cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-45986,https://securityvulnerability.io/vulnerability/CVE-2021-45986,Command Injection Vulnerability in Tenda G1 and G3 Routers,"Tenda G1 and G3 routers running version v15.11.0.17(9502)_CN are impacted by a command injection vulnerability. This issue occurs in the function formSetUSBShareInfo, allowing attackers to execute arbitrary commands through the usbOrdinaryUserName parameter. Exploitation of this vulnerability could result in unauthorized command execution, potentially compromising the security of the router and the associated network. It is essential for users to implement mitigations and updates to secure their devices.",Tenda,G1 Firmware,9.8,CRITICAL,0.003000000026077032,false,,false,false,false,,,false,false,,2022-02-04T01:33:50.000Z,0
CVE-2021-45987,https://securityvulnerability.io/vulnerability/CVE-2021-45987,Command Injection Vulnerability in Tenda Routers,"A command injection vulnerability has been identified in Tenda routers G1 and G3 versions 15.11.0.17(9502)_CN. This flaw exists in the function formSetNetCheckTools, where improper validation of the hostName parameter allows attackers to execute arbitrary commands. Exploiting this vulnerability could lead to unauthorized access and manipulation of the router's operating system.",Tenda,G1 Firmware,9.8,CRITICAL,0.003000000026077032,false,,false,false,false,,,false,false,,2022-02-04T01:33:48.000Z,0
CVE-2021-45988,https://securityvulnerability.io/vulnerability/CVE-2021-45988,Stack Overflow Vulnerability in Tenda Routers G1 and G3,"Tenda routers G1 and G3, specifically version 15.11.0.17(9502)_CN, have a stack overflow vulnerability in the formAddDnsForward function. This defect exposes the devices to potential denial of service attacks when manipulated through the DnsForwardRule parameter. Attackers exploiting this vulnerability can disrupt the routers' normal operation, leading to service unavailability.",Tenda,G1 Firmware,7.5,HIGH,0.0009800000116229057,false,,false,false,false,,,false,false,,2022-02-04T01:33:47.000Z,0
CVE-2021-45990,https://securityvulnerability.io/vulnerability/CVE-2021-45990,Command Injection Vulnerability in Tenda G1 and G3 Routers,"Tenda routers G1 and G3 are vulnerable to a command injection attack through the 'uploadPicture' function. By manipulating the 'pic_name' parameter, attackers can execute arbitrary commands on the affected devices, potentially compromising network integrity and exposing them to further attacks.",Tenda,G1 Firmware,9.8,CRITICAL,0.0034099998883903027,false,,false,false,false,,,false,false,,2022-02-04T01:33:46.000Z,0
CVE-2021-45989,https://securityvulnerability.io/vulnerability/CVE-2021-45989,Stack Overflow Vulnerability in Tenda Routers G1 and G3,"The Tenda G1 and G3 routers contain a vulnerability that allows for a stack overflow in the guestWifiRuleRefresh function. By exploiting this issue through specific parameters such as qosGuestUpstream and qosGuestDownstream, an attacker can disrupt the normal functioning of the device, leading to a Denial of Service (DoS) condition. This poses a significant risk to users relying on these routers for stable network performance.",Tenda,G1 Firmware,7.5,HIGH,0.0009800000116229057,false,,false,false,false,,,false,false,,2022-02-04T01:33:46.000Z,0
CVE-2021-45991,https://securityvulnerability.io/vulnerability/CVE-2021-45991,Stack Overflow Vulnerability in Tenda G1 and G3 Routers,"Tenda G1 and G3 routers running firmware version 15.11.0.17(9502)_CN are susceptible to a stack overflow vulnerability in the formAddVpnUsers function. This exploit allows attackers to leverage the vpnUsers parameter for executing Denial of Service attacks, potentially disrupting router functionality and affecting users' access to network services.",Tenda,G1 Firmware,7.5,HIGH,0.0009800000116229057,false,,false,false,false,,,false,false,,2022-02-04T01:33:45.000Z,0
CVE-2021-45992,https://securityvulnerability.io/vulnerability/CVE-2021-45992,Stack Overflow Vulnerability in Tenda Routers G1 and G3,"A stack overflow vulnerability has been identified in Tenda routers G1 and G3, versions v15.11.0.17(9502)_CN. This security flaw exists in the function formSetQvlanList which can be exploited by attackers through the qvlanName parameter. Successful exploitation of this vulnerability may lead to a Denial of Service (DoS) condition, disrupting network availability for users reliant on these devices. It is essential for Tenda router users to apply available updates and implement security best practices to mitigate potential risks.",Tenda,G1 Firmware,7.5,HIGH,0.0009800000116229057,false,,false,false,false,,,false,false,,2022-02-04T01:33:44.000Z,0
CVE-2021-45994,https://securityvulnerability.io/vulnerability/CVE-2021-45994,Stack Overflow Vulnerability in Tenda G1 and G3 Routers,"A stack overflow vulnerability was identified in Tenda G1 and G3 routers. This issue exists in the formDelDhcpRule function, specifically related to the delDhcpIndex parameter. By manipulating this parameter, attackers can exploit the stack overflow, potentially causing a denial of service condition that disrupts router functionality. Users should apply necessary security patches and follow best practices to secure their devices against such vulnerabilities.",Tenda,G1 Firmware,7.5,HIGH,0.0009800000116229057,false,,false,false,false,,,false,false,,2022-02-04T01:33:41.000Z,0
CVE-2021-45993,https://securityvulnerability.io/vulnerability/CVE-2021-45993,Stack Overflow Vulnerability in Tenda Routers G1 and G3,"Tenda routers G1 and G3, specifically version v15.11.0.17(9502)_CN, have a stack overflow vulnerability in the formIPMacBindModify function. This issue can be exploited by attackers to execute a Denial of Service (DoS) attack through the manipulation of the IPMacBindRuleIP and IPMacBindRuleMac parameters. As a result, legitimate users may experience service disruptions.",Tenda,G1 Firmware,7.5,HIGH,0.0009800000116229057,false,,false,false,false,,,false,false,,2022-02-04T01:33:41.000Z,0
CVE-2021-45996,https://securityvulnerability.io/vulnerability/CVE-2021-45996,Stack Overflow Vulnerability in Tenda G1 and G3 Routers,"A stack overflow vulnerability exists in the Tenda G1 and G3 routers that can be exploited through the portMappingServer function. Attackers can manipulate various parameters, including portMappingProtocol, portMappingWan, portMappingInternal, and portMappingExternal, to trigger Denial of Service (DoS) conditions. Successful exploitation could render the affected devices inoperable, interrupting network services and impacting users significantly.",Tenda,G1 Firmware,7.5,HIGH,0.001180000021122396,false,,false,false,false,,,false,false,,2022-02-04T01:33:40.000Z,0
CVE-2021-45995,https://securityvulnerability.io/vulnerability/CVE-2021-45995,Stack Overflow Vulnerability in Tenda Routers G1 and G3,"Tenda routers G1 and G3, running firmware version 15.11.0.17(9502)_CN, have been identified to contain a stack overflow vulnerability in the formSetStaticRoute function. This flaw allows attackers to exploit specific parameters related to static routing—namely staticRouteNet, staticRouteMask, and staticRouteGateway—to trigger a Denial of Service (DoS) attack. By manipulating these parameters, malicious individuals can disrupt the normal operation of the routers, thereby impacting network connectivity and performance. Organizations utilizing these affected models should prioritize mitigation strategies to defend against potential exploitation.",Tenda,G1 Firmware,7.5,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2022-02-04T01:33:40.000Z,0
CVE-2021-45997,https://securityvulnerability.io/vulnerability/CVE-2021-45997,Stack Overflow Vulnerability in Tenda Routers G1 and G3,"A stack overflow vulnerability exists in Tenda routers G1 and G3, specifically in the function formSetPortMapping. This security flaw allows an attacker to exploit various parameters related to port mapping, which can lead to a Denial of Service condition. By manipulating the portMappingServer, portMappingProtocol, portMappingWan, portMappingInternal, and portMappingExternal parameters, unauthorized users can disrupt the normal operation of the affected routers, compromising their availability.",Tenda,G1 Firmware,7.5,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2022-02-04T01:33:39.000Z,0
CVE-2022-24164,https://securityvulnerability.io/vulnerability/CVE-2022-24164,Stack Overflow Vulnerability in Tenda Routers G1 and G3,"Tenda routers G1 and G3, specifically version v15.11.0.17(9502)_CN, contain a stack overflow vulnerability in the function formSetVirtualSer. This issue allows attackers to exploit the DnsHijackRule parameter, potentially leading to Denial of Service (DoS) conditions, disrupting network availability and affecting connected devices.",Tenda,G1 Firmware,7.5,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2022-02-04T01:33:04.000Z,0
CVE-2022-24165,https://securityvulnerability.io/vulnerability/CVE-2022-24165,Command Injection Vulnerability in Tenda Routers G1 and G3,"Tenda routers G1 and G3 are susceptible to a command injection vulnerability found in the formSetQvlanList function. By manipulating the qvlanIP parameter, an attacker can execute arbitrary commands on the affected routers, which may lead to unauthorized access and control over the router's functions. This poses a significant risk for users who may have their network security compromised.",Tenda,G1 Firmware,9.8,CRITICAL,0.016939999535679817,false,,false,false,false,,,false,false,,2022-02-04T01:33:02.000Z,0
CVE-2022-24167,https://securityvulnerability.io/vulnerability/CVE-2022-24167,Command Injection Vulnerability in Tenda Routers G1 and G3,"Tenda routers G1 and G3 have a command injection flaw within the formSetDMZ function. Attackers can exploit this vulnerability by sending crafted input via the dmzHost1 parameter, allowing arbitrary command execution on the affected devices. This can lead to unauthorized access or manipulation, emphasizing the need for users to apply relevant patches and secure their network configurations.",Tenda,G1 Firmware,9.8,CRITICAL,0.012009999714791775,false,,false,false,false,,,false,false,,2022-02-04T01:33:01.000Z,0
CVE-2022-24166,https://securityvulnerability.io/vulnerability/CVE-2022-24166,Stack Overflow Vulnerability in Tenda Routers G1 and G3,"Tenda routers G1 and G3, specifically version v15.11.0.17(9502)_CN, are affected by a stack overflow vulnerability in the formSetSysTime function. By exploiting this vulnerability with improper input through the manualTime parameter, attackers can execute a Denial of Service attack, disrupting normal operations of the routers and potentially leaving users vulnerable to further threats.",Tenda,G1 Firmware,7.5,HIGH,0.001180000021122396,false,,false,false,false,,,false,false,,2022-02-04T01:33:01.000Z,0
CVE-2022-24169,https://securityvulnerability.io/vulnerability/CVE-2022-24169,Stack Overflow Vulnerability in Tenda G1 and G3 Routers,"Tenda G1 and G3 routers running firmware version 15.11.0.17 are susceptible to a stack overflow vulnerability within the formIPMacBindAdd function. This flaw enables attackers to exploit the IPMacBindRule parameter, potentially resulting in a Denial of Service (DoS) condition. By crafting specific input, adversaries can disrupt device functionality, leading to service interruptions for users.",Tenda,G1 Firmware,7.5,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2022-02-04T01:32:59.000Z,0
CVE-2022-24168,https://securityvulnerability.io/vulnerability/CVE-2022-24168,Command Injection Vulnerability in Tenda Routers G1 and G3,"Tenda G1 and G3 routers running firmware version 15.11.0.17(9502)_CN have been found to possess a command injection vulnerability within the formSetIpGroup function. This flaw enables remote attackers to execute arbitrary commands via the IPGroupStartIP and IPGroupEndIP parameters, potentially compromising the security of these devices and the network they are connected to.",Tenda,G1 Firmware,9.8,CRITICAL,0.012009999714791775,false,,false,false,false,,,false,false,,2022-02-04T01:32:59.000Z,0
CVE-2022-24170,https://securityvulnerability.io/vulnerability/CVE-2022-24170,Command Injection Vulnerability in Tenda Routers G1 and G3,Tenda routers G1 and G3 contain a command injection vulnerability in the formSetIpSecTunnel function. This flaw allows attackers to execute arbitrary commands by manipulating the IPsecLocalNet and IPsecRemoteNet parameters. Exploiting this vulnerability could lead to unauthorized access and control over sensitive network functionalities.,Tenda,G1 Firmware,9.8,CRITICAL,0.016939999535679817,false,,false,false,false,,,false,false,,2022-02-04T01:32:58.000Z,0
CVE-2022-24171,https://securityvulnerability.io/vulnerability/CVE-2022-24171,Command Injection Vulnerability in Tenda G1 and G3 Routers,"Tenda G1 and G3 routers are vulnerable due to a command injection flaw found in the formSetPppoeServer function. This security issue arises from improper handling of input parameters: pppoeServerIP, pppoeServerStartIP, and pppoeServerEndIP. Exploiting this vulnerability allows an attacker to execute arbitrary commands on the affected devices, potentially compromising the security of the network.",Tenda,G1 Firmware,9.8,CRITICAL,0.016939999535679817,false,,false,false,false,,,false,false,,2022-02-04T01:32:57.000Z,0
CVE-2022-24172,https://securityvulnerability.io/vulnerability/CVE-2022-24172,Stack Overflow Vulnerability in Tenda Routers G1 and G3,"A stack overflow vulnerability has been identified in Tenda routers G1 and G3. Specifically, this issue resides in the function formAddDhcpBindRule, where the addDhcpRules parameter can be exploited by attackers to trigger a Denial of Service (DoS). This flaw can render the affected devices unresponsive, compromising the integrity and availability of network services for users. It is crucial for users of the affected router models to apply appropriate security measures to mitigate potential risks.",Tenda,G1 Firmware,7.5,HIGH,0.001180000021122396,false,,false,false,false,,,false,false,,2022-02-04T01:32:56.000Z,0
CVE-2021-27692,https://securityvulnerability.io/vulnerability/CVE-2021-27692,Command Injection Vulnerability in Tenda G1 and G3 Routers,"A command injection vulnerability exists in Tenda G1 and G3 routers, where attackers can execute arbitrary OS commands remotely. This security flaw arises from the improper handling of user inputs in the 'formSetUSBPartitionUmount' function, which directly invokes the 'doSystemCmd' function without adequate input validation. By sending crafted requests to the 'action/umountUSBPartition' endpoint, an attacker can manipulate the system and gain unauthorized access, potentially compromising the integrity of the device and its network environment.",Tenda,G1 Firmware,9.8,CRITICAL,0.0031500000040978193,false,,false,false,false,,,false,false,,2021-04-16T00:15:00.000Z,0
CVE-2021-27707,https://securityvulnerability.io/vulnerability/CVE-2021-27707,Buffer Overflow Vulnerability in Tenda G1 and G3 Routers,"A critical buffer overflow vulnerability exists in Tenda G1 and G3 routers running firmware v15.11.0.17(9502)_CN. This flaw allows remote attackers to execute arbitrary code on the affected devices by sending a specially crafted request that exploits the 'formDelPortMapping' function. The function improperly handles the 'portMappingIndex' parameter, passing it directly to the strcpy function without adequate bounds checking. This oversight can lead to system compromise and unauthorized access, highlighting the need for timely updates and robust network security practices.",Tenda,G1 Firmware,9.8,CRITICAL,0.00675999978557229,false,,false,false,false,,,false,false,,2021-04-14T15:00:05.000Z,0
CVE-2021-27706,https://securityvulnerability.io/vulnerability/CVE-2021-27706,Buffer Overflow Vulnerability in Tenda G1 and G3 Routers,"A buffer overflow vulnerability exists in Tenda G1 and G3 routers when processing crafted requests. The flaw arises in the 'formIPMacBindDel' function, where user-controlled input is passed to the 'strcpy' function without proper bounds checking. Exploiting this vulnerability could allow remote attackers to execute arbitrary code on the affected devices, posing significant risks to network security and user data.",Tenda,G1 Firmware,9.8,CRITICAL,0.00675999978557229,false,,false,false,false,,,false,false,,2021-04-14T14:55:39.000Z,0
CVE-2021-27705,https://securityvulnerability.io/vulnerability/CVE-2021-27705,Buffer Overflow in Tenda G1 and G3 Routers by Tenda,"A buffer overflow vulnerability exists in Tenda G1 and G3 routers operating on firmware version v15.11.0.17(9502)_CN. This flaw allows remote attackers to execute arbitrary code by sending specially crafted requests that exploit the 'formQOSRuleDel' function. The function inadequately handles the 'qosIndex' parameter, leading to unchecked copying of data into fixed-size memory buffers, thereby allowing for potential remote exploitation.",Tenda,G1 Firmware,9.8,CRITICAL,0.00675999978557229,false,,false,false,false,,,false,false,,2021-04-14T14:52:09.000Z,0