Shodan
Vulnerabilities
Vulnerable Software
Tenda:  Security Vulnerabilities
CVE-2022-29592
Tenda TX9 Pro 22.03.02.10 devices allow OS command injection via set_route (called by doSystemCmd_route).
CVSS Score
9.8
EPSS Score
0.199
Published
2022-05-05
CVE-2022-28556
Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin is vulnerable to Buffer Overflow. The stack overflow vulnerability lies in the /goform/setpptpservercfg interface of the web. The sent post data startip and endip are copied to the stack using the sanf function, resulting in stack overflow. Similarly, this vulnerability can be used together with CVE-2021-44971
CVSS Score
7.5
EPSS Score
0.003
Published
2022-05-04
CVE-2022-28557
There is a command injection vulnerability at the /goform/setsambacfg interface of Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin device web, which can also cooperate with CVE-2021-44971 to cause unconditional arbitrary command execution
CVSS Score
9.8
EPSS Score
0.1
Published
2022-05-04
CVE-2022-28082
Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the list parameter at /goform/SetNetControlList.
CVSS Score
9.8
EPSS Score
0.024
Published
2022-05-04
CVE-2022-28560
There is a stack overflow vulnerability in the goform/fast_setting_wifi_set function in the httpd service of Tenda ac9 15.03.2.21_cn router. An attacker can obtain a stable shell through a carefully constructed payload
CVSS Score
9.8
EPSS Score
0.004
Published
2022-05-03
CVE-2022-28561
There is a stack overflow vulnerability in the /goform/setMacFilterCfg function in the httpd service of Tenda ax12 22.03.01.21_cn router. An attacker can obtain a stable shell through a carefully constructed payload
CVSS Score
9.8
EPSS Score
0.024
Published
2022-05-03
CVE-2022-28572
Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability in `SetIPv6Status` function
CVSS Score
8.8
EPSS Score
0.18
Published
2022-05-02
CVE-2022-27374
Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_42E328 at /goform/SysToolReboot.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-04-25
CVE-2022-27375
Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_422168 at /goform/WifiExtraSet.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-04-25
CVE-2022-27022
There is a stack overflow vulnerability in the SetSysTimeCfg() function in the httpd service of Tenda AC9 V15.03.2.21_cn. The attacker can obtain a stable root shell through a constructed payload.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-04-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved