Shodan
Vulnerabilities
Vulnerable Software
Tenda:  Security Vulnerabilities
CVE-2022-25551
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsDomain parameter.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-03-10
CVE-2022-25547
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter.
CVSS Score
7.5
EPSS Score
0.005
Published
2022-03-10
CVE-2022-25548
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the serverName parameter.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-03-10
CVE-2022-25546
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsUser parameter.
CVSS Score
7.5
EPSS Score
0.005
Published
2022-03-10
CVE-2022-24995
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter.
CVSS Score
9.8
EPSS Score
0.007
Published
2022-03-10
CVE-2021-46408
Tenda AX12 v22.03.01.21 was discovered to contain a stack buffer overflow in the function sub_422CE4. This vulnerability allows attackers to cause a Denial of Service (DoS) via the strcpy parameter.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-03-10
CVE-2021-46394
There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v13 variable is directly retrieved from the http request parameter startIp. Then v13 will be splice to stack by function sscanf without any security check, which causes stack overflow. By POSTing the page /goform/SetPptpServerCfg with proper startIp, the attacker can easily perform remote code execution with carefully crafted overflow data.
CVSS Score
9.8
EPSS Score
0.026
Published
2022-03-04
CVE-2021-46393
There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v10 variable is directly retrieved from the http request parameter startIp. Then v10 will be splice to stack by function sscanf without any security check,which causes stack overflow. By POSTing the page /goform/SetPptpServerCfg with proper startIp, the attacker can easily perform remote code execution with carefully crafted overflow data.
CVSS Score
9.8
EPSS Score
0.035
Published
2022-03-04
CVE-2022-25414
Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the parameter NPTR.
CVSS Score
9.8
EPSS Score
0.025
Published
2022-02-24
CVE-2022-25417
Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function saveparentcontrolinfo.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-02-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved