On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, a large HTTP POST request sent to the change password API will trigger the router to crash and enter an infinite boot loop.
Max CVSS
7.8
Published
2020-12-30
Updated
2021-01-05
EPSS
0.14%
goform/AdvSetLanip endpoint on Tenda AC15 AC1900 15.03.05.19 devices allows remote attackers to execute arbitrary system commands via shell metacharacters in the lanIp POST parameter.
Max CVSS
10.0
Published
2020-07-23
Updated
2020-07-27
EPSS
21.95%
An XSS issue in the /goform/WifiBasicSet endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute malicious payloads via the WifiName POST parameter.
Max CVSS
6.1
Published
2020-07-13
Updated
2020-07-15
EPSS
0.11%
A hard-coded telnet credential in the tenda_login binary of Tenda AC15 AC1900 version 15.03.05.19 allows unauthenticated remote attackers to start a telnetd service on the device.
Max CVSS
10.0
Published
2020-07-13
Updated
2020-07-15
EPSS
1.01%

CVE-2020-10987

Known Exploited Vulnerability
The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter.
Max CVSS
10.0
Published
2020-07-13
Updated
2021-07-21
EPSS
95.97%
KEV Added
2021-11-03
A CSRF issue in the /goform/SysToolReboot endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to reboot the device and cause denial of service via a payload hosted by an attacker-controlled web page.
Max CVSS
7.1
Published
2020-07-13
Updated
2020-07-15
EPSS
0.12%
6 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!