cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-3910,https://securityvulnerability.io/vulnerability/CVE-2024-3910,Remote Stack-Based Buffer Overflow in Tenda AC500 Router,"A critical security flaw has been discovered in the Tenda AC500 router, specifically in the handling of DHCP client list requests within the function fromDhcpListClient. This vulnerability allows remote attackers to manipulate the 'page' argument, which can lead to a stack-based buffer overflow. Such an exploitation may enable malicious actors to execute arbitrary code on the affected devices. Despite attempts to notify the vendor, Tenda has not provided any response regarding this issue. Therefore, it is crucial for users of the Tenda AC500 to review their systems for potential threats related to this vulnerability and apply necessary security measures.",Tenda,Ac500,8.8,HIGH,0.01343000028282404,false,,false,false,true,2024-04-17T11:00:05.000Z,true,false,false,,2024-04-17T12:00:05.651Z,0
CVE-2024-3909,https://securityvulnerability.io/vulnerability/CVE-2024-3909,Stack-based Buffer Overflow in Tenda AC500,"A critical stack-based buffer overflow vulnerability exists in the Tenda AC500, specifically within the function formexeCommand in the file /goform/execCommand. This flaw allows an attacker to manipulate the cmdinput argument, potentially leading to unauthorized control and execution of arbitrary code. The vulnerability can be exploited remotely, allowing attackers to compromise affected systems without physical access. Despite early notification to Tenda regarding this flaw, there has been no response or guidance, emphasizing the urgency for users to implement immediate security measures. Users are strongly advised to monitor for updates and mitigate risks associated with this vulnerability.",Tenda,Ac500,9.8,CRITICAL,0.010200000368058681,false,,false,false,true,2024-04-17T10:31:05.000Z,true,false,false,,2024-04-17T11:31:05.865Z,0
CVE-2024-3908,https://securityvulnerability.io/vulnerability/CVE-2024-3908,Command Injection Flaw in Tenda AC500 Router,"A critical command injection vulnerability has been identified in the Tenda AC500 router, specifically within the formWriteFacMac function of the WriteFacMac endpoint. This flaw allows an attacker to manipulate MAC address input parameters and execute arbitrary commands remotely, posing a significant threat to network integrity. Despite notification attempts, Tenda has yet to acknowledge or address this issue, increasing the urgency for users to secure their devices against potential exploits. Users are strongly advised to monitor their network traffic and apply necessary mitigations until a patch is provided.",Tenda,Ac500,9.8,CRITICAL,0.012369999662041664,false,,false,false,true,2024-04-17T10:31:04.000Z,true,false,false,,2024-04-17T11:31:04.525Z,0
CVE-2024-3907,https://securityvulnerability.io/vulnerability/CVE-2024-3907,Buffer Overflow Vulnerability in Tenda AC500,"A critical security vulnerability exists in the Tenda AC500 version 2.0.1.9(1307) within the formSetCfm function found in the /goform/setcfm file. This vulnerability is triggered through a manipulation of the 'funcpara1' argument, leading to a stack-based buffer overflow. Attackers can exploit this vulnerability remotely, potentially allowing them to execute arbitrary code or disrupt the operational integrity of the device. The vulnerability poses significant cybersecurity risks, especially as public disclosure has already occurred, raising the urgency for users to patch their devices or take mitigative action. Despite being notified, Tenda has not responded to the disclosure, which may indicate a lack of support for addressing this critical security issue.",Tenda,Ac500,9.8,CRITICAL,0.01358999963849783,false,,false,false,true,2024-04-17T10:00:06.000Z,true,false,false,,2024-04-17T11:00:06.424Z,0
CVE-2024-3906,https://securityvulnerability.io/vulnerability/CVE-2024-3906,Stack-Based Buffer Overflow in Tenda AC500 Product,"A significant vulnerability has been identified in the Tenda AC500 firmware version 2.0.1.9(1307), which is characterized by a stack-based buffer overflow in the 'formQuickIndex' function located within the '/goform/QuickIndex' file. This flaw arises from improper handling of the 'PPPOEPassword' argument, enabling remote attackers to exploit the overflow condition. The disclosed nature of this vulnerability poses a risk, as it can potentially allow unauthorized access or control over affected systems. Despite early notification to the vendor, no response has been received, underlining the urgency for users to address this vulnerability in their installations. More technical details can be found in the associated references.",Tenda,Ac500,8.8,HIGH,0.01343000028282404,false,,false,false,true,2024-04-17T09:31:05.000Z,true,false,false,,2024-04-17T10:31:05.641Z,0
CVE-2024-3905,https://securityvulnerability.io/vulnerability/CVE-2024-3905,Stack-based buffer overflow vulnerability in Tenda AC500 2.0.1.9(1307),"A vulnerability exists in the Tenda AC500, specifically in the R7WebsSecurityHandler function within the /goform/execCommand file. This security flaw can be exploited by manipulating the 'password' argument, leading to a stack-based buffer overflow. Attackers can launch remote attacks, potentially compromising the affected device. Although the vulnerability has been disclosed publicly, there has been no response from Tenda Technologies following initial contact regarding this issue. For a detailed technical description, refer to VDB-261141.",Tenda,Ac500,8.8,HIGH,0.00788000039756298,false,,false,false,true,2024-04-17T09:31:04.000Z,true,false,false,,2024-04-17T10:31:04.297Z,0
CVE-2023-25233,https://securityvulnerability.io/vulnerability/CVE-2023-25233,Buffer Overflow Vulnerability in Tenda AC500 Device,"The Tenda AC500 device is susceptible to a buffer overflow vulnerability in the function fromRouteStatic. This vulnerability arises from improper handling of parameters 'entrys' and 'mitInterface', which could lead to potential exploitation by attackers. Proper security measures and updates are recommended to mitigate the risks associated with this issue.",Tenda,Ac500 Firmware,9.8,CRITICAL,0.002219999907538295,false,,false,false,false,,,false,false,,2023-02-27T00:00:00.000Z,0
CVE-2023-25235,https://securityvulnerability.io/vulnerability/CVE-2023-25235,Buffer Overflow Vulnerability in Tenda AC500 Wireless Router,"A buffer overflow vulnerability exists in the Tenda AC500 router's firmware, specifically in the formOneSsidCfgSet function. This issue arises when the ssid parameter is inadequately validated, allowing an attacker to potentially execute arbitrary code by sending specially crafted requests. It highlights the importance of proper input validation to prevent such vulnerabilities.",Tenda,Ac500 Firmware,7.5,HIGH,0.0011699999449774623,false,,false,false,false,,,false,false,,2023-02-27T00:00:00.000Z,0
CVE-2023-25234,https://securityvulnerability.io/vulnerability/CVE-2023-25234,Buffer Overflow Vulnerability in Tenda AC500 Integrated Network Functionality,"The Tenda AC500, specifically version 2.0.1.9(1307), has been identified with a vulnerability that allows for potential buffer overflow in its integrated network functionality. This vulnerability arises from the handling of parameters in the 'fromAddressNat' function, particularly through the 'entrys' and 'mitInterface' parameters. Exploiting this flaw could lead to unauthorized access and manipulation of the device, posing significant risks to network security.",Tenda,Ac500 Firmware,9.8,CRITICAL,0.002219999907538295,false,,false,false,true,2023-04-11T11:36:48.000Z,true,false,false,,2023-02-27T00:00:00.000Z,0