Security Vulnerabilities
A vulnerability was found in Tenda AC15 15.03.05.19_multi and classified as critical. Affected by this issue is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component HTTP POST Request Handler. The manipulation of the argument list leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-06-08
A vulnerability has been found in Tenda AC9 15.03.02.13 and classified as critical. Affected by this vulnerability is the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg of the component HTTP POST Request Handler. The manipulation of the argument remoteIp leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-06-08
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-06-08
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
CVSS Score
3.3
EPSS Score
0.0
Published
2025-06-08
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOSÂ through improper input.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-06-08
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input.
CVSS Score
3.3
EPSS Score
0.0
Published
2025-06-08
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-06-08
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
CVSS Score
3.3
EPSS Score
0.0
Published
2025-06-08
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause apps crash through type confusion.
CVSS Score
3.3
EPSS Score
0.0
Published
2025-06-08
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through out-of-bounds read.
CVSS Score
3.3
EPSS Score
0.0
Published
2025-06-08