cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-4126,https://securityvulnerability.io/vulnerability/CVE-2024-4126,Stack-Based Buffer Overflow in Tenda W15E Router,"A critical security vulnerability has been identified in Tenda's W15E router, specifically in the formSetSysTime function located in the /goform/SetSysTimeCfg file. This vulnerability allows for a stack-based buffer overflow triggered by improper manipulation of the manualTime argument. As a result, attackers may execute remote code, compromising the integrity and security of the device. The exploit for this vulnerability has been publicly disclosed, generating significant concerns regarding IoT device safety. Despite early warnings, Tenda has not responded to notifications regarding this issue, raising further alarm about the potential risks for users of affected products.",Tenda,W15e Firmware,8.8,HIGH,0.00788000039756298,false,,false,false,false,,,false,false,,2024-04-24T20:15:00.000Z,0
CVE-2024-4127,https://securityvulnerability.io/vulnerability/CVE-2024-4127,Stack-Based Buffer Overflow in Tenda W15E Router,"A severe stack-based buffer overflow vulnerability has been identified in the Tenda W15E router's guest Wi-Fi functionality. An attacker can exploit this vulnerability through a manipulation of the qosGuestDownstream argument in the guestWifiRuleRefresh function, potentially allowing for unauthorized remote access and execution of arbitrary code. This issue underscores critical security risks associated with IoT devices and emphasizes the need for immediate updates and patches. The vendor has been notified about this vulnerability, but no response has been recorded as of yet, highlighting a concerning lack of communication regarding security practices.",Tenda,W15e Firmware,8.8,HIGH,0.00788000039756298,false,,false,false,false,,,false,false,,2024-04-24T20:15:00.000Z,0
CVE-2024-4123,https://securityvulnerability.io/vulnerability/CVE-2024-4123,Stack-Based Buffer Overflow in Tenda W15E Router,"A critical security flaw has been identified in the Tenda W15E router, specifically within the function formSetPortMapping located in /goform/SetPortMapping. This vulnerability arises from improper handling of the portMappingServer, portMappingProtocol, portMappingWan, portMappingInternal, and portMappingExternal parameters, which can lead to a stack-based buffer overflow. Such an exploit allows an attacker to remotely execute code by carefully crafting input to the vulnerable parameters. As the exploit has been publicly disclosed, immediate action is advised to mitigate the risk. Users and administrators of the Tenda W15E should review their firmware versions and apply security updates as soon as they become available to protect against potential attacks.",Tenda,W15e Firmware,8.8,HIGH,0.00788000039756298,false,,false,false,false,,,false,false,,2024-04-24T19:15:00.000Z,0
CVE-2024-4125,https://securityvulnerability.io/vulnerability/CVE-2024-4125,Stack-based Buffer Overflow in Tenda W15E Router,"A significant security flaw has been discovered in the Tenda W15E router, specifically within the formSetStaticRoute function located in the /goform/setStaticRoute file. This vulnerability is characterized by a stack-based buffer overflow triggered by improper handling of the 'staticRouteIndex' argument. Attackers can exploit this vulnerability remotely, potentially leading to unauthorized access and control over the affected device. Despite efforts to inform the vendor about the issue, there has been no response, raising concerns about the patching and mitigation of this critical security risk.",Tenda,W15e Firmware,8.8,HIGH,0.00788000039756298,false,,false,false,false,,,false,false,,2024-04-24T19:15:00.000Z,0
CVE-2024-4124,https://securityvulnerability.io/vulnerability/CVE-2024-4124,Stack-based Buffer Overflow in Tenda W15E Product,"A serious stack-based buffer overflow vulnerability has been identified in the Tenda W15E router, specifically affecting the formSetRemoteWebManage function within the /goform/SetRemoteWebManage endpoint. This issue arises from improper handling of the 'remoteIP' argument, which can be exploited by remote attackers to execute arbitrary code. Given that the vendor has not responded to disclosures regarding this vulnerability, users are urged to take immediate precautions, including implementing security best practices and monitoring for any unusual activity.",Tenda,W15e Firmware,8.8,HIGH,0.00788000039756298,false,,false,false,false,,,false,false,,2024-04-24T19:15:00.000Z,0
CVE-2024-4122,https://securityvulnerability.io/vulnerability/CVE-2024-4122,Stack-Based Buffer Overflow in Tenda W15E Router,"A critical stack-based buffer overflow vulnerability exists in the Tenda W15E router, specifically within the formSetDebugCfg function located in the /goform/setDebugCfg file. This vulnerability arises from improper handling of the 'enable', 'level', and 'module' arguments, allowing an attacker to manipulate these inputs and potentially execute arbitrary code. The vulnerability can be exploited remotely, posing a significant risk to users as the exploit has already been publicly disclosed. Despite early notifications to the vendor regarding this issue, there has been no response, increasing the urgency for users to secure their devices.",Tenda,W15e Firmware,8.8,HIGH,0.00788000039756298,false,,false,false,false,,,false,false,,2024-04-24T18:15:00.000Z,0
CVE-2024-4121,https://securityvulnerability.io/vulnerability/CVE-2024-4121,Stack-Based Buffer Overflow in Tenda W15E Router,"A critical stack-based buffer overflow vulnerability has been discovered in the Tenda W15E router running version 15.11.0.14, specifically within the formQOSRuleDel function. This vulnerability arises from improper handling of the qosIndex argument, allowing an attacker to exploit the flaw remotely. If successfully executed, this could lead to unauthorized access and potential control over the affected device. Despite early disclosure attempts, Tenda has not yet responded to this security concern, increasing the urgency for users to take preventative measures such as applying security updates and implementing enhanced network security protocols.",Tenda,W15e Firmware,8.8,HIGH,0.00788000039756298,false,,false,false,false,,,false,false,,2024-04-24T18:15:00.000Z,0
CVE-2024-4120,https://securityvulnerability.io/vulnerability/CVE-2024-4120,Buffer Overflow Vulnerability in Tenda W15E Router,"A severe buffer overflow vulnerability exists in the Tenda W15E router, specifically within the modifyIpMacBind function found in the /goform/modifyIpMacBind file. This flaw is triggered by improper validation of inputs related to the IP mac binding process, specifically the parameters IPMacBindRuleId, IPMacBindRuleIp, IPMacBindRuleMac, and IPMacBindRuleRemark. A successful exploit could allow attackers to execute arbitrary code remotely, potentially compromising the device and gaining unauthorized access to the network. Despite early disclosures to Tenda, no response or remediation actions have been communicated. Organizations using affected versions are urged to apply security practices while awaiting an official patch.",Tenda,W15e Firmware,8.8,HIGH,0.00788000039756298,false,,false,false,false,,,false,false,,2024-04-24T18:15:00.000Z,0
CVE-2024-4119,https://securityvulnerability.io/vulnerability/CVE-2024-4119,Stack-Based Buffer Overflow in Tenda W15E Product,"A critical security vulnerability has been identified in Tenda's W15E routers, specifically affecting version 15.11.0.14. The flaw resides in the formIPMacBindDel function located within the /goform/delIpMacBind file, where improper handling of the IPMacBindIndex argument can lead to a stack-based buffer overflow. This can potentially allow remote attackers to execute arbitrary code, posing serious risks to network security. Despite efforts to notify Tenda about this discovery, no response was received, highlighting a critical need for users to secure their routers against potential exploits. Immediate action is recommended to mitigate the risk associated with this vulnerability.",Tenda,W15e Firmware,8.8,HIGH,0.00788000039756298,false,,false,false,false,,,false,false,,2024-04-24T17:15:00.000Z,0
CVE-2024-4118,https://securityvulnerability.io/vulnerability/CVE-2024-4118,Stack-Based Buffer Overflow in Tenda W15E Product,"A critical vulnerability has been identified in the Tenda W15E router version 15.11.0.14, specifically affecting the functionality of the addIpMacBind feature within the /goform/addIpMacBind file. This vulnerability occurs due to improper handling of the IPMacBindRule argument, which can lead to a stack-based buffer overflow. Attackers can exploit this security flaw remotely, potentially compromising the device and gaining unauthorized access. Public disclosure of this vulnerability has raised awareness among potential attackers, making immediate mitigation measures essential for users of the affected device.",Tenda,W15e Firmware,8.8,HIGH,0.00788000039756298,false,,false,false,false,,,false,false,,2024-04-24T17:15:00.000Z,0
CVE-2024-4117,https://securityvulnerability.io/vulnerability/CVE-2024-4117,Stack-Based Buffer Overflow in Tenda W15E Router,"A severe vulnerability affecting the Tenda W15E router has been identified, stemming from a stack-based buffer overflow in the formDelPortMapping function located in the DelPortMapping endpoint. This vulnerability arises when the portMappingIndex argument is improperly handled, enabling remote attackers to exploit this flaw. The potential for remote exploitation positions this issue as a critical security concern, particularly due to its disclosure to the public. Despite earlier notifications, Tenda has not responded regarding this vulnerability, which necessitates immediate attention and remediation to secure affected devices.",Tenda,W15e Firmware,8.8,HIGH,0.00788000039756298,false,,false,false,false,,,false,false,,2024-04-24T16:15:00.000Z,0
CVE-2024-4115,https://securityvulnerability.io/vulnerability/CVE-2024-4115,Stack-Based Buffer Overflow in Tenda W15E Devices,"A severe stack-based buffer overflow vulnerability has been discovered in the Tenda W15E router, specifically in the function 'formAddDnsForward' within the '/goform/AddDnsForward' file. This flaw allows attackers to manipulate the 'DnsForwardRule' argument, potentially leading to remote exploitation. The risk is heightened as the vulnerability has been publicly disclosed, making affected systems particularly vulnerable to attacks. Tenda has been made aware of this issue but has yet to respond, raising concerns about the immediate need for users to secure their devices.",Tenda,W15e Firmware,8.8,HIGH,0.00788000039756298,false,,false,false,false,,,false,false,,2024-04-24T16:15:00.000Z,0
CVE-2023-27063,https://securityvulnerability.io/vulnerability/CVE-2023-27063,Buffer Overflow Vulnerability in Tenda Router Product,"A buffer overflow vulnerability exists in Tenda V15 routers through the DNSDomainName parameter in the formModifyDnsForward function. This flaw can be exploited by attackers sending specially crafted requests, potentially leading to a Denial of Service (DoS) condition, rendering the device unresponsive and affecting its operational integrity.",Tenda,W15e Firmware,9.8,CRITICAL,0.0020099999383091927,false,,false,false,false,,,false,false,,2023-03-13T00:00:00.000Z,0
CVE-2023-27061,https://securityvulnerability.io/vulnerability/CVE-2023-27061,Buffer Overflow Vulnerability in Tenda V15 Router,"A buffer overflow vulnerability has been identified in the Tenda V15 router, specifically within the modifyWifiFilterRules function. This security flaw arises due to improper handling of the wifiFilterListRemark parameter, which can be exploited by sending a specially crafted request. Successful exploitation may lead to a Denial of Service (DoS), preventing legitimate users from accessing the device.",Tenda,W15e Firmware,9.8,CRITICAL,0.0020099999383091927,false,,false,false,false,,,false,false,,2023-03-13T00:00:00.000Z,0
CVE-2023-27062,https://securityvulnerability.io/vulnerability/CVE-2023-27062,Buffer Overflow Vulnerability in Tenda Router Products,"The buffer overflow vulnerability in Tenda V15V1.0, specifically within the formPortalAuth function, enables attackers to exploit the gotoUrl parameter. By crafting malicious requests, attackers can trigger a Denial of Service (DoS), impacting the availability and functionality of the affected device. This poses a significant risk to network security, as unauthorized access or service interruptions may occur.",Tenda,W15e Firmware,7.5,HIGH,0.0005699999746866524,false,,false,false,false,,,false,false,,2023-03-13T00:00:00.000Z,0
CVE-2023-27064,https://securityvulnerability.io/vulnerability/CVE-2023-27064,Buffer Overflow Vulnerability in Tenda V15 Product,"The Tenda V15, specifically version 1.0 V15.11.0.14, is impacted by a buffer overflow vulnerability caused by improper handling of the index parameter in the formDelDnsForward function. Exploitation of this vulnerability could allow an attacker to execute a specially crafted request, resulting in Denial of Service (DoS). This vulnerability highlights significant concerns regarding the security of IoT devices and the potential for service disruption.",Tenda,W15e Firmware,7.5,HIGH,0.0005699999746866524,false,,false,false,false,,,false,false,,2023-03-13T00:00:00.000Z,0
CVE-2023-27065,https://securityvulnerability.io/vulnerability/CVE-2023-27065,Buffer Overflow Vulnerability in Tenda V15 Router Product,"A buffer overflow vulnerability exists within the Tenda V15 router, specifically in the formDelWewifiPi function's picName parameter. This flaw can be exploited by attackers to execute crafted requests, leading to a Denial of Service (DoS) condition, effectively disrupting the normal operation of the device and potentially compromising network security.",Tenda,W15e Firmware,7.5,HIGH,0.0005699999746866524,false,,false,false,false,,,false,false,,2023-03-13T00:00:00.000Z,0
CVE-2022-40843,https://securityvulnerability.io/vulnerability/CVE-2022-40843,Improper Authorization in Tenda AC1200 Router by Tenda,"The Tenda AC1200 V-W15Ev2 router has a significant vulnerability related to improper authorization and session management. This flaw allows authenticated attackers to bypass the router's login page, granting them unauthorized access. Once inside, attackers can read sensitive information within the router's syslog.log file, which contains the MD5 hashed password for the Administrator's account. This vulnerability poses a serious risk to the security and integrity of the router, potentially compromising user data and network security.",Tenda,W15e Firmware,4.9,MEDIUM,0.08737999945878983,false,,false,false,false,,,false,false,,2022-11-15T00:00:00.000Z,0
CVE-2022-42058,https://securityvulnerability.io/vulnerability/CVE-2022-42058,Stack Overflow Vulnerability in Tenda AC1200 Router by Tenda,"The Tenda AC1200 Router Model W15Ev2, specifically version V15.11.0.10(1576), contains a stack overflow vulnerability in its setRemoteWebManage function. This flaw allows unauthorized attackers to exploit the system by sending specially crafted overflow data, which may lead to a Denial of Service (DoS). Organizations using this router should implement necessary patches or mitigations to safeguard their network against potential attacks.",Tenda,W15e Firmware,9.8,CRITICAL,0.0031900000758469105,false,,false,false,false,,,false,false,,2022-11-15T00:00:00.000Z,0
CVE-2022-42053,https://securityvulnerability.io/vulnerability/CVE-2022-42053,Command Injection Vulnerability in Tenda AC1200 Router W15Ev2,"The Tenda AC1200 Router Model W15Ev2 is susceptible to a command injection loophole through the PortMappingServer parameter in the setPortMapping function. This vulnerability allows attackers to execute arbitrary commands on the affected device, potentially compromising network security and enabling unauthorized access to sensitive data and functionality. Proper updates and patches must be applied by users to mitigate risks associated with this vulnerability.",Tenda,W15e Firmware,7.8,HIGH,0.0008500000112690032,false,,false,false,false,,,false,false,,2022-11-15T00:00:00.000Z,0
CVE-2022-41395,https://securityvulnerability.io/vulnerability/CVE-2022-41395,Command Injection Vulnerability in Tenda AC1200 Router from Tenda,"The Tenda AC1200 Router Model W15Ev2 has a command injection vulnerability that can be exploited through the dmzHost parameter within the setDMZ function. This issue allows an attacker to execute arbitrary commands on the device, potentially compromising the router's integrity and security. Users are advised to apply security patches and monitor their network for any suspicious activity.",Tenda,W15e Firmware,7.8,HIGH,0.0009599999757483602,false,,false,false,false,,,false,false,,2022-11-15T00:00:00.000Z,0
CVE-2022-40846,https://securityvulnerability.io/vulnerability/CVE-2022-40846,Stored Cross Site Scripting Vulnerability in Tenda AC1200 Router,"The Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576) contains a Stored Cross Site Scripting (XSS) vulnerability. This flaw permits attackers to inject and execute malicious JavaScript code through stored hostnames in the application, potentially compromising the security of the device and exposing sensitive user data. Ensuring timely updates and implementing security measures can mitigate the risks associated with this vulnerability.",Tenda,W15e Firmware,4.8,MEDIUM,0.0005099999834783375,false,,false,false,false,,,false,false,,2022-11-15T00:00:00.000Z,0
CVE-2022-40845,https://securityvulnerability.io/vulnerability/CVE-2022-40845,Password Exposure Vulnerability in Tenda AC1200 Router by Tenda,The Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576) is susceptible to a password exposure vulnerability. This issue arises from inadequate session management and improper authorization processes. An attacker with access to the router could exploit this vulnerability to access sensitive information that should otherwise remain protected. It is crucial for users of this router model to take preventive actions to secure their network and sensitive data.,Tenda,W15e Firmware,6.5,MEDIUM,0.0008500000112690032,false,,false,false,false,,,false,false,,2022-11-15T00:00:00.000Z,0
CVE-2022-40844,https://securityvulnerability.io/vulnerability/CVE-2022-40844,Stored Cross Site Scripting Vulnerability in Tenda AC1200 Router,"The Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576) is susceptible to a Stored Cross Site Scripting (XSS) vulnerability. This security flaw allows attackers to inject and execute malicious JavaScript code through the router's website filtering tab, particularly within the URL body. Successful exploitation of this vulnerability could lead to unauthorized actions being executed on behalf of legitimate users, compromising the integrity and confidentiality of the user's data.",Tenda,W15e Firmware,5.4,MEDIUM,0.0005099999834783375,false,,false,false,false,,,false,false,,2022-11-15T00:00:00.000Z,0
CVE-2022-42060,https://securityvulnerability.io/vulnerability/CVE-2022-42060,Stack Overflow Vulnerability in Tenda AC1200 Router,"The Tenda AC1200 router Model W15Ev2 firmware version V15.11.0.10(1576) is susceptible to a stack overflow vulnerability in the setWanPpoe function. This security flaw enables potential attackers to exploit the device by sending specially crafted data, leading to a Denial of Service (DoS) condition. As a result, the router may become unresponsive, interrupting network service and affecting users connected to the device.",Tenda,W15e Firmware,7.5,HIGH,0.0015399999683722854,false,,false,false,false,,,false,false,,2022-11-15T00:00:00.000Z,0