cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-4171,https://securityvulnerability.io/vulnerability/CVE-2024-4171,Stack-Based Buffer Overflow in Tenda W30E Routers,"A critical vulnerability has been identified in Tenda W30E routers, specifically within the fromWizardHandle function located in the /goform/WizardHandle file. This vulnerability arises due to improper handling of the PPW argument, leading to a stack-based buffer overflow that can be exploited remotely. As the exploit has been made publicly available, devices running affected versions are at significant risk. Users are advised to implement security measures promptly, as the vendor has not provided an official response or patch for this vulnerability.",Tenda,W30e,8.8,HIGH,0.00044999999227002263,false,,false,false,true,2024-04-25T12:31:05.000Z,true,false,false,,2024-04-25T13:31:05.998Z,0
CVE-2024-3881,https://securityvulnerability.io/vulnerability/CVE-2024-3881,Tenda W30E frmL7ProtForm frmL7PlotForm stack-based overflow,"A security vulnerability has been identified in the Tenda W30E device, specifically within the frmL7ProtForm function located in the /goform/frmL7ProtForm file. This issue stems from improper handling of the 'page' argument, which can lead to a stack-based buffer overflow. Attackers can exploit this vulnerability remotely, potentially allowing for unauthorized code execution or system compromise. The public disclosure of this exploit underscores the urgency for users to secure their devices. Despite early outreach to the vendor regarding the vulnerability, there has been no response from Tenda.",Tenda,W30e,8.8,HIGH,0.0022100000642240047,false,,false,false,true,2024-04-16T19:15:00.000Z,true,false,false,,2024-04-16T20:15:00.000Z,0
CVE-2024-3882,https://securityvulnerability.io/vulnerability/CVE-2024-3882,Tenda W30E fromRouteStatic stack-based overflow,"A vulnerability exists in the Tenda W30E router, specifically within the fromRouteStatic function located in the /goform/fromRouteStatic file. An attacker can manipulate the 'page' argument, resulting in a stack-based buffer overflow that can be exploited remotely. Public disclosure of the vulnerability raises concerns about its potential exploitation, as no response from the vendor was recorded following initial contact about this issue. This flaw could potentially allow attackers to execute arbitrary code, compromising the integrity and availability of affected devices.",Tenda,W30e,8.8,HIGH,0.0022100000642240047,false,,false,false,true,2024-04-16T19:15:00.000Z,true,false,false,,2024-04-16T20:15:00.000Z,0
CVE-2023-49404,https://securityvulnerability.io/vulnerability/CVE-2023-49404,Stack Overflow Vulnerability in Tenda W30E Router,"The Tenda W30E router version V16.01.0.12(4843) is susceptible to a stack overflow vulnerability discovered in the function formAdvancedSetListSet. This vulnerability can potentially allow an attacker to execute arbitrary code or cause the router to crash, leading to a denial of service. Users of this affected product should consider updating their firmware or implementing additional security measures to mitigate the risks associated with this vulnerability.",Tenda,W30e Firmware,9.8,CRITICAL,0.0017999999690800905,false,,false,false,false,,,false,false,,2023-12-07T00:00:00.000Z,0
CVE-2023-49405,https://securityvulnerability.io/vulnerability/CVE-2023-49405,Stack Overflow Vulnerability in Tenda W30E by Tenda,"The Tenda W30E device has a vulnerability that allows a stack overflow through the UploadCfg function, potentially leading to unauthorized access or remote code execution. Users are advised to update their devices to rectify this issue and enhance their security posture.",Tenda,W30e Firmware,9.8,CRITICAL,0.0017999999690800905,false,,false,false,false,,,false,false,,2023-12-07T00:00:00.000Z,0
CVE-2023-49406,https://securityvulnerability.io/vulnerability/CVE-2023-49406,Command Execution Vulnerability in Tenda W30E Router,"The Tenda W30E V16.01.0.12(4843) router is susceptible to a command execution vulnerability that arises from the improper handling of user input in the /goform/telnet function. An attacker can exploit this flaw to execute arbitrary commands on the device, potentially compromising network integrity and allowing unauthorized access to sensitive configurations. It is crucial for users of this router to assess their security posture and apply necessary patches or mitigations to safeguard against potential exploits.",Tenda,W30e Firmware,9.8,CRITICAL,0.0036700000055134296,false,,false,false,false,,,false,false,,2023-12-07T00:00:00.000Z,0
CVE-2023-49410,https://securityvulnerability.io/vulnerability/CVE-2023-49410,Stack Overflow Vulnerability in Tenda W30E by Tenda,"The Tenda W30E, specifically version 16.01.0.12, has been identified with a stack overflow vulnerability originating from the 'set_wan_status' function. This flaw can be exploited to disrupt the normal functioning of the device, potentially allowing an attacker to execute arbitrary code or crash the system. Organizations utilizing this router model should take immediate action to assess their security posture and apply available patches to mitigate any potential risks associated with this vulnerability.",Tenda,W30e Firmware,9.8,CRITICAL,0.0017999999690800905,false,,false,false,false,,,false,false,,2023-12-07T00:00:00.000Z,0
CVE-2023-49999,https://securityvulnerability.io/vulnerability/CVE-2023-49999,Command Injection Vulnerability in Tenda W30E Router,"A command injection vulnerability has been identified in the Tenda W30E router, specifically in the 'setUmountUSBPartition' function. This flaw allows attackers to execute arbitrary commands on the device, potentially compromising the integrity and confidentiality of the system. The identified version V16.01.0.12(4843) is particularly affected, highlighting the need for immediate attention to secure network infrastructure.",Tenda,W30e Firmware,9.8,CRITICAL,0.014220000244677067,false,,false,false,false,,,false,false,,2023-12-07T00:00:00.000Z,0
CVE-2023-50000,https://securityvulnerability.io/vulnerability/CVE-2023-50000,Stack Overflow Vulnerability in Tenda W30E Router,"A stack overflow vulnerability has been identified in the Tenda W30E router, specifically in the function formResetMeshNode. This flaw could potentially allow an attacker to execute arbitrary code or disrupt the normal operation of the router, posing a significant risk to network security. Users of the affected version should take immediate steps to secure their devices.",Tenda,W30e Firmware,9.8,CRITICAL,0.0017999999690800905,false,,false,false,false,,,false,false,,2023-12-07T00:00:00.000Z,0
CVE-2023-50001,https://securityvulnerability.io/vulnerability/CVE-2023-50001,Stack Overflow Vulnerability in Tenda W30E Router by Tenda,"The Tenda W30E router has been identified with a stack overflow vulnerability within the formUpgradeMeshOnline function. This flaw could potentially be exploited by attackers to disrupt the normal operation of the device, potentially granting unauthorized access or control over the router's functionalities. Users should ensure that their firmware is updated to mitigate any security risks associated with this vulnerability.",Tenda,W30e Firmware,9.8,CRITICAL,0.0017999999690800905,false,,false,false,false,,,false,false,,2023-12-07T00:00:00.000Z,0
CVE-2023-50002,https://securityvulnerability.io/vulnerability/CVE-2023-50002,Stack Overflow Vulnerability in Tenda W30E Router,"A significant stack overflow vulnerability was found in the Tenda W30E router, specifically in the function responsible for rebooting mesh nodes. This flaw could be exploited by attackers to execute arbitrary code or cause unintended behavior, compromising the router’s integrity and potentially exposing the network to further risks.",Tenda,W30e Firmware,9.8,CRITICAL,0.0017999999690800905,false,,false,false,false,,,false,false,,2023-12-07T00:00:00.000Z,0
CVE-2023-49411,https://securityvulnerability.io/vulnerability/CVE-2023-49411,Stack Overflow Vulnerability in Tenda W30E Router,"The Tenda W30E router (version V16.01.0.12(4843)) is susceptible to a stack overflow vulnerability triggered by the function formDeleteMeshNode. This flaw could enable attackers to exploit the device, potentially compromising the security and functionality of the network. Users should take immediate measures to secure their devices and apply any available updates.",Tenda,W30e Firmware,9.8,CRITICAL,0.0017999999690800905,false,,false,false,false,,,false,false,,2023-12-07T00:00:00.000Z,0
CVE-2023-49402,https://securityvulnerability.io/vulnerability/CVE-2023-49402,Stack Overflow Vulnerability in Tenda W30E Router by Tenda Technologies,"The Tenda W30E router has been identified to have a stack overflow vulnerability within the localMsg function, potentially allowing attackers to exploit this flaw. If successfully exploited, this vulnerability could lead to unauthorized access and control over the affected device, compromising network integrity and user data. Proper security measures and updates are recommended to mitigate this risk.",Tenda,W30e Firmware,9.8,CRITICAL,0.0017999999690800905,false,,false,false,false,,,false,false,,2023-12-07T00:00:00.000Z,0
CVE-2023-49403,https://securityvulnerability.io/vulnerability/CVE-2023-49403,Command Injection Vulnerability in Tenda W30E Router,"The Tenda W30E router, specifically version 16.01.0.12(4843), has been identified with a command injection vulnerability within the setFixTools function. This vulnerability allows malicious users to inject arbitrary commands, potentially leading to unauthorized access and manipulation of the router’s functionality. Exploiting this flaw could enable attackers to compromise network security, affecting all devices connected to the network. Users of Tenda W30E should prioritize applying security patches to mitigate risks associated with this vulnerability.",Tenda,W30e Firmware,9.8,CRITICAL,0.014220000244677067,false,,false,false,false,,,false,false,,2023-12-07T00:00:00.000Z,0
CVE-2023-25231,https://securityvulnerability.io/vulnerability/CVE-2023-25231,Buffer Overflow Vulnerability in Tenda Router Products,"The Tenda Router W30E, specifically version V1.0.1.25(633), has a vulnerability characterized by a buffer overflow in the 'fromRouteStatic' function. This issue arises when improper handling of parameters 'entrys' and 'mitInterface' allows attackers to exploit the router's functionality, potentially leading to unauthorized access or disruption of service. It is crucial for users of affected Tenda devices to apply necessary patches and ensure their networks remain secure against potential exploitation.",Tenda,W30e Firmware,9.8,CRITICAL,0.002219999907538295,false,,false,false,false,,,false,false,,2023-02-27T00:00:00.000Z,0
CVE-2022-45516,https://securityvulnerability.io/vulnerability/CVE-2022-45516,Stack Overflow in Tenda W30E Router,"A stack overflow vulnerability has been identified in the Tenda W30E router, specifically in the '/goform/NatStaticSetting' page parameter. This flaw can be exploited by an attacker to potentially execute arbitrary code, compromising system integrity and user privacy. Users are advised to apply any available patches and ensure their devices are configured securely to mitigate risks associated with this vulnerability.",Tenda,W30e Firmware,7.5,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2022-12-08T00:00:00.000Z,0
CVE-2022-45517,https://securityvulnerability.io/vulnerability/CVE-2022-45517,Stack Overflow Vulnerability in Tenda W30E Router,"A stack overflow vulnerability has been identified in the Tenda W30E router, specifically due to improper handling of the 'page' parameter within the /goform/VirtualSer endpoint. This vulnerability could potentially allow attackers to execute arbitrary code or perform denial-of-service attacks, compromising the integrity and availability of the router's services. It is crucial for users and system administrators to apply security best practices and updates to mitigate risks associated with this vulnerability.",Tenda,W30e Firmware,7.5,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2022-12-08T00:00:00.000Z,0
CVE-2022-45510,https://securityvulnerability.io/vulnerability/CVE-2022-45510,Stack Overflow Vulnerability in Tenda W30E Router,"A stack overflow vulnerability has been identified in the Tenda W30E router, which can be triggered through the `mit_ssid_index` parameter at the endpoint `/goform/AdvSetWrlsafeset`. This issue can potentially allow attackers to execute arbitrary code, compromising the security and functionality of the device.",Tenda,W30e Firmware,7.5,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2022-12-08T00:00:00.000Z,0
CVE-2022-45523,https://securityvulnerability.io/vulnerability/CVE-2022-45523,Stack Overflow Vulnerability in Tenda W30E Router,"A stack overflow vulnerability has been identified in the Tenda W30E router, specifically through the page parameter at the /goform/L7Im endpoint. This flaw can potentially be exploited by unauthorized users, leading to abnormal behavior of the device or execution of arbitrary code. It is crucial for users to apply available patches and monitor their network for any unusual activities to mitigate potential risks.",Tenda,W30e Firmware,7.5,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2022-12-08T00:00:00.000Z,0
CVE-2022-45524,https://securityvulnerability.io/vulnerability/CVE-2022-45524,Stack Overflow Vulnerability in Tenda W30E Router,"The Tenda W30E router version V1.0.1.25(633) is affected by a stack overflow vulnerability in the handling of the 'opttype' parameter via the /goform/IPSECsave endpoint. This vulnerability could be exploited by an attacker to gain unauthorized access to the router's functionalities, potentially allowing for remote code execution or denial of service. Users are advised to review their device configurations and implement necessary mitigations to prevent exploitation.",Tenda,W30e Firmware,7.5,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2022-12-08T00:00:00.000Z,0
CVE-2022-45525,https://securityvulnerability.io/vulnerability/CVE-2022-45525,Stack Overflow Vulnerability in Tenda W30E Router,"The Tenda W30E router is susceptible to a stack overflow vulnerability due to improper handling of the downaction parameter within the /goform/CertListInfo endpoint. This flaw can potentially allow an attacker to derail normal execution flow, leading to denial of service or remote code execution under certain conditions. It underscores the importance of stringent input validation in networking devices to mitigate potential threats.",Tenda,W30e Firmware,7.5,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2022-12-08T00:00:00.000Z,0
CVE-2022-45518,https://securityvulnerability.io/vulnerability/CVE-2022-45518,Stack Overflow Vulnerability in Tenda W30E Router,"The Tenda W30E router, specifically version V1.0.1.25(633), is susceptible to a stack overflow vulnerability that can be exploited through the 'page' parameter in the '/goform/SetIpBind' endpoint. By sending a crafted request, an attacker may execute arbitrary code, potentially compromising the device's functionality and security. Users are advised to review this vulnerability closely and implement necessary security measures to protect their devices.",Tenda,W30e Firmware,7.5,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2022-12-08T00:00:00.000Z,0
CVE-2022-45511,https://securityvulnerability.io/vulnerability/CVE-2022-45511,Stack Overflow Vulnerability in Tenda W30E Device,"A stack overflow vulnerability has been identified in the Tenda W30E device, specifically affecting version V1.0.1.25(633). The flaw can be triggered through the PPPOEPassword parameter in the QuickIndex interface, potentially allowing malicious actors to execute arbitrary code or disrupt service. Organizations using this device should urgently assess their exposure and implement necessary security measures.",Tenda,W30e Firmware,7.5,HIGH,0.0008900000248104334,false,,false,false,true,2022-12-21T14:06:20.000Z,true,false,false,,2022-12-08T00:00:00.000Z,0
CVE-2022-45519,https://securityvulnerability.io/vulnerability/CVE-2022-45519,Stack Overflow Vulnerability in Tenda W30E Router Product,"The Tenda W30E router version V1.0.1.25(633) poses a significant security risk due to a stack overflow vulnerability. This flaw occurs in the '/goform/SafeMacFilter' endpoint, specifically triggered by the 'Go' parameter. Exploitation of this vulnerability could allow attackers to execute arbitrary code, potentially compromising the device's functionality and network integrity. Users of the Tenda W30E should be aware of this issue and ensure proper updates and mitigations are in place to protect their networks.",Tenda,W30e Firmware,7.5,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2022-12-08T00:00:00.000Z,0
CVE-2022-45520,https://securityvulnerability.io/vulnerability/CVE-2022-45520,Stack Overflow Vulnerability in Tenda W30E Router,"The Tenda W30E Router has been identified to have a stack overflow vulnerability caused by improper handling of the page parameter at /goform/qossetting. This flaw can potentially allow unauthorized access or execution of malicious code on the device, posing risks to network integrity and security. It is essential for users to check their device versions and apply necessary patches to mitigate this risk.",Tenda,W30e Firmware,7.5,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2022-12-08T00:00:00.000Z,0