cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-49437,https://securityvulnerability.io/vulnerability/CVE-2023-49437,Command Injection Vulnerability in Tenda AX12 Router,"A command injection vulnerability was identified in the Tenda AX12 router, specifically in the 'list' parameter of the /goform/SetNetControlList endpoint. This flaw could allow an attacker to execute arbitrary commands on the device, potentially compromising network integrity and security.",Tenda,Ax12 Firmware,9.8,CRITICAL,0.03897000104188919,false,,false,false,false,,,false,false,,2023-12-07T00:00:00.000Z,0
CVE-2023-49428,https://securityvulnerability.io/vulnerability/CVE-2023-49428,Command Injection Vulnerability in Tenda AX12 Router,"A command injection flaw has been identified in the Tenda AX12 router, specifically within the 'mac' parameter at the /goform/SetOnlineDevName endpoint. This vulnerability allows an attacker to inject arbitrary commands into the system, potentially leading to unauthorized access and manipulation of the device. Users of the affected version should take immediate action to safeguard their devices and networks.",Tenda,Ax12 Firmware,9.8,CRITICAL,0.03897000104188919,false,,false,false,false,,,false,false,,2023-12-07T00:00:00.000Z,0
CVE-2023-49426,https://securityvulnerability.io/vulnerability/CVE-2023-49426,Stack Overflow Vulnerability in Tenda AX12 Router,"The Tenda AX12 router version V22.03.01.46 has been identified with a stack overflow vulnerability present in the 'list' parameter at the endpoint '/goform/SetStaticRouteCfg'. This flaw could potentially allow an attacker to exploit the device, leading to unexpected behavior or denial of service. Users are encouraged to update their device firmware to mitigate risks associated with this vulnerability.",Tenda,Ax12 Firmware,9.8,CRITICAL,0.0017999999690800905,false,,false,false,false,,,false,false,,2023-12-07T00:00:00.000Z,0
CVE-2023-49425,https://securityvulnerability.io/vulnerability/CVE-2023-49425,Stack Overflow Vulnerability in Tenda AX12 Router,"The Tenda AX12 V22.03.01.46 is susceptible to a stack overflow vulnerability that can be triggered through the deviceList parameter within the /goform/setMacFilterCfg endpoint. This flaw may allow attackers to potentially execute arbitrary code or disrupt the normal functioning of the device, posing a significant risk to network security. Users are advised to monitor their devices and apply any available security updates.",Tenda,Ax12 Firmware,9.8,CRITICAL,0.0017999999690800905,false,,false,false,false,,,false,false,,2023-12-07T00:00:00.000Z,0
CVE-2023-49424,https://securityvulnerability.io/vulnerability/CVE-2023-49424,Stack Overflow Vulnerability in Tenda AX12 by Tenda,"The Tenda AX12 device, specifically version V22.03.01.46, has been found to contain a stack overflow vulnerability that arises from improper handling of input parameters in the '/goform/SetVirtualServerCfg' endpoint. This vulnerability could potentially allow attackers to execute arbitrary code, leading to unauthorized access or manipulation of the device's settings. Users are encouraged to update their firmware promptly to mitigate potential security risks.",Tenda,Ax12 Firmware,9.8,CRITICAL,0.0017500000540167093,false,,false,false,false,,,false,false,,2023-12-07T00:00:00.000Z,0
CVE-2022-45995,https://securityvulnerability.io/vulnerability/CVE-2022-45995,Unauthorized Buffer Overflow in Tenda AX12 Router,"An unauthorized buffer overflow vulnerability exists in the Tenda AX12 router version 22.03.01.21_cn. This security flaw could potentially lead to the web service becoming unresponsive, and in some instances, may allow an attacker to execute arbitrary code on the device. Users of affected versions should take immediate steps to update their firmware to mitigate this risk.",Tenda,Ax12 Firmware,9.8,CRITICAL,0.0023799999617040157,false,,false,false,false,,,false,false,,2023-01-05T00:00:00.000Z,0
CVE-2022-45977,https://securityvulnerability.io/vulnerability/CVE-2022-45977,Command Injection Vulnerability in Tenda AX12 Router by Tenda,"The Tenda AX12 Router, specifically version V22.03.01.21_CN, is susceptible to a command injection vulnerability through the /goform/setMacFilterCfg function. This security flaw allows an attacker to execute arbitrary commands on the device, potentially compromising its integrity and allowing unauthorized access to network resources.",Tenda,Ax12 Firmware,8.8,HIGH,0.0032500000670552254,false,,false,false,false,,,false,false,,2022-12-12T00:00:00.000Z,0
CVE-2022-45980,https://securityvulnerability.io/vulnerability/CVE-2022-45980,Cross-Site Request Forgery Vulnerability in Tenda AX12 Router,The Tenda AX12 router version V22.03.01.21_CN is prone to a Cross-Site Request Forgery (CSRF) vulnerability. This security flaw can allow an attacker to induce a user to perform unintended actions on the router without their knowledge. Proper authentication and protection mechanisms should have been implemented to mitigate such vulnerabilities.,Tenda,Ax12 Firmware,8.8,HIGH,0.0017099999822676182,false,,false,false,false,,,false,false,,2022-12-12T00:00:00.000Z,0
CVE-2022-45979,https://securityvulnerability.io/vulnerability/CVE-2022-45979,Stack Overflow Vulnerability in Tenda AX12 Router,"The Tenda AX12 Router, specifically version v22.03.01.21_CN, is affected by a stack overflow vulnerability that arises through improper handling of the 'ssid' parameter within the '/goform/fast_setting_wifi_set' endpoint. This flaw may allow an attacker to exploit the stack overflow, potentially leading to unauthorized access or disruption of service on the device.",Tenda,Ax12 Firmware,7.5,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2022-12-12T00:00:00.000Z,0
CVE-2022-45043,https://securityvulnerability.io/vulnerability/CVE-2022-45043,Command Injection in Tenda AX12 Router,"The Tenda AX12 Router version V22.03.01.16_cn is susceptible to command injection attacks via the goform/fast_setting_internet_set endpoint. This vulnerability allows an attacker to execute arbitrary commands on the device, potentially compromising the integrity and security of the network environment. It is crucial for users to apply the necessary updates and security measures to mitigate this risk.",Tenda,Ax12 Firmware,8.8,HIGH,0.0032500000670552254,false,,false,false,false,,,false,false,,2022-12-12T00:00:00.000Z,0
CVE-2022-37292,https://securityvulnerability.io/vulnerability/CVE-2022-37292,Buffer Overflow Vulnerability in Tenda AX12 Router,"The Tenda AX12 router is susceptible to a buffer overflow vulnerability due to improper handling of requests in the sub_42FDE4 function. When a post request is made under the /goform/SetIpMacBind endpoint, an overflow may occur, potentially allowing unauthorized access or manipulation of system resources. It is crucial for users to address this vulnerability to protect their devices and network integrity.",Tenda,Ax12 Firmware,5.5,MEDIUM,0.0006000000284984708,false,,false,false,false,,,false,false,,2022-08-25T15:07:34.000Z,0
CVE-2022-28917,https://securityvulnerability.io/vulnerability/CVE-2022-28917,Stack Overflow Vulnerability in Tenda AX12 Router,"A stack overflow vulnerability exists in the Tenda AX12 Router, specifically impacting the lanIp parameter in the /goform/AdvSetLanIp endpoint. This flaw could potentially allow an attacker to exploit the router's functionality, leading to unauthorized access or system instability. Mitigating this vulnerability is crucial for maintaining the integrity and security of network devices.",Tenda,Ax12 Firmware,7.5,HIGH,0.001180000021122396,false,,false,false,false,,,false,false,,2022-05-18T15:28:49.000Z,0
CVE-2022-28082,https://securityvulnerability.io/vulnerability/CVE-2022-28082,Stack Overflow Vulnerability in Tenda AX12 Router,"A stack overflow vulnerability has been identified in the Tenda AX12 Router, specifically affecting version v22.03.01.21_CN. This issue arises from improper handling of the 'list' parameter in the /goform/SetNetControlList endpoint, which could be exploited by malicious actors to execute arbitrary code or cause a denial of service. It is crucial for users and administrators to apply appropriate security measures to safeguard their devices against potential attacks that exploit this vulnerability.",Tenda,Ax12 Firmware,9.8,CRITICAL,0.0033400000538676977,false,,false,false,false,,,false,false,,2022-05-04T13:09:46.000Z,0
CVE-2022-28561,https://securityvulnerability.io/vulnerability/CVE-2022-28561,Stack Overflow Vulnerability in Tenda AX12 Router's HTTP Service,"A stack overflow vulnerability has been identified in the /goform/setMacFilterCfg function of the httpd service in Tenda's AX12 router. Exploiting this vulnerability allows attackers to craft a specific payload that can lead to unauthorized access, enabling them to establish a stable shell on the device. This could potentially lead to further unauthorized actions on the network, raising serious security concerns for users relying on the affected router model.",Tenda,Ax12 Firmware,9.8,CRITICAL,0.0033400000538676977,false,,false,false,false,,,false,false,,2022-05-03T15:21:47.000Z,0
CVE-2022-27374,https://securityvulnerability.io/vulnerability/CVE-2022-27374,Cross-Site Request Forgery Vulnerability in Tenda Router Firmware,"The Tenda AX12 router firmware is susceptible to a Cross-Site Request Forgery (CSRF) attack. This vulnerability can be exploited through specific functions, allowing unauthorized commands to be sent on behalf of an authenticated user without their consent. Attackers can leverage this flaw to manipulate router settings, leading to potential security breaches and unauthorized access. Users are advised to take precautions and update their firmware to protect against potential exploits.",Tenda,Ax12 Firmware,6.5,MEDIUM,0.0006799999973736703,false,,false,false,false,,,false,false,,2022-04-25T15:46:58.000Z,0
CVE-2022-27375,https://securityvulnerability.io/vulnerability/CVE-2022-27375,Cross-Site Request Forgery Vulnerability in Tenda AX12 Router,"The Tenda AX12 router version V22.03.01.21_CN is affected by a Cross-Site Request Forgery (CSRF) vulnerability, specifically through the function sub_422168 located at /goform/WifiExtraSet. This flaw may allow an attacker to trick a user into executing unwanted actions on the router without their consent, potentially compromising the security of the device and network.",Tenda,Ax12 Firmware,6.5,MEDIUM,0.0006799999973736703,false,,false,false,false,,,false,false,,2022-04-25T15:46:49.000Z,0
CVE-2022-25561,https://securityvulnerability.io/vulnerability/CVE-2022-25561,Stack Overflow Vulnerability in Tenda AX12 Router,"A stack overflow vulnerability has been identified in Tenda AX12 v22.03.01.21. This flaw is found within the sub_42DE00 function, where improper handling of the list parameter can lead to a Denial of Service (DoS) condition. Attackers exploiting this vulnerability can disrupt the normal operations of the device, making it unresponsive.",Tenda,Ax12 Firmware,7.5,HIGH,0.001180000021122396,false,,false,false,false,,,false,false,,2022-03-10T17:47:00.000Z,0
CVE-2022-25560,https://securityvulnerability.io/vulnerability/CVE-2022-25560,Stack Overflow Vulnerability in Tenda AX12 Router,"A stack overflow vulnerability has been identified in the Tenda AX12 router version 22.03.01.21. This flaw exists in the sub_4327CC function and can be exploited by attackers to create a Denial of Service (DoS) condition. By sending specially crafted input through the list parameter, unauthorized users can disrupt the normal functioning of the device, leading to unavailability and impacting users. It is crucial for users of affected devices to apply the necessary security patches to mitigate this risk.",Tenda,Ax12 Firmware,7.5,HIGH,0.001180000021122396,false,,false,false,false,,,false,false,,2022-03-10T17:47:00.000Z,0
CVE-2022-25556,https://securityvulnerability.io/vulnerability/CVE-2022-25556,Stack Overflow Vulnerability in Tenda AX12 Router,"The Tenda AX12 v22.03.01.21 has a stack overflow vulnerability identified in the function sub_42E328. This flaw allows remote attackers to exploit the list parameter, potentially leading to a Denial of Service (DoS) condition. Such vulnerabilities can impact the availability of network services on affected devices, emphasizing the importance of securing home and office networks. Keeping firmware up to date is crucial to mitigate risks associated with this and similar vulnerabilities.",Tenda,Ax12 Firmware,7.5,HIGH,0.001180000021122396,false,,false,false,false,,,false,false,,2022-03-10T17:47:00.000Z,0
CVE-2021-46408,https://securityvulnerability.io/vulnerability/CVE-2021-46408,Buffer Overflow Vulnerability in Tenda AX12 Router,"The Tenda AX12 router, specifically version 22.03.01.21, is affected by a stack buffer overflow vulnerability in the function sub_422CE4. This flaw arises from improper handling of user input in the strcpy function, which can allow remote attackers to force a Denial of Service (DoS) condition, potentially disrupting network accessibility or functionality.",Tenda,Ax12 Firmware,7.5,HIGH,0.001180000021122396,false,,false,false,false,,,false,false,,2022-03-10T17:44:00.000Z,0
CVE-2021-45391,https://securityvulnerability.io/vulnerability/CVE-2021-45391,Buffer Overflow in Tenda Router AX12 by Tenda,"A buffer overflow vulnerability has been detected in the Tenda Router AX12 specifically within the setIPv6Status function of the HTTP daemon. This vulnerability occurs due to improper handling of the conType parameter, which can lead to a Denial of Service condition. Exploitation of this vulnerability may allow an attacker to disrupt the normal operation of the router, making the device inaccessible for legitimate users.",Tenda,Ax12 Firmware,7.5,HIGH,0.0021800000686198473,false,,false,false,false,,,false,false,,2022-02-16T13:13:26.000Z,0
CVE-2021-45392,https://securityvulnerability.io/vulnerability/CVE-2021-45392,Buffer Overflow in Tenda AX12 Router Affecting Network Performance,"A buffer overflow vulnerability has been identified in the Tenda AX12 Router, specifically within the sub_422CE4 function, which is triggered by the prefixDelegate parameter in the /goform/setIPv6Status page. This flaw can result in denial of service, potentially disrupting network connectivity and performance for users. It is crucial for users to take preventive measures and apply updates as necessary to safeguard their devices.",Tenda,Ax12 Firmware,7.5,HIGH,0.0021800000686198473,false,,false,false,false,,,false,false,,2022-02-14T16:25:58.000Z,0