A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258151. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Max CVSS
5.5
EPSS Score
0.05%
Published
2024-03-27
Updated
2024-04-11
A vulnerability classified as problematic was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function fromSysToolRestoreSet of the file /goform/SysToolRestoreSet. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257059. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Max CVSS
5.0
EPSS Score
0.05%
Published
2024-03-17
Updated
2024-04-11
A vulnerability classified as problematic has been found in Tenda AC18 15.03.05.05. Affected is the function fromSysToolReboot of the file /goform/SysToolReboot. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257058 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Max CVSS
5.0
EPSS Score
0.05%
Published
2024-03-17
Updated
2024-04-11
Cleartext Transmission in cookie:ecos_pw: in Tenda N301 v6.0, firmware v12.03.01.06_pt allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password.
Max CVSS
5.7
EPSS Score
0.04%
Published
2023-05-01
Updated
2023-05-09
Cleartext Transmission in set-cookie:ecos_pw: Tenda N301 v6.0, Firmware v12.02.01.61_multi allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password.
Max CVSS
5.7
EPSS Score
0.04%
Published
2023-05-01
Updated
2023-05-09
Tenda N300 Wireless N VDSL2 Modem Router allows unauthenticated access to pages that in turn should be accessible to authenticated users only
Max CVSS
5.3
EPSS Score
0.05%
Published
2023-09-06
Updated
2023-09-12
Tenda AC6 AC1200 Smart Dual-Band WiFi Router 15.03.06.50_multi was discovered to contain a cross-site scripting (XSS) vulnerability via the deviceId parameter in the Parental Control module.
Max CVSS
5.4
EPSS Score
0.04%
Published
2023-06-26
Updated
2023-07-03
7 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!