,true,false,false,,2024-03-21T20:31:03.792Z,0
CVE-2024-2711,https://securityvulnerability.io/vulnerability/CVE-2024-2711,Stack-based Buffer Overflow Vulnerability in Tenda AC10U,"A vulnerability affecting the Tenda AC10U router, specifically in the function addWifiMacFilter within the /goform/addWifiMacFilter file, allows for a stack-based buffer overflow. By manipulating the deviceMac argument, an attacker can exploit this security flaw remotely. The implications of this vulnerability are significant, as unauthorized access could lead to potential control over the device. Security measures and patches are necessary to safeguard against exploitation, as this vulnerability has been disclosed publicly and is available for potential attacks.",Tenda,Ac10u,8.8,HIGH,0.0030700000934302807,false,,false,false,true,2024-03-20T18:00:08.000Z,true,false,false,,2024-03-20T18:00:08.616Z,0
CVE-2024-2710,https://securityvulnerability.io/vulnerability/CVE-2024-2710,Stack-Based Buffer Overflow in Tenda AC10U Router,"A critical vulnerability has been identified in the Tenda AC10U router, specifically within the setSchedWifi function located in the /goform/openSchedWifi file. This vulnerability arises from improper handling of the schedStartTime argument, leading to a stack-based buffer overflow. Exploitation of this vulnerability can occur remotely, allowing attackers to execute arbitrary code with the potential to compromise the device's functionality. Despite early notification, Tenda has not addressed this issue, which has been publicly disclosed, increasing the urgency for users to mitigate risks associated with this vulnerability.",Tenda,Ac10u,8.8,HIGH,0.0030700000934302807,false,,false,false,true,2024-03-20T18:00:07.000Z,true,false,false,,2024-03-20T18:00:07.175Z,0
CVE-2024-2709,https://securityvulnerability.io/vulnerability/CVE-2024-2709,Stack-based Buffer Overflow Vulnerability in Tenda AC10U,"A vulnerability exists in Tenda AC10U version 15.03.06.49, specifically within the fromSetRouteStatic function in the /goform/SetStaticRouteCfg profile. This vulnerability can be exploited through stack-based buffer overflow, allowing attackers to manipulate the argument list and perform unauthorized actions. The attack can be executed remotely, exposing users to significant security risks. This vulnerability has been publicly disclosed, and despite initial notification to the vendor, no response has been received, leaving users vulnerable to potential exploits.",Tenda,Ac10u,8.8,HIGH,0.0030700000934302807,false,,false,false,true,2024-03-20T17:31:05.000Z,true,false,false,,2024-03-20T17:31:05.924Z,0
CVE-2024-2708,https://securityvulnerability.io/vulnerability/CVE-2024-2708,Buffer Overflow in Tenda AC10U Affects Remote Commands,"A critical vulnerability has been identified in the Tenda AC10U router, specifically affecting version 15.03.06.49. The issue arises from the improper handling of the 'cmdinput' argument in the 'formexeCommand' function, leading to a stack-based buffer overflow. This vulnerability allows attackers to execute arbitrary code remotely, potentially compromising the device's integrity and the security of the network it is connected to. The exploit details have been publicly disclosed, increasing the urgency for users to update their devices. Despite attempts to report this vulnerability to Tenda, the vendor did not respond to address the issue.",Tenda,Ac10u,8.8,HIGH,0.0030700000934302807,false,,false,false,true,2024-03-20T17:31:04.000Z,true,false,false,,2024-03-20T17:31:04.520Z,0
CVE-2024-2707,https://securityvulnerability.io/vulnerability/CVE-2024-2707,Remote Code Injection Vulnerability in Tenda AC10U Router,"A significant vulnerability has been discovered in the Tenda AC10U router version 15.03.06.49. This flaw resides in the 'formWriteFacMac' function of the /goform/WriteFacMac endpoint, where improper handling of the 'mac' argument allows for OS command injection. Attackers can exploit this vulnerability remotely, leading to unauthorized access and control over the device. The issue has been publicly disclosed, raising urgent security concerns for users of this router model. Despite early notification to Tenda, the vendor has not addressed the vulnerability, which heightens the risk associated with the affected product. Users are strongly advised to take precautions to mitigate potential exploitation.",Tenda,Ac10u,8.8,HIGH,0.005669999867677689,false,,false,false,true,2024-03-20T17:00:07.000Z,true,false,false,,2024-03-20T17:00:07.795Z,0
CVE-2024-2706,https://securityvulnerability.io/vulnerability/CVE-2024-2706,Stack-Based Buffer Overflow in Tenda AC10U Wi-Fi Router,"A serious stack-based buffer overflow vulnerability exists in the Tenda AC10U router, specifically in the function formWifiWpsStart of the /goform/WifiWpsStart file. This vulnerability allows an attacker to manipulate the index argument, potentially leading to unauthorized memory access and code execution. The flaw can be exploited remotely, raising significant concerns for users and network integrity. Despite early disclosure efforts to the vendor, response has not been received, leaving the affected product vulnerable to exploitation in the wild. Organizations using the Tenda AC10U should take immediate action to mitigate associated risks.",Tenda,Ac10u,8.8,HIGH,0.0030700000934302807,false,,false,false,true,2024-03-20T16:31:05.000Z,true,false,false,,2024-03-20T16:31:05.842Z,0
CVE-2024-2705,https://securityvulnerability.io/vulnerability/CVE-2024-2705,Severe Buffer Overflow Issue in Tenda AC10U Router,"A significant vulnerability has been identified in the Tenda AC10U router, specifically affecting version 1.0/15.03.06.49. The flaw lies in the formSetQosBand function located within the /goform/SetNetControlList file. This weakness can be exploited via manipulation of an argument list, resulting in a stack-based buffer overflow. The vulnerability permits remote attackers to execute arbitrary code, potentially leading to unauthorized access and control over the affected device. Despite prior notification, Tenda Technology has not issued a response regarding this security flaw, highlighting the urgency for users to seek immediate updates and security measures to protect their networks.",Tenda,Ac10u,8.8,HIGH,0.0030700000934302807,false,,false,false,true,2024-03-20T16:31:04.000Z,true,false,false,,2024-03-20T16:31:04.186Z,0
CVE-2024-2704,https://securityvulnerability.io/vulnerability/CVE-2024-2704,Stack-Based Buffer Overflow in Tenda AC10U Router,"A critical vulnerability has been discovered in the Tenda AC10U router that allows for a stack-based buffer overflow through improper handling of the 'firewallEn' argument in the formSetFirewallCfg function. This flaw can be exploited remotely by an attacker, potentially allowing unauthorized access to network configurations. Despite being disclosed to the vendor, Tenda has not responded to the report. Users of the Tenda AC10U router are advised to take immediate precautions to secure their devices and monitor for any suspicious activity on their networks.",Tenda,Ac10u,8.8,HIGH,0.0030700000934302807,false,,false,false,true,2024-03-20T16:00:07.000Z,true,false,false,,2024-03-20T16:00:07.684Z,0
CVE-2024-2703,https://securityvulnerability.io/vulnerability/CVE-2024-2703,Stack-Based Buffer Overflow Vulnerability in Tenda AC10U Router,"A significant vulnerability has been identified in the Tenda AC10U router, specifically within the 'formSetDeviceName' function located at '/goform/SetOnlineDevName'. This vulnerability arises from a stack-based buffer overflow caused by improper handling of the 'mac' argument, which can be exploited remotely. Malicious actors could leverage this flaw to execute arbitrary code on the device, potentially compromising the security of the network. As of now, the vulnerability is publicly disclosed and poses a serious risk, particularly since the vendor has not responded to prior communications regarding this issue. Users of affected devices should take immediate steps to mitigate potential exploitation.",Tenda,Ac10u,8.8,HIGH,0.0030700000934302807,false,,false,false,true,2024-03-20T16:00:06.000Z,true,false,false,,2024-03-20T16:00:06.080Z,0
CVE-2024-0932,https://securityvulnerability.io/vulnerability/CVE-2024-0932,Tenda AC10U setSmartPowerManagement stack-based overflow,"A vulnerability exists in the Tenda AC10U router, specifically within the setSmartPowerManagement function. This vulnerability allows for a stack-based buffer overflow caused by improper handling of the 'time' argument. An attacker can exploit this flaw remotely, leading to potential unauthorized access or control over the affected device. The exploit has been publicly disclosed, raising significant concerns about the security of the affected router model. Vendor communication has not been established regarding this issue, highlighting potential risks for users who rely on this device.",Tenda,AC10U,9.8,CRITICAL,0.001449999981559813,false,,false,false,true,2024-01-26T16:31:04.000Z,true,false,false,,2024-01-26T16:31:04.983Z,0
CVE-2024-0931,https://securityvulnerability.io/vulnerability/CVE-2024-0931,Tenda AC10U saveParentControlInfo stack-based overflow,"A security vulnerability has been identified in the Tenda AC10U router related to the saveParentControlInfo function. This issue involves a stack-based buffer overflow caused by improper handling of the deviceId, time, and urls arguments. The exploit could potentially be executed remotely, posing significant risks to the integrity of affected systems. The vulnerability has been publicly disclosed, raising concerns over potential exploitation in live environments. Users are advised to check their affected devices and apply necessary security measures immediately.",Tenda,AC10U,9.8,CRITICAL,0.0014799999771639705,false,,false,false,true,2024-01-26T16:31:03.000Z,true,false,false,,2024-01-26T16:31:03.937Z,0
CVE-2024-0930,https://securityvulnerability.io/vulnerability/CVE-2024-0930,Tenda AC10U fromSetWirelessRepeat stack-based overflow,"A stack-based buffer overflow vulnerability exists in the Tenda AC10U router associated with its fromSetWirelessRepeat function. An attacker can exploit this vulnerability remotely by manipulating the wpapsk_crypto argument, potentially leading to unauthorized access or control of the device. The vulnerability has been publicly disclosed and may be actively exploited, highlighting the importance of immediate attention to affected systems. The vendor, Tenda, was informed about the issue but has not responded to the disclosure.",Tenda,AC10U,9.8,CRITICAL,0.0014799999771639705,false,,false,false,true,2024-01-26T16:00:07.000Z,true,false,false,,2024-01-26T16:00:07.582Z,0
CVE-2024-0929,https://securityvulnerability.io/vulnerability/CVE-2024-0929,Tenda AC10U fromNatStaticSetting stack-based overflow,"A vulnerability exists in the Tenda AC10U due to improper handling of arguments in the fromNatStaticSetting function. This issue can lead to a stack-based buffer overflow, which can be exploited remotely by an attacker. The vulnerability has been publicly disclosed, and exploits may be available on the internet, posing a significant risk to users of the affected version of the product. The vendor has been informed about the vulnerability but has not responded.",Tenda,AC10U,9.8,CRITICAL,0.0014799999771639705,false,,false,false,true,2024-01-26T16:00:06.000Z,true,false,false,,2024-01-26T16:00:06.481Z,0
CVE-2024-0928,https://securityvulnerability.io/vulnerability/CVE-2024-0928,Tenda AC10U fromDhcpListClient stack-based overflow,"A vulnerability present in the Tenda AC10U router, specifically in version 15.03.06.49_multi_TDE01, allows for a stack-based buffer overflow through the manipulation of the argument in the fromDhcpListClient function. This security flaw can be exploited remotely, enabling attackers to execute arbitrary code. The exploit method has been made public, raising significant concern among users regarding their device security. The vendor, Tenda, did not respond to early disclosure attempts regarding this issue, further emphasizing the importance of implementing protective measures.",Tenda,AC10U,9.8,CRITICAL,0.0014799999771639705,false,,false,false,true,2024-01-26T15:31:03.000Z,true,false,false,,2024-01-26T15:31:03.551Z,0
CVE-2024-0927,https://securityvulnerability.io/vulnerability/CVE-2024-0927,Tenda AC10U fromAddressNat stack-based overflow,"A vulnerability exists in the Tenda AC10U Router, specifically in the function fromAddressNat, where improper handling of user input can lead to stack-based buffer overflow. This flaw is triggered through the manipulation of input parameters related to entrys/mitInterface/page, allowing an attacker to craft malicious requests that may cause the device to crash or execute arbitrary code remotely. Given that the vulnerability has been publicly disclosed, users of the affected product should take immediate action to mitigate potential exploitation. The vendor has been notified of this issue but has remained unresponsive.",Tenda,AC10U,9.8,CRITICAL,0.001449999981559813,false,,false,false,true,2024-01-26T15:00:07.000Z,true,false,false,,2024-01-26T15:00:07.625Z,0
CVE-2024-0926,https://securityvulnerability.io/vulnerability/CVE-2024-0926,Tenda AC10U formWifiWpsOOB stack-based overflow,"A vulnerability in the Tenda AC10U router version 15.03.06.49_multi_TDE01 is linked to the function formWifiWpsOOB. This vulnerability arises from improper handling of the argument index, resulting in a stack-based buffer overflow. Attackers can exploit this vulnerability remotely, gaining unauthorized access and potentially executing arbitrary code. The exploit has been publicly disclosed, emphasizing the urgency for users to implement mitigations. The vendor has been informed of the issue but has not responded to date.",Tenda,AC10U,9.8,CRITICAL,0.0014799999771639705,false,,false,false,true,2024-01-26T15:00:06.000Z,true,false,false,,2024-01-26T15:00:06.338Z,0
CVE-2024-0925,https://securityvulnerability.io/vulnerability/CVE-2024-0925,Tenda AC10U formSetVirtualSer stack-based overflow,"A vulnerability in the Tenda AC10U router has been identified, specifically affecting version 15.03.06.49_multi_TDE01. This issue is associated with the function formSetVirtualSer, where improper handling of argument lists can lead to a stack-based buffer overflow. An attacker can exploit this vulnerability remotely, allowing potential unauthorized access and manipulation of the device. The vulnerability was disclosed publicly, and its exploit has been detailed in the appropriate technical references. Despite early notification to the vendor, no response was received.",Tenda,AC10U,9.8,CRITICAL,0.001449999981559813,false,,false,false,true,2024-01-26T14:31:05.000Z,true,false,false,,2024-01-26T14:31:05.583Z,0
CVE-2024-0924,https://securityvulnerability.io/vulnerability/CVE-2024-0924,Tenda AC10U formSetPPTPServer stack-based overflow,"A vulnerability has been identified in the Tenda AC10U router, specifically in the formSetPPTPServer function of its firmware version 15.03.06.49_multi_TDE01. This vulnerability allows a stack-based buffer overflow due to improper handling of the startIp argument. An adversary could exploit this vulnerability remotely, potentially leading to system compromise. The details of the vulnerability have been publicly disclosed, and the potential for exploitation exists, posing a risk to users of the affected device. Vendors have been notified about this issue but have not provided any feedback.",Tenda,AC10U,9.8,CRITICAL,0.001449999981559813,false,,false,false,true,2024-01-26T14:31:04.000Z,true,false,false,,2024-01-26T14:31:04.491Z,0
CVE-2024-0923,https://securityvulnerability.io/vulnerability/CVE-2024-0923,Tenda AC10U formSetDeviceName stack-based overflow,"A stack-based buffer overflow vulnerability has been identified in the Tenda AC10U routers specifically in the function formSetDeviceName. The vulnerability allows an attacker to manipulate the devName argument, potentially leading to unauthorized access and exploitation. This could facilitate remote attacks with significant consequences for device integrity and user data security. Despite early disclosures to the vendor, Tenda has not responded, raising concerns about the security posture for users of the affected devices. Immediate attention to this security issue is recommended to mitigate risks.",Tenda,AC10U,9.8,CRITICAL,0.0014799999771639705,false,,false,false,true,2024-01-26T14:00:06.000Z,true,false,false,,2024-01-26T14:00:06.385Z,0
CVE-2024-0922,https://securityvulnerability.io/vulnerability/CVE-2024-0922,Tenda AC10U formQuickIndex stack-based overflow,"A vulnerability enables remote attackers to manipulate the 'PPPOEPassword' argument within the formQuickIndex function of the Tenda AC10U router, leading to a stack-based buffer overflow. This flaw allows potential exploitation, which could compromise the device and its network environment. The vulnerability was disclosed publicly, indicating its significance and the necessity for users to take preventive measures. Users are strongly advised to check for updates or patches from the vendor to mitigate the risks associated with this vulnerability.",Tenda,AC10U,9.8,CRITICAL,0.001449999981559813,false,,false,false,true,2024-01-26T13:31:05.000Z,true,false,false,,2024-01-26T13:31:05.291Z,0
CVE-2023-44022,https://securityvulnerability.io/vulnerability/CVE-2023-44022,Stack Overflow Vulnerability in Tenda AC10U Router,"The Tenda AC10U router has been identified to exhibit a stack overflow vulnerability in the formSetSpeedWan function, which is triggered through the speed_dir parameter. This flaw may allow an attacker to execute arbitrary code or disrupt router operations, potentially compromising network security and integrity.",Tenda,Ac10u Firmware,9.8,CRITICAL,0.0018400000408291817,false,,false,false,false,,,false,false,,2023-09-27T00:00:00.000Z,0
CVE-2023-44021,https://securityvulnerability.io/vulnerability/CVE-2023-44021,Stack Overflow Vulnerability in Tenda AC10U Router,"The Tenda AC10U router version v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 is susceptible to a stack overflow issue through the formSetClientState function. This vulnerability could allow an attacker to execute arbitrary code or disrupt normal operation, posing a significant risk to network security. Users are advised to assess their exposure and apply any available patches to secure their devices.",Tenda,Ac10u Firmware,9.8,CRITICAL,0.0018400000408291817,false,,false,false,false,,,false,false,,2023-09-27T00:00:00.000Z,0