cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-3009,https://securityvulnerability.io/vulnerability/CVE-2024-3009,Tenda FH1205 WriteFacMac formWriteFacMac command injection,"A command injection vulnerability exists in the Tenda FH1205 router that could be exploited remotely via the formWriteFacMac function within the /goform/WriteFacMac file. By manipulating the 'mac' argument, an attacker could execute arbitrary commands on the device. This vulnerability has been publicly disclosed, and it is crucial for users to update their firmware to mitigate the risks associated with potential exploitation.",Tenda,Fh1205,8.8,HIGH,0.007170000113546848,false,,false,false,true,2024-03-28T00:15:00.000Z,true,false,false,,2024-03-28T00:15:00.000Z,0
CVE-2024-3012,https://securityvulnerability.io/vulnerability/CVE-2024-3012,Tenda FH1205 GetParentControlInfo stack-based overflow,"A vulnerability exists in the Tenda FH1205 router that affects the GetParentControlInfo function within the /goform/GetParentControlInfo file. This issue stems from improper handling of the 'mac' argument, which can lead to a stack-based buffer overflow. The nature of this vulnerability allows it to be exploited remotely, potentially enabling an attacker to execute arbitrary code or cause unexpected behavior in the device. Public disclosure of this vulnerability raises concerns about the security of Tenda FH1205 products, particularly as the company did not respond to early communications regarding the issue.",Tenda,Fh1205,8.8,HIGH,0.00788000039756298,false,,false,false,true,2024-03-28T00:15:00.000Z,true,false,false,,2024-03-28T00:15:00.000Z,0
CVE-2024-3010,https://securityvulnerability.io/vulnerability/CVE-2024-3010,Tenda FH1205 setcfm formSetCfm stack-based overflow,"A stack-based buffer overflow vulnerability exists in the Tenda FH1205 router's firmware version 2.0.0.7(775), specifically within the function formSetCfm located in the '/goform/setcfm' file. This vulnerability arises due to improper handling of the 'funcpara1' argument, which could be exploited remotely. Attackers may manipulate this vulnerability to execute arbitrary code, leading to potentially severe consequences for affected devices. Despite early notification, there has been no response from the vendor regarding this issue, raising concerns about device security and user safety.",Tenda,Fh1205,8.8,HIGH,0.00788000039756298,false,,false,false,true,2024-03-28T00:15:00.000Z,true,false,false,,2024-03-28T00:15:00.000Z,0
CVE-2024-3011,https://securityvulnerability.io/vulnerability/CVE-2024-3011,Stack-based Buffer Overflow in Tenda FH1205 Router,"A stack-based buffer overflow vulnerability has been identified in the Tenda FH1205 router, specifically within the function formQuickIndex located in the file /goform/QuickIndex. This critical flaw allows attackers to manipulate the PPPOEPassword argument, which could lead to unauthorized remote code execution. Public disclosure of the exploit heightens the risk of active exploitation, underscoring the need for prompt remediation. Despite attempts to contact Tenda regarding this issue, the vendor has yet to respond to potential security concerns raised by the community.",Tenda,Fh1205 Firmware,8.8,HIGH,0.00788000039756298,false,,false,false,false,,,false,false,,2024-03-28T00:15:00.000Z,0
CVE-2024-3007,https://securityvulnerability.io/vulnerability/CVE-2024-3007,Tenda FH1205 NatStaticSetting fromNatStaticSetting stack-based overflow,"A vulnerability has been detected in the Tenda FH1205 router, specifically in the fromNatStaticSetting function of the /goform/NatStaticSetting file. This flaw allows for a stack-based buffer overflow due to improper handling of the argument passed to the function. Attackers might exploit this vulnerability remotely, leading to potential unauthorized access and manipulation of the device's settings. The exploit has been made public, and the vendor has not responded to initial disclosures regarding this significant security risk. Users of affected versions are advised to take immediate action to secure their networks.",Tenda,Fh1205,8.8,HIGH,0.00788000039756298,false,,false,false,true,2024-03-27T23:15:00.000Z,true,false,false,,2024-03-27T23:15:00.000Z,0
CVE-2024-3008,https://securityvulnerability.io/vulnerability/CVE-2024-3008,Tenda FH1205 execCommand formexeCommand stack-based overflow,"A security vulnerability has been identified in the Tenda FH1205 router, specifically in the formexeCommand function located in the /goform/execCommand file. This issue stems from improper handling of the cmdinput argument, leading to a stack-based buffer overflow. The exploit can be executed remotely, potentially allowing attackers to gain unauthorized access or control over the device. Although the vulnerability has been publicly disclosed, communication with the vendor regarding this issue has not been acknowledged. Users of the affected product are advised to take immediate precautions to safeguard their devices.",Tenda,Fh1205,8.8,HIGH,0.00788000039756298,false,,false,false,true,2024-03-27T23:15:00.000Z,true,false,false,,2024-03-27T23:15:00.000Z,0
CVE-2024-3006,https://securityvulnerability.io/vulnerability/CVE-2024-3006,Tenda FH1205 fromRouteStatic fromSetRouteStatic stack-based overflow,"The Tenda FH1205 router has been identified with a vulnerability stemming from the fromSetRouteStatic function located in the /goform/fromRouteStatic file. This weakness occurs due to improper handling of the argument entrys, resulting in a stack-based buffer overflow. Attackers with remote access may exploit this vulnerability, allowing them to manipulate the router's settings. Despite early notifications to Tenda, there was no response from the vendor regarding this serious issue. Timely patching and mitigation measures are critical to safeguard users and their networks from potential exploitation.",Tenda,Fh1205,8.8,HIGH,0.00788000039756298,false,,false,false,true,2024-03-27T23:15:00.000Z,true,false,false,,2024-03-27T23:15:00.000Z,0