Security Vulnerabilities - CVEs Published In January 2025
Incorrect access control in Tenda AC1200 Smart Dual-Band WiFi Router Model AC6 v2.0 Firmware v15.03.06.50 allows attackers to bypass authentication via a crafted web request.
CVSS Score
8.1
EPSS Score
0.001
Published
2025-01-16
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the limitSpeedUp parameter in the formSetClientState function.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-01-16
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-01-16
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-01-16
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the startIP parameter in the formSetPPTPServer function.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-01-16
Tenda AC18 V15.03.05.19 was discovered to contain a command injection vulnerability via the usbName parameter in the formSetSambaConf function.
CVSS Score
9.8
EPSS Score
0.015
Published
2025-01-16
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.
CVSS Score
9.8
EPSS Score
0.002
Published
2025-01-16
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function.
CVSS Score
5.7
EPSS Score
0.001
Published
2025-01-16
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the funcpara1 parameter in the formSetCfm function.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-01-16
An access control issue in the component form2Wan.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the wan service of the device via a crafted POST request.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-01-16