cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-50852,https://securityvulnerability.io/vulnerability/CVE-2024-50852,Command Injection Vulnerability in Tenda G3 Router,"The Tenda G3 v3.0 v15.11.0.20 is vulnerable to a command injection issue through the formSetUSBPartitionUmount function. This vulnerability may allow attackers to execute arbitrary commands on the router, compromising the integrity and availability of the device. Proper remediation mechanisms should be considered to ensure device security and protect against unauthorized access.",Tenda,G3 Firmware,8.8,HIGH,0.0006200000061653554,false,,false,false,false,,,false,false,,2024-11-13T15:15:00.000Z,0
CVE-2024-50854,https://securityvulnerability.io/vulnerability/CVE-2024-50854,Stack Overflow Vulnerability in Tenda G3 from Tenda,"A stack overflow vulnerability has been found in Tenda G3 v3.0 v15.11.0.20 through the formSetPortMapping function. This flaw can potentially allow an attacker to execute arbitrary code or disrupt the normal operation of the device, raising significant security concerns for users relying on this product for secure networking. Proper mitigations and patches are required to safeguard against potential exploitation.",Tenda,G3 Firmware,8.8,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-11-13T15:15:00.000Z,0
CVE-2024-50853,https://securityvulnerability.io/vulnerability/CVE-2024-50853,Command Injection Vulnerability in Tenda G3 Router Firmware,"The Tenda G3 router running firmware version 3.0 v15.11.0.20 contains a command injection vulnerability within the formSetDebugCfg function. This flaw allows an attacker to inject arbitrary commands into the system, which could lead to unauthorized access and manipulation of device configurations. Such vulnerabilities pose significant risks, potentially enabling attackers to execute harmful commands that could compromise the router’s integrity and the security of the network it supports. Users of Tenda G3 routers are advised to review their device settings and apply any available security updates to mitigate the risks associated with this vulnerability.",Tenda,G3 Firmware,8.8,HIGH,0.0006200000061653554,false,,false,false,false,,,false,false,,2024-11-13T15:15:00.000Z,0
CVE-2024-46628,https://securityvulnerability.io/vulnerability/CVE-2024-46628,Remote Code Execution Vulnerability in Tenda G3 Router by Tenda,"The Tenda G3 Router firmware v15.03.05.05 has been identified as having a serious vulnerability that allows remote code execution. Specifically, the issue originates from improper handling of the usbPartitionName parameter in the formSetUSBPartitionUmount function. This flaw can potentially allow attackers to exploit the router, compromising security and enabling unauthorized access to sensitive data or network functionality.",Tenda,G3 Firmware,9.8,CRITICAL,0.0010900000343099236,false,,false,false,false,,,false,false,,2024-09-26T00:00:00.000Z,0
CVE-2024-8225,https://securityvulnerability.io/vulnerability/CVE-2024-8225,Stack-Based Buffer Overflow in Tenda G3 Routers,"A significant stack-based buffer overflow vulnerability has been identified in Tenda G3 routers running version 15.11.0.20, specifically within the 'formSetSysTime' function of the 'SetSysTimeCfg' endpoint. This vulnerability can be exploited remotely by manipulating the 'sysTimePolicy' argument, potentially allowing an attacker to execute arbitrary code on the affected device. The exploit is public and has been disclosed, raising concerns for users' IoT security. Despite early notifications to Tenda, no response has been received, emphasizing the urgency for users to apply available security measures promptly.",Tenda,G3,9.8,CRITICAL,0.003530000103637576,false,,false,false,true,2024-08-27T22:15:00.000Z,true,false,false,,2024-08-27T23:15:00.000Z,0
CVE-2024-8224,https://securityvulnerability.io/vulnerability/CVE-2024-8224,Stack-Based Buffer Overflow in Tenda G3 Router Firmware,"A serious stack-based buffer overflow vulnerability has been discovered in the Tenda G3 router firmware (version 15.11.0.20). This flaw exists in the formSetDebugCfg function within the /goform/setDebugCfg file, where improper handling of the enable, level, or module arguments can lead to potential exploitation. Attackers can exploit this vulnerability remotely, risking the safety of the device and data. Despite early notification to the vendor regarding this issue, there has been no response or patch provided, increasing the urgency for users to be aware of this risk and take appropriate measures to secure their devices.",Tenda,G3 Firmware,9.8,CRITICAL,0.003530000103637576,false,,false,false,false,,,false,false,,2024-08-27T23:15:00.000Z,0
CVE-2024-4165,https://securityvulnerability.io/vulnerability/CVE-2024-4165,Stack-based Buffer Overflow Vulnerability in Tenda G3 Router,"A severe stack-based buffer overflow vulnerability has been identified in the Tenda G3 router's modifyDhcpRule function within the /goform/modifyDhcpRule file. By manipulating the bindDhcpIndex argument, an attacker can exploit this vulnerability to execute arbitrary code remotely. This issue not only allows for unauthorized access to the affected device but could also enable the attacker to disrupt network services or gain control over the router. The vulnerability has been disclosed publicly, raising concerns about its potential exploitation in real-world scenarios. As a precaution, users are strongly advised to assess their devices for security updates and consider the implementation of additional protective measures.",Tenda,G3,8.8,HIGH,0.00044999999227002263,false,,false,false,true,2024-04-25T10:31:04.000Z,true,false,false,,2024-04-25T11:31:04.731Z,0
CVE-2024-4164,https://securityvulnerability.io/vulnerability/CVE-2024-4164,Stack-Based Buffer Overflow in Tenda G3 Router,"A critical vulnerability in the Tenda G3 router can be exploited through the formModifyPppAuthWhiteMac function, located in the /goform/ModifyPppAuthWhiteMac file. An attacker can manipulate the pppoeServerWhiteMacIndex argument, resulting in a stack-based buffer overflow. This security flaw allows for remote attacks, making unauthorized access and potentially harmful actions possible on affected devices. Despite early notifications to the vendor, Tenda has not addressed this serious issue, leaving users at risk of exploitation. It is essential for users of Tenda G3 15.11.0.17(9502) to take immediate precautions to secure their devices.",Tenda,G3,8.8,HIGH,0.00044999999227002263,false,,false,false,true,2024-04-25T09:31:04.000Z,true,false,false,,2024-04-25T10:31:04.703Z,0
CVE-2022-36586,https://securityvulnerability.io/vulnerability/CVE-2022-36586,Buffer Overflow Vulnerability in Tenda G3 Router,"The Tenda G3 router is affected by a buffer overflow vulnerability originating from the improper use of the 'strcpy' function in the HTTP daemon (httpd). This flaw can potentially allow an attacker to execute arbitrary code through crafted requests aimed at the vulnerable function, compromising the device's integrity and security. Users are encouraged to apply available patches and follow best security practices to mitigate risks associated with this vulnerability.",Tenda,G3 Firmware,9.8,CRITICAL,0.0021899999119341373,false,,false,false,false,,,false,false,,2022-09-08T00:15:00.000Z,0
CVE-2022-36585,https://securityvulnerability.io/vulnerability/CVE-2022-36585,Buffer Overflow Vulnerability in Tenda G3 Router,"A buffer overflow vulnerability exists in the Tenda G3 Router’s httpd binary, specifically within the addDhcpRule function. This flaw is triggered by improper handling of input data using the sscanf function. Successful exploitation can lead to unauthorized access or potentially compromise the router’s operation, impacting the overall network security.",Tenda,G3 Firmware,9.8,CRITICAL,0.0021899999119341373,false,,false,false,false,,,false,false,,2022-09-07T23:15:00.000Z,0
CVE-2022-36587,https://securityvulnerability.io/vulnerability/CVE-2022-36587,Buffer Overflow Vulnerability in Tenda G3 Router,"A buffer overflow vulnerability exists in the Tenda G3 router due to improper handling of input in the sprintf function within the httpd binary. This vulnerability could allow an attacker to execute arbitrary code or disrupt the normal operation of the device. Users are advised to review the affected versions and apply any available patches to mitigate potential risks. For further details and updates, refer to official resources.",Tenda,G3 Firmware,9.8,CRITICAL,0.0021899999119341373,false,,false,false,false,,,false,false,,2022-09-07T16:31:12.000Z,0
CVE-2022-36584,https://securityvulnerability.io/vulnerability/CVE-2022-36584,Buffer Overflow Vulnerability in Tenda G3 Router Firmware,"The Tenda G3 router experiences a vulnerability due to a buffer overflow in the getsinglepppuser function, primarily caused by improper handling of user input through the sscanf function. This flaw could allow attackers to execute arbitrary code, potentially compromising the security and functionality of the device. Users of the affected firmware version should take immediate precautions to mitigate risks associated with this vulnerability.",Tenda,G3 Firmware,9.8,CRITICAL,0.003640000009909272,false,,false,false,false,,,false,false,,2022-09-06T16:50:08.000Z,0