Shodan
Vulnerabilities
Vulnerable Software
Tenda:  >> Ac15 Firmware  Security Vulnerabilities
CVE-2022-44168
Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function fromSetRouteStatic..
CVSS Score
7.5
EPSS Score
0.001
Published
2022-11-21
CVE-2022-43259
Tenda AC15 V15.03.05.18 was discovered to contain a stack overflow via the timeZone parameter in the form_fast_setting_wifi_set function.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-10-18
CVE-2022-40851
Tenda AC15 V15.03.05.19 contained a stack overflow via the function fromAddressNat.
CVSS Score
9.8
EPSS Score
0.099
Published
2022-09-23
CVE-2022-37175
Tenda ac15 firmware V15.03.05.18 httpd server has stack buffer overflow in /goform/formWifiBasicSet.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-08-19
CVE-2022-28556
Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin is vulnerable to Buffer Overflow. The stack overflow vulnerability lies in the /goform/setpptpservercfg interface of the web. The sent post data startip and endip are copied to the stack using the sanf function, resulting in stack overflow. Similarly, this vulnerability can be used together with CVE-2021-44971
CVSS Score
7.5
EPSS Score
0.003
Published
2022-05-04
CVE-2022-28557
There is a command injection vulnerability at the /goform/setsambacfg interface of Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin device web, which can also cooperate with CVE-2021-44971 to cause unconditional arbitrary command execution
CVSS Score
9.8
EPSS Score
0.1
Published
2022-05-04
CVE-2021-44971
Multiple Tenda devices are affected by authentication bypass, such as AC15V1.0 Firmware V15.03.05.20_multi?AC5V1.0 Firmware V15.03.06.48_multi and so on. an attacker can obtain sensitive information, and even combine it with authenticated command injection to implement RCE.
CVSS Score
9.8
EPSS Score
0.055
Published
2022-01-28
CVE-2020-15916
goform/AdvSetLanip endpoint on Tenda AC15 AC1900 15.03.05.19 devices allows remote attackers to execute arbitrary system commands via shell metacharacters in the lanIp POST parameter.
CVSS Score
9.8
EPSS Score
0.036
Published
2020-07-23
CVE-2020-10987
Known exploited
The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter.
CVSS Score
9.8
EPSS Score
0.933
Published
2020-07-13
CVE-2020-10988
A hard-coded telnet credential in the tenda_login binary of Tenda AC15 AC1900 version 15.03.05.19 allows unauthenticated remote attackers to start a telnetd service on the device.
CVSS Score
9.8
EPSS Score
0.064
Published
2020-07-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved