|
|
Tendacn : Security Vulnerabilities
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2019-16412 |
20 |
|
|
2019-09-19 |
2019-09-19 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
In goform/setSysTools on Tenda N301 wireless routers, attackers can trigger a device crash via a zero wanMTU value. (Prohibition of this zero value is only enforced within the GUI.) |
|
2 |
CVE-2018-20373 |
79 |
|
XSS |
2018-12-22 |
2019-01-14 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Tenda ADSL modem routers 1.0.1 allow XSS via the hostname of a DHCP client. |
|
3 |
CVE-2018-16334 |
78 |
|
|
2018-09-01 |
2018-10-25 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection. |
|
4 |
CVE-2018-16333 |
119 |
|
Overflow |
2018-09-01 |
2018-10-25 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server. While processing the ssid parameter for a POST request, the value is directly used in a sprintf call to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow. |
|
5 |
CVE-2018-14497 |
79 |
|
XSS |
2018-08-03 |
2018-09-28 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Tenda D152 ADSL routers allow XSS via a crafted SSID. |
|
6 |
CVE-2018-14492 |
119 |
|
Overflow |
2018-07-21 |
2018-09-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI. |
|
7 |
CVE-2018-7561 |
119 |
|
DoS Overflow |
2018-03-01 |
2018-03-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Stack-based Buffer Overflow in httpd on Tenda AC9 devices V15.03.05.14_EN allows remote attackers to cause a denial of service or possibly have unspecified other impact. |
|
8 |
CVE-2018-5770 |
1188 |
|
|
2018-03-20 |
2019-10-02 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered on Tenda AC15 devices. A remote, unauthenticated attacker can make a request to /goform/telnet, creating a telnetd service on the device. This service is password protected; however, several default accounts exist on the device that are root accounts, which can be used to log in. |
|
9 |
CVE-2018-5768 |
798 |
|
Exec Code |
2018-03-20 |
2018-04-18 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
A remote, unauthenticated attacker can gain remote code execution on the the Tenda AC15 router with a specially crafted password parameter for the COOKIE header. |
|
10 |
CVE-2018-5767 |
20 |
|
Exec Code |
2018-02-15 |
2018-03-15 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered on Tenda AC15 V15.03.1.16_multi devices. A remote, unauthenticated attacker can gain remote code execution on the device with a crafted password parameter for the COOKIE header. |
|
11 |
CVE-2017-9139 |
119 |
|
Overflow |
2017-05-21 |
2017-06-02 |
2.7 |
None |
Local Network |
Low |
Single system |
None |
None |
Partial |
|
There is a stack-based buffer overflow on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). Crafted POST requests to an unspecified URL result in DoS, interrupting the HTTP service (used to login to the web UI of a router) for 1 to 2 seconds. |
|
12 |
CVE-2017-9138 |
119 |
|
Overflow Bypass |
2017-05-21 |
2017-06-02 |
7.7 |
None |
Local Network |
Low |
Single system |
Complete |
Complete |
Complete |
|
There is a debug-interface vulnerability on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). After connecting locally to a router in a wired or wireless manner, one can bypass intended access restrictions by sending shell commands directly and reading their results, or by entering shell commands that change this router's username and password. |
Total number of vulnerabilities : 12
Page :
1
(This Page)
|
|
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE's CVE web site.
CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE's CWE web site.
OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user's risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.
