cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-2903,https://securityvulnerability.io/vulnerability/CVE-2024-2903,Stack-based Buffer Overflow Vulnerability in Tenda AC7,"A stack-based buffer overflow vulnerability has been identified in the Tenda AC7 router, specifically affecting the GetParentControlInfo function located in the file /goform/GetParentControlInfo. This vulnerability arises from inadequate handling of the MAC argument, which can be manipulated to execute a stack-based overflow. Exploitation can be carried out remotely, allowing potential attackers to compromise the router's functionality and gain unauthorized access. The vulnerability has been publicly disclosed, and its exploit has been documented. Despite prior outreach to the vendor regarding this issue, there has yet to be a response, raising concerns about the potential impact on users of the affected product.",Tenda,Ac7,8.8,HIGH,0.00788000039756298,false,,false,false,true,2024-03-26T20:31:04.000Z,true,false,false,,2024-03-26T20:31:04.040Z,0
CVE-2024-2902,https://securityvulnerability.io/vulnerability/CVE-2024-2902,Stack-based Buffer Overflow in Tenda AC7 WiFi Router,"A critical vulnerability has been identified in the Tenda AC7 WiFi Router version 15.03.06.44, affecting the 'fromSetWifiGusetBasic' function located in the /goform/WifiGuestSet file. This security flaw arises due to improper manipulation of the 'shareSpeed' argument, which leads to a stack-based buffer overflow. The vulnerability allows attackers to remotely trigger this exploit, potentially compromising the device's functionality and putting sensitive data at risk. Despite early notifications to the vendor, there has been no response regarding remedial measures. Users of Tenda AC7 are strongly advised to review their network configurations and implement necessary security precautions to mitigate potential threats.",Tenda,Ac7,8.8,HIGH,0.00788000039756298,false,,false,false,true,2024-03-26T20:00:08.000Z,true,false,false,,2024-03-26T20:00:08.534Z,0
CVE-2024-2901,https://securityvulnerability.io/vulnerability/CVE-2024-2901,Stack-based Buffer Overflow in Tenda AC7 Router,"A serious stack-based buffer overflow vulnerability has been identified in the Tenda AC7 router (firmware version 15.03.06.44). This security flaw arises from improper handling of the 'schedEndTime' argument within the 'setSchedWifi' function located in the '/goform/openSchedWifi' file. Attackers can exploit this vulnerability remotely, enabling them to manipulate scheduled Wi-Fi settings and potentially execute arbitrary code, compromising the device's integrity. Despite early notification, Tenda has not taken any action regarding this disclosure, which raises concerns over the security and support for their products.",Tenda,Ac7,8.8,HIGH,0.00788000039756298,false,,false,false,true,2024-03-26T20:00:06.000Z,true,false,false,,2024-03-26T20:00:06.887Z,0
CVE-2024-2900,https://securityvulnerability.io/vulnerability/CVE-2024-2900,Stack-Based Buffer Overflow in Tenda AC7 Router,"A significant stack-based buffer overflow vulnerability has been identified in the Tenda AC7 router, specifically in the function saveParentControlInfo located in the /goform/saveParentControlInfo endpoint. The issue arises from the improper handling of user-supplied parameters including deviceId, time, and urls, allowing an attacker to exploit this vulnerability remotely. This flaw can potentially lead to unauthorized access and manipulation of the router's functionality. Notably, this vulnerability has been publicly disclosed, increasing the urgency for affected users to implement mitigating measures. Tenda has been informed regarding this issue but has not issued a response, leaving many devices at risk. Users are strongly advised to review their router security settings and update to the latest firmware as soon as it becomes available.",Tenda,Ac7,8.8,HIGH,0.00788000039756298,false,,false,false,true,2024-03-26T19:31:04.000Z,true,false,false,,2024-03-26T19:31:04.524Z,0
CVE-2024-2899,https://securityvulnerability.io/vulnerability/CVE-2024-2899,Stack-Based Buffer Overflow in Tenda AC7 Wireless Router,"A significant security flaw has been identified in the Tenda AC7 Wireless Router, specifically within the fromSetWirelessRepeat function located in the /goform/WifiExtraSet file. This vulnerability allows manipulation of the wpapsk_crypto argument, leading to a stack-based buffer overflow, which can be exploited remotely. Given the nature of this vulnerability, attackers can potentially execute arbitrary code and gain unauthorized access to the affected system. The public disclosure of this exploit heightens the urgency for users to apply suitable remediation measures. Despite notifications made to Tenda regarding this critical issue, the vendor has not provided any response or patch updates, raising concerns about the security commitment towards its product line.",Tenda,Ac7,8.8,HIGH,0.00788000039756298,false,,false,false,true,2024-03-26T19:00:07.000Z,true,false,false,,2024-03-26T19:00:07.170Z,0
CVE-2024-2898,https://securityvulnerability.io/vulnerability/CVE-2024-2898,Stack-Based Buffer Overflow in Tenda AC7 Router,"A significant stack-based buffer overflow vulnerability has been identified in the Tenda AC7 router model, specifically in the SetStaticRouteCfg function, which handles the configuration of static routes. This flaw allows remote attackers to manipulate the argument list, potentially leading to arbitrary code execution and system compromise. Given that the vulnerability is publicly disclosed, it poses a high risk to users who have not applied the relevant security patches. The absence of a response from Tenda regarding this issue further exacerbates the concern, highlighting the urgency for users to assess their device security and apply mitigations.",Tenda,Ac7,8.8,HIGH,0.00788000039756298,false,,false,false,true,2024-03-26T18:31:05.000Z,true,false,false,,2024-03-26T18:31:05.622Z,0
CVE-2024-2897,https://securityvulnerability.io/vulnerability/CVE-2024-2897,Remote Command Injection Vulnerability in Tenda AC7 Router,"A significant security vulnerability has been detected in the Tenda AC7 router's firmware version 15.03.06.44, specifically within the formWriteFacMac function. This vulnerability allows an attacker to exploit the MAC address argument, leading to OS command injection. The flaw can be triggered remotely, making it a critical concern for users. Despite early notifications to the vendor, Tenda has yet to respond, heightening the potential for exploitation as details of the vulnerability have been made public. Users of the AC7 router should take immediate precautions to mitigate risks associated with this threat.",Tenda,Ac7,8.8,HIGH,0.021870000287890434,false,,false,false,true,2024-03-26T18:31:04.000Z,true,false,false,,2024-03-26T18:31:04.287Z,0
CVE-2024-2896,https://securityvulnerability.io/vulnerability/CVE-2024-2896,Stack-Based Buffer Overflow in Tenda AC7 Wireless Router,"A critical vulnerability has been identified in the Tenda AC7 wireless router, specifically affecting version 15.03.06.44. This vulnerability resides in the function formWifiWpsStart located in the /goform/WifiWpsStart file. An inadequately managed argument index can result in a stack-based buffer overflow, allowing remote attackers to execute arbitrary code on affected devices. The exploit is publicly known, raising significant security concerns for users. Despite early disclosure of this vulnerability, Tenda has not issued a response, leaving devices susceptible to potential attacks. Protection against this vulnerability is crucial for maintaining network integrity and securing sensitive data.",Tenda,Ac7,8.8,HIGH,0.00788000039756298,false,,false,false,true,2024-03-26T18:00:06.000Z,true,false,false,,2024-03-26T18:00:06.676Z,0
CVE-2024-2895,https://securityvulnerability.io/vulnerability/CVE-2024-2895,Stack-based Buffer Overflow Vulnerability in Tenda AC7,"A vulnerability exists in the Tenda AC7 router related to a stack-based buffer overflow triggered by manipulation of the 'index' argument in the formWifiWpsOOB function located in the /goform/WifiWpsOOB file. This remote exploit can compromise the device's operational integrity, potentially allowing unauthorized access or control. The vulnerability has been publicly disclosed, highlighting the urgent need for affected users to assess their security posture and update their devices accordingly. Notably, vendor engagement regarding this vulnerability has been unresponsive, emphasizing the critical importance for users to take proactive measures.",Tenda,Ac7,8.8,HIGH,0.00788000039756298,false,,false,false,true,2024-03-26T17:31:04.000Z,true,false,false,,2024-03-26T17:31:04.304Z,0
CVE-2024-2894,https://securityvulnerability.io/vulnerability/CVE-2024-2894,Stack-based Buffer Overflow Vulnerability in Tenda AC7,"A stack-based buffer overflow vulnerability has been identified in the Tenda AC7 router that occurs within the formSetQosBand function of the /goform/SetNetControlList file. This flaw allows an attacker to manipulate the argument list, potentially leading to unauthorized access and exploitation. The vulnerability can be exploited remotely, increasing the risk to users. Despite early notification, Tenda has not responded to this serious security issue. Users are advised to monitor their systems and apply necessary security measures to mitigate risks associated with this vulnerability.",Tenda,Ac7,8.8,HIGH,0.00788000039756298,false,,false,false,true,2024-03-26T17:00:07.000Z,true,false,false,,2024-03-26T17:00:07.831Z,0
CVE-2024-2893,https://securityvulnerability.io/vulnerability/CVE-2024-2893,Stack-Based Buffer Overflow Vulnerability in Tenda AC7 Router,"A recently identified security vulnerability in the Tenda AC7 router, specifically in the formSetDeviceName function located in the /goform/SetOnlineDevName file, poses a significant threat. This vulnerability involves a stack-based buffer overflow triggered by the manipulation of the devName argument, enabling potential attackers to execute arbitrary code or disrupt device operations. The threat can be exploited remotely, posing an immediate risk to users. The vulnerability has been publicly disclosed, highlighting the urgent need for affected users to take action. Despite early notifications to the vendor, no responsive measures have been communicated. It is crucial for users to assess their devices and update to secure versions or apply necessary mitigations.",Tenda,Ac7,8.8,HIGH,0.00788000039756298,false,,false,false,true,2024-03-26T16:31:04.000Z,true,false,false,,2024-03-26T16:31:04.545Z,0
CVE-2024-2892,https://securityvulnerability.io/vulnerability/CVE-2024-2892,Stack-Based Buffer Overflow in Tenda AC7 Router,"A critical vulnerability exists in Tenda AC7 routers, specifically in the formSetCfm function of the /goform/setcfm file. This vulnerability allows for a stack-based buffer overflow caused by improper handling of the argument 'funcpara1'. Attackers can exploit this vulnerability remotely, which poses significant risks to users and their networks. The exploit has been publicly disclosed, and despite efforts to notify the vendor, no response was received. Users of the affected Tenda AC7 routers should take immediate action to mitigate potential risks.",Tenda,Ac7,8.8,HIGH,0.00788000039756298,false,,false,false,true,2024-03-26T16:00:05.000Z,true,false,false,,2024-03-26T16:00:05.583Z,0
CVE-2024-2891,https://securityvulnerability.io/vulnerability/CVE-2024-2891,Stack-based Buffer Overflow in Tenda AC7 Router,"A critical vulnerability exists in the Tenda AC7 router due to a stack-based buffer overflow in the 'formQuickIndex' function of the '/goform/QuickIndex' file. This vulnerability arises from improper handling of the 'PPPOEPassword' argument, allowing an attacker to exploit the flaw remotely. If successfully exploited, this can lead to unauthorized access and execution of arbitrary code within the device's memory. Despite early notification to the vendor, no response has been received, raising concerns about the security updates and user safety for devices utilizing this firmware. It is crucial for users to monitor applicable patches or workarounds to mitigate potential risks associated with this vulnerability.",Tenda,Ac7,8.8,HIGH,0.005739999935030937,false,,false,false,true,2024-03-26T14:00:07.000Z,true,false,false,,2024-03-26T14:00:07.492Z,0
CVE-2023-41555,https://securityvulnerability.io/vulnerability/CVE-2023-41555,Stack Overflow Vulnerability in Tenda AC7 Router,"The Tenda AC7 router version V1.0 V15.03.06.44 has been identified to have a stack overflow vulnerability that occurs when the 'security_5g' parameter is processed at the endpoint /goform/WifiBasicSet. This flaw could potentially enable an attacker to execute arbitrary code, compromising the integrity and confidentiality of the device and the network it connects to. Users are advised to review their router settings and apply security updates promptly to mitigate risks associated with this vulnerability.",Tenda,Ac7 Firmware,9.8,CRITICAL,0.001970000099390745,false,,false,false,false,,,false,false,,2023-08-30T00:00:00.000Z,0
CVE-2023-41557,https://securityvulnerability.io/vulnerability/CVE-2023-41557,Stack Overflow Vulnerability in Tenda AC7 and AC5 Routers,"A stack overflow vulnerability has been identified in Tenda AC7 and AC5 routers, specifically through the parameter inputs in the mitInterface accessed via the /goform/addressNat URL. This issue could allow an attacker to execute arbitrary code or disrupt normal operations, posing a significant risk to the network security and data integrity of affected devices.",Tenda,Ac7 Firmware,9.8,CRITICAL,0.001970000099390745,false,,false,false,false,,,false,false,,2023-08-30T00:00:00.000Z,0
CVE-2023-41558,https://securityvulnerability.io/vulnerability/CVE-2023-41558,Stack Overflow Vulnerability in Tenda AC7 Router,"A stack overflow vulnerability has been identified in the Tenda AC7 router, specifically in version V1.0 V15.03.06.44. The flaw occurs when the 'timeZone' parameter is improperly handled at the '/goform/SetSysTimeCfg' URL. Exploiting this vulnerability could allow attackers to execute arbitrary code, which poses a significant security risk. Users are encouraged to apply patches and stay informed about security updates to safeguard their network devices.",Tenda,Ac7 Firmware,9.8,CRITICAL,0.001970000099390745,false,,false,false,false,,,false,false,,2023-08-30T00:00:00.000Z,0
CVE-2023-38930,https://securityvulnerability.io/vulnerability/CVE-2023-38930,Stack Overflow Vulnerability in Tenda Networking Products,"Certain Tenda networking products, including the AC7, AC5, AC9, and FH1205, are susceptible to a stack overflow vulnerability. This flaw arises in the addWifiMacFilter function through improper handling of the deviceId parameter. Exploiting this vulnerability could lead to potential unauthorized access or system instability, emphasizing the need for users to apply necessary patches and security updates immediately.",Tenda,Ac7 Firmware,9.8,CRITICAL,0.001970000099390745,false,,false,false,false,,,false,false,,2023-08-07T00:00:00.000Z,0
CVE-2018-14559,https://securityvulnerability.io/vulnerability/CVE-2018-14559,"Buffer Overflow Vulnerability in Tenda AC7, AC9, and AC10 Router Systems","A buffer overflow vulnerability has been identified within the web server of Tenda AC7, AC9, and AC10 routers. This issue arises when the web server improperly handles list parameters in post requests, allowing an attacker to exploit the vulnerable sprintf function. By supplying malicious input, the attacker can overwrite the function's return address stored on the stack, potentially leading to arbitrary code execution and compromising the device's integrity. Users are advised to update their firmware to the latest version to mitigate this security risk.",Tenda,Ac7 Firmware,7.5,HIGH,0.001129999989643693,false,,false,false,false,,,false,false,,2019-04-25T19:44:46.000Z,0
CVE-2018-14557,https://securityvulnerability.io/vulnerability/CVE-2018-14557,Buffer Overflow Vulnerability in Tenda AC Series Routers,"A buffer overflow vulnerability exists in the web server of Tenda AC7, AC9, and AC10 routers. This flaw occurs when processing the page parameters for a post request, where the input is directly written to a local variable on the stack using sprintf. This allows for the potential overwrite of the return address of the function, compromising the security of the device. Users are urged to update their firmware promptly to mitigate these risks.",Tenda,Ac7 Firmware,7.5,HIGH,0.001129999989643693,false,,false,false,false,,,false,false,,2019-04-25T19:42:41.000Z,0
CVE-2018-14558,https://securityvulnerability.io/vulnerability/CVE-2018-14558,,"An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted goform/setUsbUnload request. This occurs because the ""formsetUsbUnload"" function executes a dosystemCmd function with untrusted input.",Tenda,Ac7 Firmware,9.8,CRITICAL,0.9477099776268005,true,2021-11-03T00:00:00.000Z,false,false,true,2021-11-03T00:00:00.000Z,,false,false,,2018-10-30T18:00:00.000Z,0
CVE-2018-18732,https://securityvulnerability.io/vulnerability/CVE-2018-18732,,"An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'ntpServer' parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function.",Tenda,Ac7 Firmware,7.5,HIGH,0.001120000029914081,false,,false,false,false,,,false,false,,2018-10-29T12:29:00.000Z,0
CVE-2018-18731,https://securityvulnerability.io/vulnerability/CVE-2018-18731,,"An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceMac' parameter for a post request, the value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function.",Tenda,Ac7 Firmware,7.5,HIGH,0.001120000029914081,false,,false,false,false,,,false,false,,2018-10-29T12:29:00.000Z,0
CVE-2018-18730,https://securityvulnerability.io/vulnerability/CVE-2018-18730,,"An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'startIp' and 'endIp' parameters for a post request, each value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function.",Tenda,Ac7 Firmware,7.5,HIGH,0.001120000029914081,false,,false,false,false,,,false,false,,2018-10-29T12:29:00.000Z,0
CVE-2018-18729,https://securityvulnerability.io/vulnerability/CVE-2018-18729,,"An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a heap-based buffer overflow vulnerability in the router's web server -- httpd. While processing the 'mac' parameter for a post request, the value is directly used in a strcpy to a variable placed on the heap, which can leak sensitive information or even hijack program control flow.",Tenda,Ac7 Firmware,9.8,CRITICAL,0.006649999879300594,false,,false,false,false,,,false,false,,2018-10-29T12:29:00.000Z,0
CVE-2018-18727,https://securityvulnerability.io/vulnerability/CVE-2018-18727,,"An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceList' parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function.",Tenda,Ac7 Firmware,7.5,HIGH,0.001120000029914081,false,,false,false,false,,,false,false,,2018-10-29T12:29:00.000Z,0