Shodan
Vulnerabilities
Vulnerable Software
Tenda:  >> Ac9 Firmware  Security Vulnerabilities
CVE-2022-25427
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the schedendtime parameter in the openSchedWifi function.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-03-18
CVE-2022-25428
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the deviceId parameter in the saveparentcontrolinfo function.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-03-18
CVE-2022-25429
Tenda AC9 v15.03.2.21 was discovered to contain a buffer overflow via the time parameter in the saveparentcontrolinfo function.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-03-18
CVE-2022-25414
Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the parameter NPTR.
CVSS Score
9.8
EPSS Score
0.024
Published
2022-02-24
CVE-2022-25417
Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function saveparentcontrolinfo.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-02-24
CVE-2022-25418
Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function openSchedWifi.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-02-24
CVE-2020-26728
A vulnerability was discovered in Tenda AC9 v3.0 V15.03.06.42_multi and Tenda AC9 V1.0 V15.03.05.19(6318)_CN which allows for remote code execution via shell metacharacters in the guestuser field to the __fastcall function with a POST request.
CVSS Score
9.8
EPSS Score
0.034
Published
2022-02-11
CVE-2018-14557
An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A buffer overflow vulnerability exists in the router's web server (httpd). When processing the page parameters for a post request, the value is directly written with sprintf to a local variable placed on the stack, which overrides the return address of the function, a causing buffer overflow.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-04-25
CVE-2018-14559
An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A buffer overflow vulnerability exists in the router's web server (httpd). When processing the list parameters for a post request, the value is directly written with sprintf to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-04-25
CVE-2018-14558
Known exploited
An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted goform/setUsbUnload request. This occurs because the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input.
CVSS Score
9.8
EPSS Score
0.82
Published
2018-10-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved