# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2019-16288 |
20 |
|
|
2019-09-13 |
2019-09-16 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
On Tenda N301 wireless routers, a long string in the wifiSSID parameter of a goform/setWifi POST request causes the device to crash. |
2 |
CVE-2018-18730 |
119 |
|
Overflow |
2018-10-29 |
2018-12-14 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'startIp' and 'endIp' parameters for a post request, each value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function. |
3 |
CVE-2018-18729 |
787 |
|
Overflow +Info |
2018-10-29 |
2019-10-02 |
9.0 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Complete |
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a heap-based buffer overflow vulnerability in the router's web server -- httpd. While processing the 'mac' parameter for a post request, the value is directly used in a strcpy to a variable placed on the heap, which can leak sensitive information or even hijack program control flow. |
4 |
CVE-2018-18728 |
78 |
|
Exec Code |
2018-10-29 |
2019-10-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. They allow remote code execution via shell metacharacters in the usbName field to the __fastcall function with a POST request. |
5 |
CVE-2018-18727 |
119 |
|
Overflow |
2018-10-29 |
2018-12-14 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceList' parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function. |
6 |
CVE-2018-18709 |
119 |
|
Overflow |
2018-10-29 |
2018-12-14 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "firewallEn" parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function. |
7 |
CVE-2018-18708 |
119 |
|
Overflow |
2018-10-29 |
2018-12-14 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "page" parameter of the function "fromAddressNat" for a post request, the value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function. |
8 |
CVE-2018-18707 |
119 |
|
Overflow |
2018-10-29 |
2018-12-14 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "ssid" parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function. |
9 |
CVE-2018-18706 |
119 |
|
Overflow |
2018-10-29 |
2018-12-14 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "page" parameter of the function "fromDhcpListClient" for a request, it is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function. |
10 |
CVE-2018-14559 |
119 |
|
Overflow |
2019-04-25 |
2019-05-02 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A buffer overflow vulnerability exists in the router's web server (httpd). When processing the list parameters for a post request, the value is directly written with sprintf to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow. |
11 |
CVE-2018-14558 |
78 |
|
Exec Code |
2018-10-30 |
2019-10-02 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted goform/setUsbUnload request. This occurs because the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input. |
12 |
CVE-2018-14557 |
119 |
|
Overflow |
2019-04-25 |
2019-05-02 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A buffer overflow vulnerability exists in the router's web server (httpd). When processing the page parameters for a post request, the value is directly written with sprintf to a local variable placed on the stack, which overrides the return address of the function, a causing buffer overflow. |
13 |
CVE-2017-16936 |
22 |
|
Dir. Trav. |
2017-11-24 |
2017-12-12 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
Directory Traversal vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated attackers to read arbitrary files via a cgi-bin/luci/request?op=1&path= URI that uses directory traversal sequences after a /usb/ substring. |
14 |
CVE-2017-16923 |
78 |
|
Exec Code |
2017-11-21 |
2019-10-02 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
Command Injection vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated attackers to execute arbitrary OS commands via a crafted cgi-bin/luci/usbeject?dev_name= GET request from the LAN. This occurs because the "sub_A6E8 usbeject_process_entry" function executes a system function with untrusted input. |
15 |
CVE-2017-14515 |
119 |
|
DoS Overflow |
2017-09-17 |
2017-09-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Heap-based Buffer Overflow on Tenda W15E devices before 15.11.0.14 allows remote attackers to cause a denial of service (temporary HTTP outage and forced logout) via unspecified vectors. |
16 |
CVE-2017-14514 |
22 |
|
Dir. Trav. |
2017-09-17 |
2017-09-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory Traversal on Tenda W15E devices before 15.11.0.14 allows remote attackers to read unencrypted files via a crafted URL. |
17 |
CVE-2015-5995 |
264 |
|
|
2015-12-31 |
2015-12-31 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote attackers to obtain administrative access via a certain admin substring in an HTTP Cookie header. |
18 |
CVE-2014-7281 |
352 |
1
|
CSRF |
2014-10-23 |
2014-10-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for requests that reboot the device via a request to goform/SysToolReboot. |
19 |
CVE-2014-5246 |
264 |
1
|
Bypass |
2014-08-22 |
2017-09-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_CN allows remote attackers to bypass authentication and gain administrator access by setting the admin:language cookie to zh-cn. |