Search

Find a vulnerability

Search criteria

    21 vulnerabilities found for a15 by tenda

    VAR-202511-0004

    Vulnerability from variot - Updated: 2025-11-19 23:33

    A vulnerability was found in Tenda A15 15.13.07.13. Affected is the function fromSetWirelessRepeat of the file /goform/openNetworkGateway. The manipulation of the argument wpapsk_crypto2_4g results in buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used. The Tenda A15 is a wireless router device manufactured by Tenda. An attacker could exploit this vulnerability to remotely trigger a buffer overflow and execute arbitrary code

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202511-0004",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "a15",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "tenda",
            "version": "15.13.07.13"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27115"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-12619"
          }
        ]
      },
      "cve": "CVE-2025-12619",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2025-12619",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-27115",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2025-12619",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2025-12619",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2025-12619",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2025-12619",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-27115",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27115"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-12619"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-12619"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability was found in Tenda A15 15.13.07.13. Affected is the function fromSetWirelessRepeat of the file /goform/openNetworkGateway. The manipulation of the argument wpapsk_crypto2_4g results in buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used. The Tenda A15 is a wireless router device manufactured by Tenda. An attacker could exploit this vulnerability to remotely trigger a buffer overflow and execute arbitrary code",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-12619"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-27115"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "VULDB",
            "id": "330913",
            "trust": 1.6
          },
          {
            "db": "NVD",
            "id": "CVE-2025-12619",
            "trust": 1.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-27115",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27115"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-12619"
          }
        ]
      },
      "id": "VAR-202511-0004",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27115"
          }
        ],
        "trust": 1.2666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27115"
          }
        ]
      },
      "last_update_date": "2025-11-19T23:33:00.612000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-120",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-119",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-12619"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://vuldb.com/?id.330913"
          },
          {
            "trust": 1.6,
            "url": "https://vuldb.com/?ctiid.330913"
          },
          {
            "trust": 1.6,
            "url": "https://vuldb.com/?submit.678888"
          },
          {
            "trust": 1.6,
            "url": "https://www.yuque.com/ba1ma0-an29k/nnxoap/tzg68iadbmqx6esm?singledoc"
          },
          {
            "trust": 1.6,
            "url": "https://pan.baidu.com/s/1n5pzwoyfgl7kguh9yjldhg"
          },
          {
            "trust": 1.6,
            "url": "https://www.tenda.com.cn/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27115"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-12619"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27115"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-12619"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-11-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-27115"
          },
          {
            "date": "2025-11-03T07:15:43.140000",
            "db": "NVD",
            "id": "CVE-2025-12619"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-11-07T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-27115"
          },
          {
            "date": "2025-11-05T14:25:59.447000",
            "db": "NVD",
            "id": "CVE-2025-12619"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda A15 buffer overflow vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27115"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202505-1817

    Vulnerability from variot - Updated: 2025-07-17 23:46

    A vulnerability was found in Tenda A15 15.13.07.09/15.13.07.13. It has been classified as critical. This affects an unknown part of the file /goform/multimodalAdd of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. of A15 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. Tenda A15 is a dual-band Gigabit wireless router. Attackers can exploit this vulnerability to remotely execute arbitrary code

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202505-1817",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "a15",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "tenda",
            "version": "15.13.07.13"
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "tenda",
            "version": "15.13.07.09"
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": "a15  firmware  15.13.07.09"
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": "a15  firmware  15.13.07.13"
          },
          {
            "model": "a15",
            "scope": null,
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15792"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-005793"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4897"
          }
        ]
      },
      "cve": "CVE-2025-4897",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2025-4897",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "OTHER",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-005793",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-15792",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2025-4897",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2025-4897",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-005793",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2025-4897",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2025-4897",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-005793",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-15792",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15792"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-005793"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4897"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4897"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability was found in Tenda A15 15.13.07.09/15.13.07.13. It has been classified as critical. This affects an unknown part of the file /goform/multimodalAdd of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. of A15 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. Tenda A15 is a dual-band Gigabit wireless router. Attackers can exploit this vulnerability to remotely execute arbitrary code",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-4897"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-005793"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-15792"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-4897",
            "trust": 3.2
          },
          {
            "db": "VULDB",
            "id": "309453",
            "trust": 2.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-005793",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-15792",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15792"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-005793"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4897"
          }
        ]
      },
      "id": "VAR-202505-1817",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15792"
          }
        ],
        "trust": 1.2666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15792"
          }
        ]
      },
      "last_update_date": "2025-07-17T23:46:26.007000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-120",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-119",
            "trust": 1.0
          },
          {
            "problemtype": "Buffer error (CWE-119) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Classic buffer overflow (CWE-120) [NVD evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " Classic buffer overflow (CWE-120) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-005793"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4897"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://vuldb.com/?id.309453"
          },
          {
            "trust": 2.4,
            "url": "https://vuldb.com/?submit.578035"
          },
          {
            "trust": 2.4,
            "url": "https://www.tenda.com.cn/"
          },
          {
            "trust": 1.6,
            "url": "https://vuldb.com/?ctiid.309453"
          },
          {
            "trust": 1.6,
            "url": "https://github.com/byxs0x0/cve2/blob/main/tenda%20ac15.md"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-4897"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15792"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-005793"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4897"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15792"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-005793"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4897"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-15792"
          },
          {
            "date": "2025-05-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-005793"
          },
          {
            "date": "2025-05-18T22:15:18.443000",
            "db": "NVD",
            "id": "CVE-2025-4897"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-15792"
          },
          {
            "date": "2025-05-28T08:20:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-005793"
          },
          {
            "date": "2025-05-27T16:30:05.410000",
            "db": "NVD",
            "id": "CVE-2025-4897"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0A15\u00a0 Buffer error vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-005793"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202505-1738

    Vulnerability from variot - Updated: 2025-06-28 23:28

    A vulnerability was found in Tenda A15 15.13.07.13. It has been declared as problematic. Affected by this vulnerability is the function formArpNerworkSet of the file /goform/ArpNerworkSet. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. of A15 A vulnerability exists in firmware related to improper shutdown and release of resources.Service operation interruption (DoS) It may be in a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202505-1738",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "a15",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "tenda",
            "version": "15.13.07.13"
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "a15",
            "scope": null,
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": "a15  firmware  15.13.07.13"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12688"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007514"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4867"
          }
        ]
      },
      "cve": "CVE-2025-4867",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2025-4867",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "OTHER",
                "availabilityImpact": "Complete",
                "baseScore": 6.8,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-007514",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-12688",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2025-4867",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-007514",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2025-4867",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-007514",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-12688",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12688"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007514"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4867"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability was found in Tenda A15 15.13.07.13. It has been declared as problematic. Affected by this vulnerability is the function formArpNerworkSet of the file /goform/ArpNerworkSet. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. of A15 A vulnerability exists in firmware related to improper shutdown and release of resources.Service operation interruption (DoS) It may be in a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-4867"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007514"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-12688"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-4867",
            "trust": 3.2
          },
          {
            "db": "VULDB",
            "id": "309409",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007514",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-12688",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12688"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007514"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4867"
          }
        ]
      },
      "id": "VAR-202505-1738",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12688"
          }
        ],
        "trust": 1.2666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12688"
          }
        ]
      },
      "last_update_date": "2025-06-28T23:28:29.503000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-404",
            "trust": 1.0
          },
          {
            "problemtype": "Improper shutdown and release of resources (CWE-404) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007514"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4867"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://github.com/xubeining/cve_report/blob/main/notification%20of%20denial%20of%20service%20vulnerability%20in%20tenda%20a15%20router%20(version%20v15.13.07.13)%20by%20shenzhen%20jixiang%20tenda%20technology.md"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?id.309409"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?submit.575501"
          },
          {
            "trust": 1.8,
            "url": "https://www.tenda.com.cn/"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.309409"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-4867"
          },
          {
            "trust": 0.6,
            "url": "https://github.com/xubeining/cve_report/blob/main/notification%20of%20denial%20of%20service%20vulnerability%20in%20tenda%20a15%20router%20"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12688"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007514"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4867"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12688"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007514"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4867"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-12688"
          },
          {
            "date": "2025-06-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-007514"
          },
          {
            "date": "2025-05-18T09:15:17.927000",
            "db": "NVD",
            "id": "CVE-2025-4867"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-12688"
          },
          {
            "date": "2025-06-26T06:14:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-007514"
          },
          {
            "date": "2025-06-24T14:38:17.117000",
            "db": "NVD",
            "id": "CVE-2025-4867"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0A15\u00a0 Improper Shutdown and Release of Resources in Firmware Vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-007514"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202212-2320

    Vulnerability from variot - Updated: 2025-04-11 23:20

    Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the ssid parameter at /goform/WifiBasicSet. Tenda A15 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda A15 is a WiFi extender from Chinese company Tenda. The vulnerability stems from the fact that the ssid parameter of /goform/WifiBasicSet lacks a length check on the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202212-2320",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "a15",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "15.13.07.13"
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": "a15  firmware  15.13.07.13"
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "tenda",
            "version": "v15.13.07.13"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02259"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003824"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47119"
          }
        ]
      },
      "cve": "CVE-2022-47119",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2023-02259",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-47119",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-47119",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-47119",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-47119",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-47119",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-02259",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202212-4151",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02259"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003824"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4151"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47119"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47119"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the ssid parameter at /goform/WifiBasicSet. Tenda A15 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda A15 is a WiFi extender from Chinese company Tenda. The vulnerability stems from the fact that the ssid parameter of /goform/WifiBasicSet lacks a length check on the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-47119"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003824"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-02259"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47119"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-47119",
            "trust": 3.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003824",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-02259",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4151",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47119",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02259"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47119"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003824"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4151"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47119"
          }
        ]
      },
      "id": "VAR-202212-2320",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02259"
          }
        ],
        "trust": 1.2666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02259"
          }
        ]
      },
      "last_update_date": "2025-04-11T23:20:26.865000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.tenda.com.cn/default.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003824"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003824"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47119"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://brief-nymphea-813.notion.site/vul4-a15-bof-wifibasicset-ssid-a0ab1bec6d734c0f89b07a4a3867c6ba"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-47119"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-47119/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02259"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47119"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003824"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4151"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47119"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02259"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47119"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003824"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4151"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47119"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-01-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-02259"
          },
          {
            "date": "2022-12-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-47119"
          },
          {
            "date": "2023-03-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-003824"
          },
          {
            "date": "2022-12-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202212-4151"
          },
          {
            "date": "2022-12-30T21:15:11.310000",
            "db": "NVD",
            "id": "CVE-2022-47119"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-01-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-02259"
          },
          {
            "date": "2022-12-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-47119"
          },
          {
            "date": "2023-03-09T04:31:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-003824"
          },
          {
            "date": "2023-01-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202212-4151"
          },
          {
            "date": "2025-04-11T15:15:42.437000",
            "db": "NVD",
            "id": "CVE-2022-47119"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4151"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda\u00a0A15\u00a0 Out-of-bounds write vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003824"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4151"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202212-2575

    Vulnerability from variot - Updated: 2025-04-11 23:18

    Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wrlPwd parameter at /goform/WifiBasicSet. Tenda A15 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda A15 is a WiFi extender from the Chinese company Tenda. By sending an overly long string with the wrlPwd parameter, a remote attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202212-2575",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "a15",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "15.13.07.13"
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": "a15  firmware  15.13.07.13"
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "tenda",
            "version": "v15.13.07.13"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02196"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003806"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47127"
          }
        ]
      },
      "cve": "CVE-2022-47127",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2023-02196",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-47127",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-47127",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-47127",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-47127",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-47127",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-02196",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202212-4146",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02196"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003806"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4146"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47127"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47127"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wrlPwd parameter at /goform/WifiBasicSet. Tenda A15 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda A15 is a WiFi extender from the Chinese company Tenda. By sending an overly long string with the wrlPwd parameter, a remote attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-47127"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003806"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-02196"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47127"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-47127",
            "trust": 3.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003806",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-02196",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4146",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47127",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02196"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47127"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003806"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4146"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47127"
          }
        ]
      },
      "id": "VAR-202212-2575",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02196"
          }
        ],
        "trust": 1.2666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02196"
          }
        ]
      },
      "last_update_date": "2025-04-11T23:18:42.095000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.tenda.com.cn/default.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003806"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003806"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47127"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://brief-nymphea-813.notion.site/vul11-a15-bof-wifibasicset-wrlpwd-de8dbe64e48f4981a6f0f5216622b6d9"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-47127"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-47127/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02196"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47127"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003806"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4146"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47127"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02196"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47127"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003806"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4146"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47127"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-01-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-02196"
          },
          {
            "date": "2022-12-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-47127"
          },
          {
            "date": "2023-03-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-003806"
          },
          {
            "date": "2022-12-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202212-4146"
          },
          {
            "date": "2022-12-30T21:15:11.747000",
            "db": "NVD",
            "id": "CVE-2022-47127"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-01-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-02196"
          },
          {
            "date": "2022-12-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-47127"
          },
          {
            "date": "2023-03-09T02:33:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-003806"
          },
          {
            "date": "2023-01-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202212-4146"
          },
          {
            "date": "2025-04-11T15:15:43.730000",
            "db": "NVD",
            "id": "CVE-2022-47127"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4146"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda\u00a0A15\u00a0 Out-of-bounds write vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003806"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4146"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202212-2581

    Vulnerability from variot - Updated: 2025-04-11 23:17

    Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the security parameter at /goform/WifiBasicSet. Tenda A15 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda A15 is a WiFi extender from the Chinese company Tenda. The vulnerability is caused by the lack of length check of the input data in the security parameter of /goform/WifiBasicSet. Attackers can use this vulnerability to execute arbitrary code on the system

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202212-2581",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "a15",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "15.13.07.13"
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": "a15  firmware  15.13.07.13"
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "tenda",
            "version": "v15.13.07.13"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02258"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003820"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47117"
          }
        ]
      },
      "cve": "CVE-2022-47117",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2023-02258",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-47117",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-47117",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-47117",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-47117",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-47117",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-02258",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202212-4153",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02258"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003820"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4153"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47117"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47117"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the security parameter at /goform/WifiBasicSet. Tenda A15 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda A15 is a WiFi extender from the Chinese company Tenda. The vulnerability is caused by the lack of length check of the input data in the security parameter of /goform/WifiBasicSet. Attackers can use this vulnerability to execute arbitrary code on the system",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-47117"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003820"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-02258"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47117"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-47117",
            "trust": 3.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003820",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-02258",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4153",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47117",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02258"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47117"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003820"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4153"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47117"
          }
        ]
      },
      "id": "VAR-202212-2581",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02258"
          }
        ],
        "trust": 1.2666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02258"
          }
        ]
      },
      "last_update_date": "2025-04-11T23:17:04.011000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.tenda.com.cn/default.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003820"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003820"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47117"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://brief-nymphea-813.notion.site/vul3-a15-bof-wifibasicset-security-c8d0a37692dc47638135f38deb157aff"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-47117"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-47117/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02258"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47117"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003820"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4153"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47117"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02258"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47117"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003820"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4153"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47117"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-01-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-02258"
          },
          {
            "date": "2022-12-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-47117"
          },
          {
            "date": "2023-03-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-003820"
          },
          {
            "date": "2022-12-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202212-4153"
          },
          {
            "date": "2022-12-30T21:15:11.150000",
            "db": "NVD",
            "id": "CVE-2022-47117"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-01-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-02258"
          },
          {
            "date": "2022-12-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-47117"
          },
          {
            "date": "2023-03-09T03:04:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-003820"
          },
          {
            "date": "2023-01-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202212-4153"
          },
          {
            "date": "2025-04-11T15:15:42.273000",
            "db": "NVD",
            "id": "CVE-2022-47117"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4153"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda\u00a0A15\u00a0 Out-of-bounds write vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003820"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4153"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202212-2574

    Vulnerability from variot - Updated: 2025-04-11 23:16

    Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the security_5g parameter at /goform/WifiBasicSet. Tenda A15 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda A15 is a WiFi extender from the Chinese company Tenda. This vulnerability stems from the fact that the security_5g parameter of /goform/WifiBasicSet lacks a length check on the input data. Attackers can use this vulnerability to execute arbitrary code on the system

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202212-2574",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "a15",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "15.13.07.13"
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": "a15  firmware  15.13.07.13"
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "tenda",
            "version": "v15.13.07.13"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02257"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003825"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47120"
          }
        ]
      },
      "cve": "CVE-2022-47120",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2023-02257",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-47120",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-47120",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-47120",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-47120",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-47120",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-02257",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202212-4149",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02257"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003825"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4149"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47120"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47120"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the security_5g parameter at /goform/WifiBasicSet. Tenda A15 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda A15 is a WiFi extender from the Chinese company Tenda. This vulnerability stems from the fact that the security_5g parameter of /goform/WifiBasicSet lacks a length check on the input data. Attackers can use this vulnerability to execute arbitrary code on the system",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-47120"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003825"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-02257"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47120"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-47120",
            "trust": 3.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003825",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-02257",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4149",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47120",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02257"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47120"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003825"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4149"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47120"
          }
        ]
      },
      "id": "VAR-202212-2574",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02257"
          }
        ],
        "trust": 1.2666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02257"
          }
        ]
      },
      "last_update_date": "2025-04-11T23:16:24.865000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.tenda.com.cn/default.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003825"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003825"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47120"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://brief-nymphea-813.notion.site/vul2-a15-bof-wifibasicset-security_5g-15f90d2e8bd84c04b7bead52ecb37146"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-47120"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-47120/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02257"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47120"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003825"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4149"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47120"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02257"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47120"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003825"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4149"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47120"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-01-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-02257"
          },
          {
            "date": "2022-12-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-47120"
          },
          {
            "date": "2023-03-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-003825"
          },
          {
            "date": "2022-12-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202212-4149"
          },
          {
            "date": "2022-12-30T21:15:11.410000",
            "db": "NVD",
            "id": "CVE-2022-47120"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-01-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-02257"
          },
          {
            "date": "2022-12-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-47120"
          },
          {
            "date": "2023-03-09T04:33:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-003825"
          },
          {
            "date": "2023-01-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202212-4149"
          },
          {
            "date": "2025-04-11T15:15:42.590000",
            "db": "NVD",
            "id": "CVE-2022-47120"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4149"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda\u00a0A15\u00a0 Out-of-bounds write vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003825"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4149"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202212-2544

    Vulnerability from variot - Updated: 2025-04-11 23:05

    Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the SYSPS parameter at /goform/SysToolChangePwd. Tenda A15 Exists in an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state. Tenda A15 is a WiFi extender from Chinese company Tenda. The vulnerability is caused by the lack of length check of the input data in the SYSPS parameter of /goform/SysToolChangePwd. Attackers can use this vulnerability to cause denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202212-2544",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "a15",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "15.13.07.13"
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": "a15  firmware  15.13.07.13"
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "tenda",
            "version": "v15.13.07.13"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02260"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003843"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47116"
          }
        ]
      },
      "cve": "CVE-2022-47116",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2023-02260",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-47116",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2022-47116",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-47116",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-47116",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-47116",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-02260",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202212-4154",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02260"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003843"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4154"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47116"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47116"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the SYSPS parameter at /goform/SysToolChangePwd. Tenda A15 Exists in an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state. Tenda A15 is a WiFi extender from Chinese company Tenda. The vulnerability is caused by the lack of length check of the input data in the SYSPS parameter of /goform/SysToolChangePwd. Attackers can use this vulnerability to cause denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-47116"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003843"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-02260"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-47116",
            "trust": 3.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003843",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-02260",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4154",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47116",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02260"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47116"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003843"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4154"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47116"
          }
        ]
      },
      "id": "VAR-202212-2544",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02260"
          }
        ],
        "trust": 1.2666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02260"
          }
        ]
      },
      "last_update_date": "2025-04-11T23:05:21.727000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.tenda.com.cn/default.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003843"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003843"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47116"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://brief-nymphea-813.notion.site/vul1-a15-bof-systoolchangepwd-6a66d9f7a7e748deb8ebed544931bd29"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-47116"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-47116/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02260"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47116"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003843"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4154"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47116"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02260"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47116"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003843"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4154"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47116"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-01-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-02260"
          },
          {
            "date": "2022-12-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-47116"
          },
          {
            "date": "2023-03-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-003843"
          },
          {
            "date": "2022-12-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202212-4154"
          },
          {
            "date": "2022-12-30T21:15:11.100000",
            "db": "NVD",
            "id": "CVE-2022-47116"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-01-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-02260"
          },
          {
            "date": "2022-12-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-47116"
          },
          {
            "date": "2023-03-09T07:34:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-003843"
          },
          {
            "date": "2023-01-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202212-4154"
          },
          {
            "date": "2025-04-10T18:15:44.877000",
            "db": "NVD",
            "id": "CVE-2022-47116"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4154"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda\u00a0A15\u00a0 Out-of-bounds write vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003843"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4154"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202212-2624

    Vulnerability from variot - Updated: 2025-04-11 23:03

    Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepkey parameter at /goform/WifiBasicSet. Tenda A15 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda A15 is a WiFi extender from Chinese company Tenda. The vulnerability stems from the fact that the wepkey parameter of /goform/WifiBasicSet lacks a length check on the input data. Attackers can use this vulnerability to execute arbitrary code on the system

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202212-2624",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "a15",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "15.13.07.13"
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": "a15  firmware  15.13.07.13"
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "tenda",
            "version": "v15.13.07.13"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02256"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003815"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47121"
          }
        ]
      },
      "cve": "CVE-2022-47121",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2023-02256",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-47121",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-47121",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-47121",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-47121",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-47121",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-02256",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202212-4150",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02256"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003815"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4150"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47121"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47121"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepkey parameter at /goform/WifiBasicSet. Tenda A15 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda A15 is a WiFi extender from Chinese company Tenda. The vulnerability stems from the fact that the wepkey parameter of /goform/WifiBasicSet lacks a length check on the input data. Attackers can use this vulnerability to execute arbitrary code on the system",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-47121"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003815"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-02256"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-47121",
            "trust": 3.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003815",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-02256",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4150",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47121",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02256"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47121"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003815"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4150"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47121"
          }
        ]
      },
      "id": "VAR-202212-2624",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02256"
          }
        ],
        "trust": 1.2666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02256"
          }
        ]
      },
      "last_update_date": "2025-04-11T23:03:48.184000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.tenda.com.cn/default.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003815"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003815"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47121"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://brief-nymphea-813.notion.site/vul6-a15-bof-wifibasicset-wepkey-fdbf83ad4d4e49e9aea43285cc9b5979"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-47121"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-47121/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02256"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47121"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003815"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4150"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47121"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02256"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47121"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003815"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4150"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47121"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-01-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-02256"
          },
          {
            "date": "2022-12-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-47121"
          },
          {
            "date": "2023-03-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-003815"
          },
          {
            "date": "2022-12-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202212-4150"
          },
          {
            "date": "2022-12-30T21:15:11.463000",
            "db": "NVD",
            "id": "CVE-2022-47121"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-01-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-02256"
          },
          {
            "date": "2022-12-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-47121"
          },
          {
            "date": "2023-03-09T02:54:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-003815"
          },
          {
            "date": "2023-01-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202212-4150"
          },
          {
            "date": "2025-04-11T15:15:42.753000",
            "db": "NVD",
            "id": "CVE-2022-47121"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4150"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda\u00a0A15\u00a0 Out-of-bounds write vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003815"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4150"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202212-2543

    Vulnerability from variot - Updated: 2025-04-11 23:02

    Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wrlEn parameter at /goform/WifiBasicSet. Tenda A15 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda A15 is a WiFi extender from the Chinese company Tenda. By sending an overly long string using the wrlEn parameter, a remote attacker could exploit this vulnerability to execute arbitrary code on the system

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202212-2543",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "a15",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "15.13.07.13"
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": "a15  firmware  15.13.07.13"
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "tenda",
            "version": "v15.13.07.13"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02197"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003801"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47126"
          }
        ]
      },
      "cve": "CVE-2022-47126",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2023-02197",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-47126",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-47126",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-47126",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-47126",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-47126",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-02197",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202212-4172",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02197"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003801"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4172"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47126"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47126"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wrlEn parameter at /goform/WifiBasicSet. Tenda A15 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda A15 is a WiFi extender from the Chinese company Tenda. By sending an overly long string using the wrlEn parameter, a remote attacker could exploit this vulnerability to execute arbitrary code on the system",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-47126"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003801"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-02197"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-47126",
            "trust": 3.9
          },
          {
            "db": "LENOVO",
            "id": "LEN-435",
            "trust": 0.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003801",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-02197",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4172",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47126",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02197"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47126"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003801"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4172"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47126"
          }
        ]
      },
      "id": "VAR-202212-2543",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02197"
          }
        ],
        "trust": 1.2666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02197"
          }
        ]
      },
      "last_update_date": "2025-04-11T23:02:35.946000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.tenda.com.cn/default.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003801"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003801"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47126"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://brief-nymphea-813.notion.site/vul13-a15-bof-wifibasicset-wrlen-435c4b5b694140778ca491fb03a065f7"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-47126"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-47126/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02197"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47126"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003801"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4172"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47126"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02197"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47126"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003801"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4172"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47126"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-01-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-02197"
          },
          {
            "date": "2022-12-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-47126"
          },
          {
            "date": "2023-03-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-003801"
          },
          {
            "date": "2022-12-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202212-4172"
          },
          {
            "date": "2022-12-30T21:15:11.700000",
            "db": "NVD",
            "id": "CVE-2022-47126"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-01-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-02197"
          },
          {
            "date": "2022-12-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-47126"
          },
          {
            "date": "2023-03-09T02:29:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-003801"
          },
          {
            "date": "2023-01-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202212-4172"
          },
          {
            "date": "2025-04-11T15:15:43.570000",
            "db": "NVD",
            "id": "CVE-2022-47126"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4172"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda\u00a0A15\u00a0 Out-of-bounds write vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003801"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4172"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202212-2506

    Vulnerability from variot - Updated: 2025-04-11 23:00

    Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepauth parameter at /goform/WifiBasicSet. Tenda A15 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda A15 is a WiFi extender from the Chinese company Tenda. The vulnerability stems from the lack of length check of the input data in the wepauth parameter of /goform/WifiBasicSet. Attackers can use this vulnerability to execute arbitrary code on the system

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202212-2506",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "a15",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "15.13.07.13"
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": "a15  firmware  15.13.07.13"
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "tenda",
            "version": "v15.13.07.13"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02261"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003841"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47115"
          }
        ]
      },
      "cve": "CVE-2022-47115",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2023-02261",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-47115",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-47115",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-47115",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-47115",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-47115",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-02261",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202212-4155",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02261"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003841"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4155"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47115"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47115"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepauth parameter at /goform/WifiBasicSet. Tenda A15 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda A15 is a WiFi extender from the Chinese company Tenda. The vulnerability stems from the lack of length check of the input data in the wepauth parameter of /goform/WifiBasicSet. Attackers can use this vulnerability to execute arbitrary code on the system",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-47115"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003841"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-02261"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-47115",
            "trust": 3.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003841",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-02261",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4155",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47115",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02261"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47115"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003841"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4155"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47115"
          }
        ]
      },
      "id": "VAR-202212-2506",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02261"
          }
        ],
        "trust": 1.2666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02261"
          }
        ]
      },
      "last_update_date": "2025-04-11T23:00:56.635000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.tenda.com.cn/default.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003841"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003841"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47115"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "https://brief-nymphea-813.notion.site/vul5-a15-bof-wifibasicset-wepauth-e1b6244caaf44f1a940b7aa861859828"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-47115"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-47115/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02261"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47115"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003841"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4155"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47115"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02261"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47115"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003841"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4155"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47115"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-01-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-02261"
          },
          {
            "date": "2022-12-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-47115"
          },
          {
            "date": "2023-03-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-003841"
          },
          {
            "date": "2022-12-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202212-4155"
          },
          {
            "date": "2022-12-30T21:15:11.050000",
            "db": "NVD",
            "id": "CVE-2022-47115"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-01-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-02261"
          },
          {
            "date": "2022-12-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-47115"
          },
          {
            "date": "2023-03-09T07:29:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-003841"
          },
          {
            "date": "2023-01-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202212-4155"
          },
          {
            "date": "2025-04-11T15:15:42.107000",
            "db": "NVD",
            "id": "CVE-2022-47115"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4155"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda\u00a0A15\u00a0 Out-of-bounds write vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003841"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4155"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202212-2358

    Vulnerability from variot - Updated: 2025-04-11 22:57

    Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wrlPwd_5g parameter at /goform/WifiBasicSet. Tenda A15 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda A15 is a WiFi extender from Chinese company Tenda. By sending an overly long string with the wrlPwd_5g parameter, a remote attacker could exploit this vulnerability to execute arbitrary code on the system

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202212-2358",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "a15",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "15.13.07.13"
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": "a15  firmware  15.13.07.13"
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "tenda",
            "version": "v15.13.07.13"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02198"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003816"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47122"
          }
        ]
      },
      "cve": "CVE-2022-47122",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2023-02198",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-47122",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-47122",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-47122",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-47122",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-47122",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-02198",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202212-4148",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02198"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003816"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4148"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47122"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47122"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wrlPwd_5g parameter at /goform/WifiBasicSet. Tenda A15 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda A15 is a WiFi extender from Chinese company Tenda. By sending an overly long string with the wrlPwd_5g parameter, a remote attacker could exploit this vulnerability to execute arbitrary code on the system",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-47122"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003816"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-02198"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47122"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-47122",
            "trust": 3.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003816",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-02198",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4148",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47122",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02198"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47122"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003816"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4148"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47122"
          }
        ]
      },
      "id": "VAR-202212-2358",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02198"
          }
        ],
        "trust": 1.2666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02198"
          }
        ]
      },
      "last_update_date": "2025-04-11T22:57:41.353000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.tenda.com.cn/default.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003816"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003816"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47122"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://brief-nymphea-813.notion.site/vul12-a15-bof-wifibasicset-wrlpwd_5g-a8434999a032431bb4098933f71549e3"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-47122"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-47122/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02198"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47122"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003816"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4148"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47122"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02198"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47122"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003816"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4148"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47122"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-01-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-02198"
          },
          {
            "date": "2022-12-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-47122"
          },
          {
            "date": "2023-03-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-003816"
          },
          {
            "date": "2022-12-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202212-4148"
          },
          {
            "date": "2022-12-30T21:15:11.507000",
            "db": "NVD",
            "id": "CVE-2022-47122"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-01-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-02198"
          },
          {
            "date": "2022-12-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-47122"
          },
          {
            "date": "2023-03-09T02:56:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-003816"
          },
          {
            "date": "2023-01-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202212-4148"
          },
          {
            "date": "2025-04-11T15:15:42.913000",
            "db": "NVD",
            "id": "CVE-2022-47122"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4148"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda\u00a0A15\u00a0 Out-of-bounds write vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003816"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4148"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202212-2463

    Vulnerability from variot - Updated: 2025-04-11 22:57

    Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepkey1 parameter at /goform/WifiBasicSet. Tenda A15 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda A15 is a WiFi extender from the Chinese company Tenda. The vulnerability stems from the fact that the wepkey1 parameter of /goform/WifiBasicSet lacks a length check on the input data. Attackers can use this vulnerability to execute arbitrary code on the system

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202212-2463",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "a15",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "15.13.07.13"
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": "a15  firmware  15.13.07.13"
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "tenda",
            "version": "v15.13.07.13"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02262"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003821"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47118"
          }
        ]
      },
      "cve": "CVE-2022-47118",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2023-02262",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-47118",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-47118",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-47118",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-47118",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-47118",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-02262",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202212-4152",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02262"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003821"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4152"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47118"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47118"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepkey1 parameter at /goform/WifiBasicSet. Tenda A15 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda A15 is a WiFi extender from the Chinese company Tenda. The vulnerability stems from the fact that the wepkey1 parameter of /goform/WifiBasicSet lacks a length check on the input data. Attackers can use this vulnerability to execute arbitrary code on the system",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-47118"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003821"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-02262"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-47118",
            "trust": 3.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003821",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-02262",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4152",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47118",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02262"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47118"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003821"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4152"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47118"
          }
        ]
      },
      "id": "VAR-202212-2463",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02262"
          }
        ],
        "trust": 1.2666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02262"
          }
        ]
      },
      "last_update_date": "2025-04-11T22:57:41.323000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.tenda.com.cn/default.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003821"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003821"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47118"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://brief-nymphea-813.notion.site/vul7-a15-bof-wifibasicset-wepkey1-f89406bc85b04e53ad970a7cc847df25"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-47118"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-47118/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02262"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47118"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003821"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4152"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47118"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02262"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47118"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003821"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4152"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47118"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-01-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-02262"
          },
          {
            "date": "2022-12-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-47118"
          },
          {
            "date": "2023-03-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-003821"
          },
          {
            "date": "2022-12-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202212-4152"
          },
          {
            "date": "2022-12-30T21:15:11.203000",
            "db": "NVD",
            "id": "CVE-2022-47118"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-01-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-02262"
          },
          {
            "date": "2022-12-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-47118"
          },
          {
            "date": "2023-03-09T03:15:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-003821"
          },
          {
            "date": "2023-01-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202212-4152"
          },
          {
            "date": "2025-04-10T19:15:49.883000",
            "db": "NVD",
            "id": "CVE-2022-47118"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4152"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda\u00a0A15\u00a0 Out-of-bounds write vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003821"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4152"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202212-2505

    Vulnerability from variot - Updated: 2025-04-11 22:57

    Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wrlEn_5g parameter at /goform/WifiBasicSet. Tenda A15 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda A15 is a WiFi extender from the Chinese company Tenda. By sending an overly long string with the wrlEn_5g parameter, a remote attacker could exploit this vulnerability to execute arbitrary code on the system

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202212-2505",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "a15",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "15.13.07.13"
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": "a15  firmware  15.13.07.13"
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "tenda",
            "version": "v15.13.07.13"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02266"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003797"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47125"
          }
        ]
      },
      "cve": "CVE-2022-47125",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2023-02266",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-47125",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-47125",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-47125",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-47125",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-47125",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-02266",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202212-4141",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02266"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003797"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4141"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47125"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47125"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wrlEn_5g parameter at /goform/WifiBasicSet. Tenda A15 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda A15 is a WiFi extender from the Chinese company Tenda. By sending an overly long string with the wrlEn_5g parameter, a remote attacker could exploit this vulnerability to execute arbitrary code on the system",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-47125"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003797"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-02266"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-47125",
            "trust": 3.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003797",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-02266",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4141",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47125",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02266"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47125"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003797"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4141"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47125"
          }
        ]
      },
      "id": "VAR-202212-2505",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02266"
          }
        ],
        "trust": 1.2666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02266"
          }
        ]
      },
      "last_update_date": "2025-04-11T22:57:41.294000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.tenda.com.cn/default.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003797"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003797"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47125"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "https://brief-nymphea-813.notion.site/vul14-a15-bof-wifibasicset-wrlen_5g-4cb7b8ecc79a4063b707a9cc8a4ff579"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-47125"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-47125/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02266"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47125"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003797"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4141"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47125"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02266"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47125"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003797"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4141"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47125"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-01-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-02266"
          },
          {
            "date": "2022-12-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-47125"
          },
          {
            "date": "2023-03-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-003797"
          },
          {
            "date": "2022-12-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202212-4141"
          },
          {
            "date": "2022-12-30T21:15:11.657000",
            "db": "NVD",
            "id": "CVE-2022-47125"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-01-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-02266"
          },
          {
            "date": "2022-12-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-47125"
          },
          {
            "date": "2023-03-09T02:25:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-003797"
          },
          {
            "date": "2023-01-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202212-4141"
          },
          {
            "date": "2025-04-11T15:15:43.403000",
            "db": "NVD",
            "id": "CVE-2022-47125"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4141"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda\u00a0A15\u00a0 Out-of-bounds write vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003797"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4141"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202212-2399

    Vulnerability from variot - Updated: 2025-04-11 22:52

    Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepkey4 parameter at /goform/WifiBasicSet. Tenda A15 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda A15 is a WiFi extender from the Chinese company Tenda. The vulnerability stems from the fact that the wepkey4 parameter of /goform/WifiBasicSet lacks a length check on the input data. Attackers can use this vulnerability to execute arbitrary code on the system

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202212-2399",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "a15",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "15.13.07.13"
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": "a15  firmware  15.13.07.13"
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "tenda",
            "version": "v15.13.07.13"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02265"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003819"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47124"
          }
        ]
      },
      "cve": "CVE-2022-47124",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2023-02265",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-47124",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-47124",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-47124",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-47124",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-47124",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-02265",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202212-4145",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02265"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003819"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4145"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47124"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47124"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepkey4 parameter at /goform/WifiBasicSet. Tenda A15 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda A15 is a WiFi extender from the Chinese company Tenda. The vulnerability stems from the fact that the wepkey4 parameter of /goform/WifiBasicSet lacks a length check on the input data. Attackers can use this vulnerability to execute arbitrary code on the system",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-47124"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003819"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-02265"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-47124",
            "trust": 3.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003819",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-02265",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4145",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47124",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02265"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47124"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003819"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4145"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47124"
          }
        ]
      },
      "id": "VAR-202212-2399",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02265"
          }
        ],
        "trust": 1.2666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02265"
          }
        ]
      },
      "last_update_date": "2025-04-11T22:52:08.935000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.tenda.com.cn/default.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003819"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003819"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47124"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://brief-nymphea-813.notion.site/vul10-a15-bof-wifibasicset-wepkey4-c3f45defd9e740efaa06a2f3fa8c40d8"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-47124"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-47124/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02265"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47124"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003819"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4145"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47124"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02265"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47124"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003819"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4145"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47124"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-01-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-02265"
          },
          {
            "date": "2022-12-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-47124"
          },
          {
            "date": "2023-03-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-003819"
          },
          {
            "date": "2022-12-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202212-4145"
          },
          {
            "date": "2022-12-30T21:15:11.607000",
            "db": "NVD",
            "id": "CVE-2022-47124"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-01-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-02265"
          },
          {
            "date": "2022-12-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-47124"
          },
          {
            "date": "2023-03-09T03:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-003819"
          },
          {
            "date": "2023-01-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202212-4145"
          },
          {
            "date": "2025-04-11T15:15:43.243000",
            "db": "NVD",
            "id": "CVE-2022-47124"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4145"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda\u00a0A15\u00a0 Out-of-bounds write vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003819"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4145"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202212-2462

    Vulnerability from variot - Updated: 2025-04-11 22:52

    Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepkey2 parameter at /goform/WifiBasicSet. Tenda A15 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda A15 is a WiFi extender from the Chinese company Tenda. The vulnerability stems from the fact that the wepkey2 parameter of /goform/WifiBasicSet lacks a length check on the input data. Attackers can use this vulnerability to execute arbitrary code on the system

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202212-2462",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "a15",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "15.13.07.13"
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": "a15  firmware  15.13.07.13"
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "tenda",
            "version": "v15.13.07.13"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02263"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003813"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47128"
          }
        ]
      },
      "cve": "CVE-2022-47128",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2023-02263",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-47128",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-47128",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-47128",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-47128",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-47128",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-02263",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202212-4200",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02263"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003813"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4200"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47128"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47128"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepkey2 parameter at /goform/WifiBasicSet. Tenda A15 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda A15 is a WiFi extender from the Chinese company Tenda. The vulnerability stems from the fact that the wepkey2 parameter of /goform/WifiBasicSet lacks a length check on the input data. Attackers can use this vulnerability to execute arbitrary code on the system",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-47128"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003813"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-02263"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-47128",
            "trust": 3.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003813",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-02263",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4200",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47128",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02263"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47128"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003813"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4200"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47128"
          }
        ]
      },
      "id": "VAR-202212-2462",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02263"
          }
        ],
        "trust": 1.2666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02263"
          }
        ]
      },
      "last_update_date": "2025-04-11T22:52:08.352000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.tenda.com.cn/default.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003813"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003813"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47128"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://brief-nymphea-813.notion.site/vul8-a15-bof-wifibasicset-wepkey2-cfe7c57e720b44feb102979af993964b"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-47128"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-47128/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02263"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47128"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003813"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4200"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47128"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02263"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47128"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003813"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4200"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47128"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-01-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-02263"
          },
          {
            "date": "2022-12-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-47128"
          },
          {
            "date": "2023-03-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-003813"
          },
          {
            "date": "2022-12-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202212-4200"
          },
          {
            "date": "2022-12-30T21:15:11.797000",
            "db": "NVD",
            "id": "CVE-2022-47128"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-01-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-02263"
          },
          {
            "date": "2022-12-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-47128"
          },
          {
            "date": "2023-03-09T02:48:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-003813"
          },
          {
            "date": "2023-01-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202212-4200"
          },
          {
            "date": "2025-04-11T15:15:43.890000",
            "db": "NVD",
            "id": "CVE-2022-47128"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4200"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda\u00a0A15\u00a0 Out-of-bounds write vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003813"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4200"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202212-2435

    Vulnerability from variot - Updated: 2025-04-11 22:44

    Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepkey3 parameter at /goform/WifiBasicSet. Tenda A15 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda A15 is a WiFi extender from the Chinese company Tenda. The vulnerability stems from the fact that the wepkey3 parameter of /goform/WifiBasicSet lacks a length check on the input data. Attackers can use this vulnerability to execute arbitrary code on the system

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202212-2435",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "a15",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "15.13.07.13"
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": "a15  firmware  15.13.07.13"
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "tenda",
            "version": "v15.13.07.13"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02264"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003818"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47123"
          }
        ]
      },
      "cve": "CVE-2022-47123",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2023-02264",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-47123",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-47123",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-47123",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-47123",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2022-47123",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-02264",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202212-4147",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02264"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003818"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4147"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47123"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47123"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepkey3 parameter at /goform/WifiBasicSet. Tenda A15 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda A15 is a WiFi extender from the Chinese company Tenda. The vulnerability stems from the fact that the wepkey3 parameter of /goform/WifiBasicSet lacks a length check on the input data. Attackers can use this vulnerability to execute arbitrary code on the system",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-47123"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003818"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-02264"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-47123",
            "trust": 3.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003818",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-02264",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4147",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47123",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02264"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47123"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003818"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4147"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47123"
          }
        ]
      },
      "id": "VAR-202212-2435",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02264"
          }
        ],
        "trust": 1.2666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02264"
          }
        ]
      },
      "last_update_date": "2025-04-11T22:44:48.175000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.tenda.com.cn/default.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003818"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003818"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47123"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://brief-nymphea-813.notion.site/vul9-a15-bof-wifibasicset-wepkey3-68f034f5ba4e43f8bfe3de275c2221c0"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-47123"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-47123/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02264"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47123"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003818"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4147"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47123"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-02264"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-47123"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003818"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4147"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-47123"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-01-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-02264"
          },
          {
            "date": "2022-12-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-47123"
          },
          {
            "date": "2023-03-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-003818"
          },
          {
            "date": "2022-12-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202212-4147"
          },
          {
            "date": "2022-12-30T21:15:11.560000",
            "db": "NVD",
            "id": "CVE-2022-47123"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-01-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-02264"
          },
          {
            "date": "2022-12-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-47123"
          },
          {
            "date": "2023-03-09T02:58:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-003818"
          },
          {
            "date": "2023-01-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202212-4147"
          },
          {
            "date": "2025-04-11T15:15:43.070000",
            "db": "NVD",
            "id": "CVE-2022-47123"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4147"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda\u00a0A15\u00a0 Out-of-bounds write vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-003818"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-4147"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202401-0743

    Vulnerability from variot - Updated: 2025-02-18 23:34

    A vulnerability was found in Tenda A15 15.13.07.13. It has been declared as critical. This vulnerability affects the function set_repeat5 of the file /goform/WifiExtraSet of the component Web-based Management Interface. The manipulation of the argument wpapsk_crypto2_4g/wpapsk_crypto5g leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. of A15 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability is caused by the wpapsk_crypto2_4g parameter of the /goform/WifiExtraSet file failing to correctly verify the length of the input data. A remote attacker can use this vulnerability to execute arbitrary code on the system or cause a denial of Service attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202401-0743",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "a15",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "tenda",
            "version": "15.13.07.13"
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": "a15  firmware  15.13.07.13"
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "a15",
            "scope": null,
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-05736"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001447"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-0532"
          }
        ]
      },
      "cve": "CVE-2024-0532",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "MULTIPLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.4,
                "id": "CVE-2024-0532",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "MULTIPLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.4,
                "id": "CNVD-2024-05736",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2024-0532",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2024-0532",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2024-0532",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2024-0532",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2024-0532",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2024-05736",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-05736"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001447"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-0532"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-0532"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability was found in Tenda A15 15.13.07.13. It has been declared as critical. This vulnerability affects the function set_repeat5 of the file /goform/WifiExtraSet of the component Web-based Management Interface. The manipulation of the argument wpapsk_crypto2_4g/wpapsk_crypto5g leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. of A15 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability is caused by the wpapsk_crypto2_4g parameter of the /goform/WifiExtraSet file failing to correctly verify the length of the input data. A remote attacker can use this vulnerability to execute arbitrary code on the system or cause a denial of Service attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-0532"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001447"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-05736"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-0532",
            "trust": 3.2
          },
          {
            "db": "VULDB",
            "id": "250702",
            "trust": 1.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001447",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-05736",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-05736"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001447"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-0532"
          }
        ]
      },
      "id": "VAR-202401-0743",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-05736"
          }
        ],
        "trust": 1.2666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-05736"
          }
        ]
      },
      "last_update_date": "2025-02-18T23:34:09.764000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for Tenda A15 wpapsk_crypto2_4g parameter buffer overflow vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/521186"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-05736"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001447"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-0532"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://github.com/yaoyue123/iot/blob/main/tenda/a15/wifextraset.md"
          },
          {
            "trust": 1.6,
            "url": "https://vuldb.com/?id.250702"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?submit.262690"
          },
          {
            "trust": 1.0,
            "url": "https://www.tenda.com.cn/"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.250702"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-0532"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-05736"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001447"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-0532"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-05736"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001447"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-0532"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-01-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-05736"
          },
          {
            "date": "2024-02-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-001447"
          },
          {
            "date": "2024-01-15T02:15:15.650000",
            "db": "NVD",
            "id": "CVE-2024-0532"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-01-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-05736"
          },
          {
            "date": "2024-02-05T05:07:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-001447"
          },
          {
            "date": "2025-02-16T09:15:07.263000",
            "db": "NVD",
            "id": "CVE-2024-0532"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0A15\u00a0 Out-of-bounds write vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001447"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202401-0377

    Vulnerability from variot - Updated: 2024-08-14 15:31

    A vulnerability was found in Tenda A15 15.13.07.13. It has been classified as critical. This affects an unknown part of the file /goform/setBlackRule of the component Web-based Management Interface. The manipulation of the argument deviceList leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250701 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. of A15 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability is caused by the deviceList parameter of the /goform/setBlackRule file failing to correctly verify the length of the input data. A remote attacker can use this vulnerability to execute arbitrary code on the system or cause a denial of Service attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202401-0377",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "a15",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "tenda",
            "version": "15.13.07.13"
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": "a15  firmware  15.13.07.13"
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "a15",
            "scope": null,
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-05733"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001446"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-0531"
          }
        ]
      },
      "cve": "CVE-2024-0531",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "MULTIPLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.4,
                "id": "CVE-2024-0531",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "MULTIPLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.4,
                "id": "CNVD-2024-05733",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2024-0531",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2024-0531",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2024-0531",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2024-0531",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2024-0531",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2024-05733",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-05733"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001446"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-0531"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-0531"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability was found in Tenda A15 15.13.07.13. It has been classified as critical. This affects an unknown part of the file /goform/setBlackRule of the component Web-based Management Interface. The manipulation of the argument deviceList leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250701 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. of A15 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability is caused by the deviceList parameter of the /goform/setBlackRule file failing to correctly verify the length of the input data. A remote attacker can use this vulnerability to execute arbitrary code on the system or cause a denial of Service attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-0531"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001446"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-05733"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-0531",
            "trust": 3.2
          },
          {
            "db": "VULDB",
            "id": "250701",
            "trust": 1.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001446",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-05733",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-05733"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001446"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-0531"
          }
        ]
      },
      "id": "VAR-202401-0377",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-05733"
          }
        ],
        "trust": 1.2666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-05733"
          }
        ]
      },
      "last_update_date": "2024-08-14T15:31:40.606000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for Tenda A15 deviceList parameter buffer overflow vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/521171"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-05733"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001446"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-0531"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://github.com/yaoyue123/iot/blob/main/tenda/a15/setblackrule.md"
          },
          {
            "trust": 1.6,
            "url": "https://vuldb.com/?id.250701"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.250701"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-0531"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-05733"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001446"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-0531"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-05733"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001446"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-0531"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-01-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-05733"
          },
          {
            "date": "2024-02-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-001446"
          },
          {
            "date": "2024-01-15T02:15:15.410000",
            "db": "NVD",
            "id": "CVE-2024-0531"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-01-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-05733"
          },
          {
            "date": "2024-02-05T05:06:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-001446"
          },
          {
            "date": "2024-05-17T02:34:44.387000",
            "db": "NVD",
            "id": "CVE-2024-0531"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0A15\u00a0 Out-of-bounds write vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001446"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202401-0279

    Vulnerability from variot - Updated: 2024-08-14 14:59

    A vulnerability was found in Tenda A15 15.13.07.13. It has been rated as critical. This issue affects some unknown processing of the file /goform/SetOnlineDevName of the component Web-based Management Interface. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250703. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. of A15 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability is caused by the devName parameter of the /goform/SetOnlineDevName file failing to correctly verify the length of the input data. A remote attacker can use this vulnerability to execute arbitrary code on the system or cause a denial of Service attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202401-0279",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "a15",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "tenda",
            "version": "15.13.07.13"
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": "a15  firmware  15.13.07.13"
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "a15",
            "scope": null,
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-05734"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001448"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-0533"
          }
        ]
      },
      "cve": "CVE-2024-0533",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "MULTIPLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.4,
                "id": "CVE-2024-0533",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "MULTIPLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.4,
                "id": "CNVD-2024-05734",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2024-0533",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2024-0533",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2024-0533",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2024-0533",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2024-0533",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2024-05734",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-05734"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001448"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-0533"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-0533"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability was found in Tenda A15 15.13.07.13. It has been rated as critical. This issue affects some unknown processing of the file /goform/SetOnlineDevName of the component Web-based Management Interface. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250703. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. of A15 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability is caused by the devName parameter of the /goform/SetOnlineDevName file failing to correctly verify the length of the input data. A remote attacker can use this vulnerability to execute arbitrary code on the system or cause a denial of Service attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-0533"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001448"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-05734"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-0533",
            "trust": 3.2
          },
          {
            "db": "VULDB",
            "id": "250703",
            "trust": 1.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001448",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-05734",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-05734"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001448"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-0533"
          }
        ]
      },
      "id": "VAR-202401-0279",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-05734"
          }
        ],
        "trust": 1.2666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-05734"
          }
        ]
      },
      "last_update_date": "2024-08-14T14:59:54.246000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for Tenda A15 devName parameter buffer overflow vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/521176"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-05734"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001448"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-0533"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://github.com/yaoyue123/iot/blob/main/tenda/a15/setonlinedevname.devname.md"
          },
          {
            "trust": 1.6,
            "url": "https://vuldb.com/?id.250703"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.250703"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-0533"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-05734"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001448"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-0533"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-05734"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001448"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-0533"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-01-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-05734"
          },
          {
            "date": "2024-02-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-001448"
          },
          {
            "date": "2024-01-15T03:15:08.087000",
            "db": "NVD",
            "id": "CVE-2024-0533"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-01-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-05734"
          },
          {
            "date": "2024-02-05T05:08:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-001448"
          },
          {
            "date": "2024-05-17T02:34:44.593000",
            "db": "NVD",
            "id": "CVE-2024-0533"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0A15\u00a0 Out-of-bounds write vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001448"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202401-0468

    Vulnerability from variot - Updated: 2024-08-14 14:59

    A vulnerability classified as critical has been found in Tenda A15 15.13.07.13. Affected is an unknown function of the file /goform/SetOnlineDevName of the component Web-based Management Interface. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250704. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of A15 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability is caused by the mac parameter of the /goform/SetOnlineDevName file failing to correctly verify the length of the input data. A remote attacker can use this vulnerability to execute arbitrary code on the system or cause a denial of Service attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202401-0468",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "a15",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "tenda",
            "version": "15.13.07.13"
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": "a15  firmware  15.13.07.13"
          },
          {
            "model": "a15",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "a15",
            "scope": null,
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-05735"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001449"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-0534"
          }
        ]
      },
      "cve": "CVE-2024-0534",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "MULTIPLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.4,
                "id": "CVE-2024-0534",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "MULTIPLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.4,
                "id": "CNVD-2024-05735",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2024-0534",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2024-0534",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2024-0534",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2024-0534",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2024-0534",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2024-05735",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-05735"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001449"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-0534"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-0534"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability classified as critical has been found in Tenda A15 15.13.07.13. Affected is an unknown function of the file /goform/SetOnlineDevName of the component Web-based Management Interface. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250704. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of A15 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability is caused by the mac parameter of the /goform/SetOnlineDevName file failing to correctly verify the length of the input data. A remote attacker can use this vulnerability to execute arbitrary code on the system or cause a denial of Service attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-0534"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001449"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-05735"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-0534",
            "trust": 3.2
          },
          {
            "db": "VULDB",
            "id": "250704",
            "trust": 1.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001449",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-05735",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-05735"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001449"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-0534"
          }
        ]
      },
      "id": "VAR-202401-0468",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-05735"
          }
        ],
        "trust": 1.2666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-05735"
          }
        ]
      },
      "last_update_date": "2024-08-14T14:59:54.058000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for Tenda A15 mac parameter buffer overflow vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/521181"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-05735"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001449"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-0534"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://github.com/yaoyue123/iot/blob/main/tenda/a15/setonlinedevname.mac.md"
          },
          {
            "trust": 1.6,
            "url": "https://vuldb.com/?id.250704"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.250704"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-0534"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-05735"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001449"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-0534"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-05735"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001449"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-0534"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-01-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-05735"
          },
          {
            "date": "2024-02-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-001449"
          },
          {
            "date": "2024-01-15T03:15:08.540000",
            "db": "NVD",
            "id": "CVE-2024-0534"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-01-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-05735"
          },
          {
            "date": "2024-02-05T05:09:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-001449"
          },
          {
            "date": "2024-05-17T02:34:44.697000",
            "db": "NVD",
            "id": "CVE-2024-0534"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0A15\u00a0 Out-of-bounds write vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-001449"
          }
        ],
        "trust": 0.8
      }
    }