cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-41558,https://securityvulnerability.io/vulnerability/CVE-2023-41558,Stack Overflow Vulnerability in Tenda AC7 Router,"A stack overflow vulnerability has been identified in the Tenda AC7 router, specifically in version V1.0 V15.03.06.44. The flaw occurs when the 'timeZone' parameter is improperly handled at the '/goform/SetSysTimeCfg' URL. Exploiting this vulnerability could allow attackers to execute arbitrary code, which poses a significant security risk. Users are encouraged to apply patches and stay informed about security updates to safeguard their network devices.",Tenda,Ac7 Firmware,9.8,CRITICAL,0.001970000099390745,false,,false,false,false,,,false,false,,2023-08-30T00:00:00.000Z,0
CVE-2023-41555,https://securityvulnerability.io/vulnerability/CVE-2023-41555,Stack Overflow Vulnerability in Tenda AC7 Router,"The Tenda AC7 router version V1.0 V15.03.06.44 has been identified to have a stack overflow vulnerability that occurs when the 'security_5g' parameter is processed at the endpoint /goform/WifiBasicSet. This flaw could potentially enable an attacker to execute arbitrary code, compromising the integrity and confidentiality of the device and the network it connects to. Users are advised to review their router settings and apply security updates promptly to mitigate risks associated with this vulnerability.",Tenda,Ac7 Firmware,9.8,CRITICAL,0.001970000099390745,false,,false,false,false,,,false,false,,2023-08-30T00:00:00.000Z,0
CVE-2023-41557,https://securityvulnerability.io/vulnerability/CVE-2023-41557,Stack Overflow Vulnerability in Tenda AC7 and AC5 Routers,"A stack overflow vulnerability has been identified in Tenda AC7 and AC5 routers, specifically through the parameter inputs in the mitInterface accessed via the /goform/addressNat URL. This issue could allow an attacker to execute arbitrary code or disrupt normal operations, posing a significant risk to the network security and data integrity of affected devices.",Tenda,Ac7 Firmware,9.8,CRITICAL,0.001970000099390745,false,,false,false,false,,,false,false,,2023-08-30T00:00:00.000Z,0
CVE-2023-38930,https://securityvulnerability.io/vulnerability/CVE-2023-38930,Stack Overflow Vulnerability in Tenda Networking Products,"Certain Tenda networking products, including the AC7, AC5, AC9, and FH1205, are susceptible to a stack overflow vulnerability. This flaw arises in the addWifiMacFilter function through improper handling of the deviceId parameter. Exploiting this vulnerability could lead to potential unauthorized access or system instability, emphasizing the need for users to apply necessary patches and security updates immediately.",Tenda,Ac7 Firmware,9.8,CRITICAL,0.001970000099390745,false,,false,false,false,,,false,false,,2023-08-07T00:00:00.000Z,0
CVE-2018-14559,https://securityvulnerability.io/vulnerability/CVE-2018-14559,"Buffer Overflow Vulnerability in Tenda AC7, AC9, and AC10 Router Systems","A buffer overflow vulnerability has been identified within the web server of Tenda AC7, AC9, and AC10 routers. This issue arises when the web server improperly handles list parameters in post requests, allowing an attacker to exploit the vulnerable sprintf function. By supplying malicious input, the attacker can overwrite the function's return address stored on the stack, potentially leading to arbitrary code execution and compromising the device's integrity. Users are advised to update their firmware to the latest version to mitigate this security risk.",Tenda,Ac7 Firmware,7.5,HIGH,0.001129999989643693,false,,false,false,false,,,false,false,,2019-04-25T19:44:46.000Z,0
CVE-2018-14557,https://securityvulnerability.io/vulnerability/CVE-2018-14557,Buffer Overflow Vulnerability in Tenda AC Series Routers,"A buffer overflow vulnerability exists in the web server of Tenda AC7, AC9, and AC10 routers. This flaw occurs when processing the page parameters for a post request, where the input is directly written to a local variable on the stack using sprintf. This allows for the potential overwrite of the return address of the function, compromising the security of the device. Users are urged to update their firmware promptly to mitigate these risks.",Tenda,Ac7 Firmware,7.5,HIGH,0.001129999989643693,false,,false,false,false,,,false,false,,2019-04-25T19:42:41.000Z,0
CVE-2018-14558,https://securityvulnerability.io/vulnerability/CVE-2018-14558,,"An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted goform/setUsbUnload request. This occurs because the ""formsetUsbUnload"" function executes a dosystemCmd function with untrusted input.",Tenda,Ac7 Firmware,9.8,CRITICAL,0.9477099776268005,true,2021-11-03T00:00:00.000Z,false,false,true,2021-11-03T00:00:00.000Z,,false,false,,2018-10-30T18:00:00.000Z,0
CVE-2018-18730,https://securityvulnerability.io/vulnerability/CVE-2018-18730,,"An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'startIp' and 'endIp' parameters for a post request, each value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function.",Tenda,Ac7 Firmware,7.5,HIGH,0.001120000029914081,false,,false,false,false,,,false,false,,2018-10-29T12:29:00.000Z,0
CVE-2018-18731,https://securityvulnerability.io/vulnerability/CVE-2018-18731,,"An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceMac' parameter for a post request, the value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function.",Tenda,Ac7 Firmware,7.5,HIGH,0.001120000029914081,false,,false,false,false,,,false,false,,2018-10-29T12:29:00.000Z,0
CVE-2018-18732,https://securityvulnerability.io/vulnerability/CVE-2018-18732,,"An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'ntpServer' parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function.",Tenda,Ac7 Firmware,7.5,HIGH,0.001120000029914081,false,,false,false,false,,,false,false,,2018-10-29T12:29:00.000Z,0
CVE-2018-18707,https://securityvulnerability.io/vulnerability/CVE-2018-18707,,"An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the ""ssid"" parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function.",Tenda,Ac7 Firmware,7.5,HIGH,0.001120000029914081,false,,false,false,false,,,false,false,,2018-10-29T12:29:00.000Z,0
CVE-2018-18729,https://securityvulnerability.io/vulnerability/CVE-2018-18729,,"An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a heap-based buffer overflow vulnerability in the router's web server -- httpd. While processing the 'mac' parameter for a post request, the value is directly used in a strcpy to a variable placed on the heap, which can leak sensitive information or even hijack program control flow.",Tenda,Ac7 Firmware,9.8,CRITICAL,0.006649999879300594,false,,false,false,false,,,false,false,,2018-10-29T12:29:00.000Z,0
CVE-2018-18706,https://securityvulnerability.io/vulnerability/CVE-2018-18706,,"An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the ""page"" parameter of the function ""fromDhcpListClient"" for a request, it is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function.",Tenda,Ac7 Firmware,7.5,HIGH,0.001120000029914081,false,,false,false,false,,,false,false,,2018-10-29T12:29:00.000Z,0
CVE-2018-18727,https://securityvulnerability.io/vulnerability/CVE-2018-18727,,"An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceList' parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function.",Tenda,Ac7 Firmware,7.5,HIGH,0.001120000029914081,false,,false,false,false,,,false,false,,2018-10-29T12:29:00.000Z,0
CVE-2018-18709,https://securityvulnerability.io/vulnerability/CVE-2018-18709,,"An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the ""firewallEn"" parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function.",Tenda,Ac7 Firmware,7.5,HIGH,0.001120000029914081,false,,false,false,false,,,false,false,,2018-10-29T12:29:00.000Z,0
CVE-2018-18708,https://securityvulnerability.io/vulnerability/CVE-2018-18708,,"An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the ""page"" parameter of the function ""fromAddressNat"" for a post request, the value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function.",Tenda,Ac7 Firmware,7.5,HIGH,0.001120000029914081,false,,false,false,false,,,false,false,,2018-10-29T12:29:00.000Z,0
CVE-2018-14492,https://securityvulnerability.io/vulnerability/CVE-2018-14492,,"Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI.",Tenda,Ac7 Firmware,7.5,HIGH,0.0010600000387057662,false,,false,false,false,,,false,false,,2018-07-21T12:29:00.000Z,0