Search

Find a vulnerability

Search criteria

    98 vulnerabilities found for ac10 by tenda

    VAR-202511-0057

    Vulnerability from variot - Updated: 2025-11-19 23:17

    A vulnerability was determined in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function formSysRunCmd of the file /goform/SysRunCmd. This manipulation of the argument getui causes buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. Attackers can exploit this vulnerability to trigger a buffer overflow by constructing malicious parameters, thereby achieving remote code execution

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202511-0057",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "tenda",
            "version": "16.03.10.13"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27114"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-12622"
          }
        ]
      },
      "cve": "CVE-2025-12622",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2025-12622",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-27114",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2025-12622",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2025-12622",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2025-12622",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2025-12622",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-27114",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27114"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-12622"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-12622"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability was determined in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function formSysRunCmd of the file /goform/SysRunCmd. This manipulation of the argument getui causes buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. Attackers can exploit this vulnerability to trigger a buffer overflow by constructing malicious parameters, thereby achieving remote code execution",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-12622"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-27114"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-12622",
            "trust": 1.6
          },
          {
            "db": "VULDB",
            "id": "330914",
            "trust": 1.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-27114",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27114"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-12622"
          }
        ]
      },
      "id": "VAR-202511-0057",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27114"
          }
        ],
        "trust": 0.86649562
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27114"
          }
        ]
      },
      "last_update_date": "2025-11-19T23:17:52.944000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-120",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-119",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-12622"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://vuldb.com/?id.330914"
          },
          {
            "trust": 1.6,
            "url": "https://vuldb.com/?ctiid.330914"
          },
          {
            "trust": 1.6,
            "url": "https://vuldb.com/?submit.678889"
          },
          {
            "trust": 1.6,
            "url": "https://www.yuque.com/ba1ma0-an29k/nnxoap/rg8eug0zk8ep3zne?singledoc"
          },
          {
            "trust": 1.6,
            "url": "https://pan.baidu.com/s/1jl1zy5niigg1xym8zch_lg"
          },
          {
            "trust": 1.6,
            "url": "https://www.tenda.com.cn/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27114"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-12622"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27114"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-12622"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-11-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-27114"
          },
          {
            "date": "2025-11-03T08:15:33.640000",
            "db": "NVD",
            "id": "CVE-2025-12622"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-11-07T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-27114"
          },
          {
            "date": "2025-11-05T14:34:51.870000",
            "db": "NVD",
            "id": "CVE-2025-12622"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda AC10 buffer overflow vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-27114"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201810-0977

    Vulnerability from variot - Updated: 2025-11-18 15:28

    An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted goform/setUsbUnload request. This occurs because the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input. Tenda AC7 , AC9 ,and AC10 The firmware contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Tenda AC7, AC9 and AC10 are all wireless router products from China Tenda.

    Tenda AC7, AC9 and AC10 have command injection vulnerabilities. The following products and versions are affected: Tenda AC7 (using firmware 15.03.06.44_CN and earlier); AC9 (using firmware 15.03.05.19(6318)_CN and earlier); AC10 (using firmware 15.03.06.23_CN and earlier)

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0977",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ac10",
            "scope": "lte",
            "trust": 1.8,
            "vendor": "tenda",
            "version": "15.03.06.23_cn"
          },
          {
            "model": "ac7",
            "scope": "lte",
            "trust": 1.8,
            "vendor": "tenda",
            "version": "15.03.06.44_cn"
          },
          {
            "model": "ac9",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "15.03.05.19\\(6318\\)_cn"
          },
          {
            "model": "ac9",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "tenda",
            "version": "15.03.05.19(6318)_cn"
          },
          {
            "model": "ac7 \u003c=15.03.06.44 cn",
            "scope": null,
            "trust": 0.6,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "ac10 \u003c=15.03.06.23 cn",
            "scope": null,
            "trust": 0.6,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "ac9 \u003c=15.03.05.19 cn",
            "scope": null,
            "trust": 0.6,
            "vendor": "tenda",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-35174"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013995"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14558"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:tenda:ac10_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:tenda:ac7_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:tenda:ac9_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013995"
          }
        ]
      },
      "cve": "CVE-2018-14558",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-14558",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-35174",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-124729",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-14558",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-14558",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-14558",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2018-14558",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-14558",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-35174",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201810-1439",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-124729",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2018-14558",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-35174"
          },
          {
            "db": "VULHUB",
            "id": "VHN-124729"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-14558"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-1439"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013995"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14558"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14558"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted goform/setUsbUnload request. This occurs because the \"formsetUsbUnload\" function executes a dosystemCmd function with untrusted input. Tenda AC7 , AC9 ,and AC10 The firmware contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Tenda AC7, AC9 and AC10 are all wireless router products from China Tenda. \n\r\n\r\nTenda AC7, AC9 and AC10 have command injection vulnerabilities. The following products and versions are affected: Tenda AC7 (using firmware 15.03.06.44_CN and earlier); AC9 (using firmware 15.03.05.19(6318)_CN and earlier); AC10 (using firmware 15.03.06.23_CN and earlier)",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-14558"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013995"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-35174"
          },
          {
            "db": "VULHUB",
            "id": "VHN-124729"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-14558"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-14558",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013995",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-1439",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-35174",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-124729",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-14558",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-35174"
          },
          {
            "db": "VULHUB",
            "id": "VHN-124729"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-14558"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-1439"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013995"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14558"
          }
        ]
      },
      "id": "VAR-201810-0977",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-35174"
          },
          {
            "db": "VULHUB",
            "id": "VHN-124729"
          }
        ],
        "trust": 1.440988034
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-35174"
          }
        ]
      },
      "last_update_date": "2025-11-18T15:28:39.538000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.tenda.com.cn/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013995"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-77",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-124729"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013995"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14558"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.6,
            "url": "https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-01/tenda.md"
          },
          {
            "trust": 1.0,
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2018-14558"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14558"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14558"
          },
          {
            "trust": 0.6,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14558"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/78.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-35174"
          },
          {
            "db": "VULHUB",
            "id": "VHN-124729"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-14558"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-1439"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013995"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14558"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-35174"
          },
          {
            "db": "VULHUB",
            "id": "VHN-124729"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-14558"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-1439"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013995"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14558"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-06-30T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-35174"
          },
          {
            "date": "2018-10-30T00:00:00",
            "db": "VULHUB",
            "id": "VHN-124729"
          },
          {
            "date": "2018-10-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-14558"
          },
          {
            "date": "2018-10-31T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201810-1439"
          },
          {
            "date": "2019-03-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-013995"
          },
          {
            "date": "2018-10-30T18:29:00.580000",
            "db": "NVD",
            "id": "CVE-2018-14558"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-06-30T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-35174"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-124729"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-14558"
          },
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201810-1439"
          },
          {
            "date": "2019-03-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-013995"
          },
          {
            "date": "2025-11-07T19:14:06.623000",
            "db": "NVD",
            "id": "CVE-2018-14558"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-1439"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Tenda Command injection vulnerability in product firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013995"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-1439"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202508-2731

    Vulnerability from variot - Updated: 2025-09-11 23:47

    The AC10 is a high-performance router designed with gigabit ports on both the WAN and LAN ports.

    The Tenda AC10 contains a binary vulnerability that could be exploited to cause a denial of service.

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202508-2731",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "tenda",
            "version": "16.03.10.09"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20041"
          }
        ]
      },
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 2.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2025-20041",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "CNVD",
                "id": "CNVD-2025-20041",
                "trust": 0.6,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20041"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The AC10 is a high-performance router designed with gigabit ports on both the WAN and LAN ports.\n\nThe Tenda AC10 contains a binary vulnerability that could be exploited to cause a denial of service.",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20041"
          }
        ],
        "trust": 0.6
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20041",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20041"
          }
        ]
      },
      "id": "VAR-202508-2731",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20041"
          }
        ],
        "trust": 0.86649562
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20041"
          }
        ]
      },
      "last_update_date": "2025-09-11T23:47:19.274000Z",
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20041"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-08-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-20041"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-09-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-20041"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda AC10 has a binary vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20041"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202508-2967

    Vulnerability from variot - Updated: 2025-09-11 23:46

    The AC10 is a high-performance router designed with gigabit ports on both the WAN and LAN ports.

    The Tenda AC10 contains a binary vulnerability that could be exploited to cause a denial of service.

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202508-2967",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "tenda",
            "version": "16.03.10.13"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20033"
          }
        ]
      },
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 2.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2025-20033",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "CNVD",
                "id": "CNVD-2025-20033",
                "trust": 0.6,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20033"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The AC10 is a high-performance router designed with gigabit ports on both the WAN and LAN ports.\n\nThe Tenda AC10 contains a binary vulnerability that could be exploited to cause a denial of service.",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20033"
          }
        ],
        "trust": 0.6
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20033",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20033"
          }
        ]
      },
      "id": "VAR-202508-2967",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20033"
          }
        ],
        "trust": 0.86649562
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20033"
          }
        ]
      },
      "last_update_date": "2025-09-11T23:46:49.153000Z",
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20033"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-08-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-20033"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-09-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-20033"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda AC10 has a binary vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20033"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202508-2552

    Vulnerability from variot - Updated: 2025-09-07 23:23

    Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the Password parameter in the function R7WebsSecurityHandler. Shenzhen Tenda Technology Co.,Ltd. of AC10 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda AC10 is a dual-band gigabit wireless router launched by Shenzhen Jixiang Tengda Technology Co., Ltd., primarily for fiber optic users with speeds of 200 Mbps and above. This vulnerability stems from the failure of the Password parameter in the R7WebsSecurityHandler function to properly validate the length of input data. An attacker could exploit this vulnerability to cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202508-2552",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "16.03.10.09_multi_tde01"
          },
          {
            "model": "ac10",
            "scope": null,
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": "ac10  firmware  16.03.10.09 multi tde01"
          },
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "ac10 v16.03.10.09 multi tde01",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "tenda",
            "version": "v4.0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20141"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012925"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-57217"
          }
        ]
      },
      "cve": "CVE-2025-57217",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-20141",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2025-57217",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "Low",
                "baseScore": 5.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-012925",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2025-57217",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-012925",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-20141",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20141"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012925"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-57217"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the Password parameter in the function R7WebsSecurityHandler. Shenzhen Tenda Technology Co.,Ltd. of AC10 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda AC10 is a dual-band gigabit wireless router launched by Shenzhen Jixiang Tengda Technology Co., Ltd., primarily for fiber optic users with speeds of 200 Mbps and above. This vulnerability stems from the failure of the Password parameter in the R7WebsSecurityHandler function to properly validate the length of input data. An attacker could exploit this vulnerability to cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-57217"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012925"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-20141"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-57217",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012925",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-20141",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20141"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012925"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-57217"
          }
        ]
      },
      "id": "VAR-202508-2552",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20141"
          }
        ],
        "trust": 0.86649562
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20141"
          }
        ]
      },
      "last_update_date": "2025-09-07T23:23:52.545000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012925"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-57217"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://plaid-knot-11b.notion.site/stack-buffer-overflow-in-login-auth-via-password-parameter-remote-attacker-can-execute-arbitrary-c-23fb3e9cce32800ba969f8b3a9f80bda?source=copy_link"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-57217"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20141"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012925"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-57217"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20141"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012925"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-57217"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-09-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-20141"
          },
          {
            "date": "2025-09-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-012925"
          },
          {
            "date": "2025-08-28T18:15:32.587000",
            "db": "NVD",
            "id": "CVE-2025-57217"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-09-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-20141"
          },
          {
            "date": "2025-09-04T06:49:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-012925"
          },
          {
            "date": "2025-09-03T16:11:31.440000",
            "db": "NVD",
            "id": "CVE-2025-57217"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0AC10\u00a0 Stack-based buffer overflow vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012925"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202508-2507

    Vulnerability from variot - Updated: 2025-09-07 23:19

    Tenda AC10 v4.0 firmware v16.03.10.20 was discovered to contain a stack overflow via the function get_parentControl_list_Info. Shenzhen Tenda Technology Co.,Ltd. of AC10 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda AC10 is a dual-band gigabit wireless router launched by Shenzhen Jixiang Tengda Technology Co., Ltd., primarily targeting fiber optic users with speeds of 200 Mbps and above.

    The Tenda AC10 suffers from a stack buffer overflow vulnerability caused by the get_parentControl_list_Info function's failure to properly validate the length of input data. An attacker could exploit this vulnerability to cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202508-2507",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "16.03.10.20"
          },
          {
            "model": "ac10",
            "scope": null,
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": "ac10  firmware  16.03.10.20"
          },
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "tenda",
            "version": "v4.0v16.03.10.20"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20140"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012884"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-57215"
          }
        ]
      },
      "cve": "CVE-2025-57215",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-20140",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2025-57215",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-012884",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2025-57215",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-012884",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-20140",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20140"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012884"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-57215"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda AC10 v4.0 firmware v16.03.10.20 was discovered to contain a stack overflow via the function get_parentControl_list_Info. Shenzhen Tenda Technology Co.,Ltd. of AC10 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda AC10 is a dual-band gigabit wireless router launched by Shenzhen Jixiang Tengda Technology Co., Ltd., primarily targeting fiber optic users with speeds of 200 Mbps and above. \n\nThe Tenda AC10 suffers from a stack buffer overflow vulnerability caused by the get_parentControl_list_Info function\u0027s failure to properly validate the length of input data. An attacker could exploit this vulnerability to cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-57215"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012884"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-20140"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-57215",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012884",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-20140",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20140"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012884"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-57215"
          }
        ]
      },
      "id": "VAR-202508-2507",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20140"
          }
        ],
        "trust": 0.86649562
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20140"
          }
        ]
      },
      "last_update_date": "2025-09-07T23:19:05.018000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012884"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-57215"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://plaid-knot-11b.notion.site/heap-based-buffer-overflow-in-function-get_parentcontrol_list_info-via-deviceid-parameter-remote-at-23eb3e9cce328014a639f619bc14ed90"
          },
          {
            "trust": 1.8,
            "url": "https://www.tenda.com.cn"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-57215"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20140"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012884"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-57215"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20140"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012884"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-57215"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-09-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-20140"
          },
          {
            "date": "2025-09-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-012884"
          },
          {
            "date": "2025-08-28T19:15:33.663000",
            "db": "NVD",
            "id": "CVE-2025-57215"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-09-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-20140"
          },
          {
            "date": "2025-09-04T05:52:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-012884"
          },
          {
            "date": "2025-09-03T16:11:17.773000",
            "db": "NVD",
            "id": "CVE-2025-57215"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0AC10\u00a0 Stack-based buffer overflow vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012884"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202508-2571

    Vulnerability from variot - Updated: 2025-09-07 23:12

    Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the security_5g parameter in the function sub_46284C. Shenzhen Tenda Technology Co.,Ltd. of AC10 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda AC10 is a dual-band gigabit wireless router launched by Shenzhen Jixiang Tengda Technology Co., Ltd., primarily targeting users with fiber optic connections of 200Mbps and above. This vulnerability stems from the failure of the security_5g parameter in the sub_46284C function to properly validate the length of input data. An attacker could exploit this vulnerability to cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202508-2571",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "16.03.10.09_multi_tde01"
          },
          {
            "model": "ac10",
            "scope": null,
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": "ac10  firmware  16.03.10.09 multi tde01"
          },
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "ac10 v16.03.10.09 multi tde01",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "tenda",
            "version": "v4.0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20142"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012924"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-57218"
          }
        ]
      },
      "cve": "CVE-2025-57218",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-20142",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2025-57218",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "Low",
                "baseScore": 5.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-012924",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2025-57218",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-012924",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-20142",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20142"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012924"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-57218"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the security_5g parameter in the function sub_46284C. Shenzhen Tenda Technology Co.,Ltd. of AC10 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda AC10 is a dual-band gigabit wireless router launched by Shenzhen Jixiang Tengda Technology Co., Ltd., primarily targeting users with fiber optic connections of 200Mbps and above. This vulnerability stems from the failure of the security_5g parameter in the sub_46284C function to properly validate the length of input data. An attacker could exploit this vulnerability to cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-57218"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012924"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-20142"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-57218",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012924",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-20142",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20142"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012924"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-57218"
          }
        ]
      },
      "id": "VAR-202508-2571",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20142"
          }
        ],
        "trust": 0.86649562
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20142"
          }
        ]
      },
      "last_update_date": "2025-09-07T23:12:36.544000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012924"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-57218"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://plaid-knot-11b.notion.site/stack-buffer-overflow-in-goform-wifibasicset-via-password-parameter-remote-attacker-can-execute-ar-23fb3e9cce32807c883fc1b233e09eca?source=copy_link"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-57218"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20142"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012924"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-57218"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20142"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012924"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-57218"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-09-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-20142"
          },
          {
            "date": "2025-09-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-012924"
          },
          {
            "date": "2025-08-28T18:15:32.743000",
            "db": "NVD",
            "id": "CVE-2025-57218"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-09-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-20142"
          },
          {
            "date": "2025-09-04T06:48:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-012924"
          },
          {
            "date": "2025-09-03T16:11:25.347000",
            "db": "NVD",
            "id": "CVE-2025-57218"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0AC10\u00a0 Stack-based buffer overflow vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012924"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202508-2517

    Vulnerability from variot - Updated: 2025-09-07 19:36

    Incorrect access control in the endpoint /goform/ate of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 allows attackers to escalate privileges or access sensitive components via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of AC10 Firmware contains an access control vulnerability.Information may be obtained. The Tenda AC10 is a dual-band gigabit wireless router launched by Shenzhen Jixiang Tengda Technology Co., Ltd., primarily for users with fiber optic connections of 200Mbps and above

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202508-2517",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "16.03.10.09_multi_tde01"
          },
          {
            "model": "ac10",
            "scope": null,
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": "ac10  firmware  16.03.10.09 multi tde01"
          },
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "ac10 v16.03.10.09 multi tde01",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "tenda",
            "version": "v4.0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20144"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012839"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-57219"
          }
        ]
      },
      "cve": "CVE-2025-57219",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-20144",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "id": "CVE-2025-57219",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "None",
                "baseScore": 5.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-012839",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2025-57219",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-012839",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-20144",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20144"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012839"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-57219"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Incorrect access control in the endpoint /goform/ate of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 allows attackers to escalate privileges or access sensitive components via a crafted request. Shenzhen Tenda Technology Co.,Ltd. of AC10 Firmware contains an access control vulnerability.Information may be obtained. The Tenda AC10 is a dual-band gigabit wireless router launched by Shenzhen Jixiang Tengda Technology Co., Ltd., primarily for users with fiber optic connections of 200Mbps and above",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-57219"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012839"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-20144"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-57219",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012839",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-20144",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20144"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012839"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-57219"
          }
        ]
      },
      "id": "VAR-202508-2517",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20144"
          }
        ],
        "trust": 0.86649562
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20144"
          }
        ]
      },
      "last_update_date": "2025-09-07T19:36:12.017000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-284",
            "trust": 1.0
          },
          {
            "problemtype": "Inappropriate access control (CWE-284) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012839"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-57219"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://plaid-knot-11b.notion.site/unauthenticated-remote-access-to-ate-debug-interface-via-improper-access-controls-in-tenda-ac10-v4-23fb3e9cce328050a479e44a8c217a72?source=copy_link"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-57219"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20144"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012839"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-57219"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20144"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012839"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-57219"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-09-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-20144"
          },
          {
            "date": "2025-09-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-012839"
          },
          {
            "date": "2025-08-28T19:15:33.813000",
            "db": "NVD",
            "id": "CVE-2025-57219"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-09-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-20144"
          },
          {
            "date": "2025-09-04T01:46:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-012839"
          },
          {
            "date": "2025-09-03T16:11:12.023000",
            "db": "NVD",
            "id": "CVE-2025-57219"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0AC10\u00a0 Access control vulnerabilities in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012839"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202508-2557

    Vulnerability from variot - Updated: 2025-09-07 19:36

    An input validation flaw in the 'ate' service of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 to escalate privileges to root via a crafted UDP packet. Shenzhen Tenda Technology Co.,Ltd. of AC10 There is an input validation vulnerability in firmware.Information may be obtained. The Tenda AC10 is a dual-band gigabit wireless router launched by Shenzhen Jixiang Tengda Technology Co., Ltd., primarily for users with fiber optic connections of 200Mbps and above. Detailed vulnerability details are currently unavailable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202508-2557",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "16.03.10.09_multi_tde01"
          },
          {
            "model": "ac10",
            "scope": null,
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": "ac10  firmware  16.03.10.09 multi tde01"
          },
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "ac10 v16.03.10.09 multi tde01",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "tenda",
            "version": "v4.0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20143"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012908"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-57220"
          }
        ]
      },
      "cve": "CVE-2025-57220",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-20143",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "id": "CVE-2025-57220",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "None",
                "baseScore": 5.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-012908",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2025-57220",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-012908",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-20143",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20143"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012908"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-57220"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An input validation flaw in the \u0027ate\u0027 service of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 to escalate privileges to root via a crafted UDP packet. Shenzhen Tenda Technology Co.,Ltd. of AC10 There is an input validation vulnerability in firmware.Information may be obtained. The Tenda AC10 is a dual-band gigabit wireless router launched by Shenzhen Jixiang Tengda Technology Co., Ltd., primarily for users with fiber optic connections of 200Mbps and above. Detailed vulnerability details are currently unavailable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-57220"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012908"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-20143"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-57220",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012908",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-20143",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20143"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012908"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-57220"
          }
        ]
      },
      "id": "VAR-202508-2557",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20143"
          }
        ],
        "trust": 0.86649562
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20143"
          }
        ]
      },
      "last_update_date": "2025-09-07T19:36:11.995000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.0
          },
          {
            "problemtype": "Inappropriate input confirmation (CWE-20) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012908"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-57220"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://plaid-knot-11b.notion.site/unauthenticated-remote-root-shell-via-input-validation-flaw-in-ate-service-on-tenda-ac10-v4-0-23fb3e9cce32804d93aad7e79a82a7aa?source=copy_link"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-57220"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20143"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012908"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-57220"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-20143"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012908"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-57220"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-09-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-20143"
          },
          {
            "date": "2025-09-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-012908"
          },
          {
            "date": "2025-08-28T19:15:33.963000",
            "db": "NVD",
            "id": "CVE-2025-57220"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-09-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-20143"
          },
          {
            "date": "2025-09-04T06:28:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-012908"
          },
          {
            "date": "2025-09-03T16:11:06.807000",
            "db": "NVD",
            "id": "CVE-2025-57220"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0AC10\u00a0 Firmware Input Validation Vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012908"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202508-2151

    Vulnerability from variot - Updated: 2025-09-01 23:24

    A vulnerability was found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /etc_ro/shadow of the component MD5 Hash Handler. Performing manipulation results in hard-coded credentials. The attack needs to be approached locally. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The exploit has been made public and could be used. of AC10 The firmware contains vulnerabilities related to the use of hard-coded passwords and vulnerabilities related to the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202508-2151",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "16.03.10.13"
          },
          {
            "model": "ac10",
            "scope": null,
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": "ac10  firmware  16.03.10.13"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012510"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-9309"
          }
        ]
      },
      "cve": "CVE-2025-9309",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "HIGH",
                "accessVector": "LOCAL",
                "authentication": "SINGLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "NONE",
                "baseScore": 1.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 1.5,
                "id": "CVE-2025-9309",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 1.0,
                "vectorString": "AV:L/AC:H/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "High",
                "accessVector": "Local",
                "authentication": "Single",
                "author": "OTHER",
                "availabilityImpact": "None",
                "baseScore": 1.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-012510",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:H/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "author": "cna@vuldb.com",
                "availabilityImpact": "NONE",
                "baseScore": 2.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.0,
                "id": "CVE-2025-9309",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.0,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.0,
                "id": "CVE-2025-9309",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.0,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-012510",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2025-9309",
                "trust": 1.0,
                "value": "Low"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2025-9309",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-012510",
                "trust": 0.8,
                "value": "High"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012510"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-9309"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-9309"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability was found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /etc_ro/shadow of the component MD5 Hash Handler. Performing manipulation results in hard-coded credentials. The attack needs to be approached locally. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The exploit has been made public and could be used. of AC10 The firmware contains vulnerabilities related to the use of hard-coded passwords and vulnerabilities related to the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-9309"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012510"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-9309",
            "trust": 2.6
          },
          {
            "db": "VULDB",
            "id": "320914",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012510",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012510"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-9309"
          }
        ]
      },
      "id": "VAR-202508-2151",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.26649562
      },
      "last_update_date": "2025-09-01T23:24:36.900000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-798",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-259",
            "trust": 1.0
          },
          {
            "problemtype": "Using hardcoded passwords (CWE-259) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Use hard-coded credentials (CWE-798) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012510"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-9309"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://github.com/xxricardo/iot-cve/blob/main/tenda/ac10/v4.0si_v16.03.10.13.md"
          },
          {
            "trust": 1.8,
            "url": "https://github.com/xxricardo/iot-cve/blob/main/tenda/ac10/v4.0si_v16.03.10.13.md#steps-to-reproduce"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?id.320914"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?submit.633585"
          },
          {
            "trust": 1.8,
            "url": "https://www.tenda.com.cn/"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.320914"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-9309"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012510"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-9309"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012510"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-9309"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-08-27T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-012510"
          },
          {
            "date": "2025-08-21T17:15:33.277000",
            "db": "NVD",
            "id": "CVE-2025-9309"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-08-27T07:06:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-012510"
          },
          {
            "date": "2025-08-25T02:02:44.787000",
            "db": "NVD",
            "id": "CVE-2025-9309"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0AC10\u00a0 Hardcoded password usage vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-012510"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202507-2538

    Vulnerability from variot - Updated: 2025-08-06 23:23

    A vulnerability classified as critical has been found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /goform/RequestsProcessLaid. The manipulation of the argument device1D leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC10 The firmware contains a buffer error vulnerability and a heap-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda AC10 is a dual-band gigabit wireless router launched by Shenzhen Jixiang Tengda Technology Co., Ltd., primarily for users with fiber optic connections of 200 Mbps and above. It supports Wi-Fi 5 technology and provides dual-band concurrent transmission. An attacker could exploit this vulnerability to cause device abnormalities or execute arbitrary code

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202507-2538",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "tenda",
            "version": "16.03.10.13"
          },
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": "ac10  firmware  16.03.10.13"
          },
          {
            "model": "ac10",
            "scope": null,
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17347"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010653"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-8178"
          }
        ]
      },
      "cve": "CVE-2025-8178",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2025-8178",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "OTHER",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-010653",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-17347",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2025-8178",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-010653",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2025-8178",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-010653",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-17347",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17347"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010653"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-8178"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability classified as critical has been found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /goform/RequestsProcessLaid. The manipulation of the argument device1D leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC10 The firmware contains a buffer error vulnerability and a heap-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda AC10 is a dual-band gigabit wireless router launched by Shenzhen Jixiang Tengda Technology Co., Ltd., primarily for users with fiber optic connections of 200 Mbps and above. It supports Wi-Fi 5 technology and provides dual-band concurrent transmission. An attacker could exploit this vulnerability to cause device abnormalities or execute arbitrary code",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-8178"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010653"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-17347"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-8178",
            "trust": 3.2
          },
          {
            "db": "VULDB",
            "id": "317592",
            "trust": 2.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010653",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-17347",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17347"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010653"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-8178"
          }
        ]
      },
      "id": "VAR-202507-2538",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17347"
          }
        ],
        "trust": 0.86649562
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17347"
          }
        ]
      },
      "last_update_date": "2025-08-06T23:23:48.289000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-122",
            "trust": 1.0
          },
          {
            "problemtype": "Buffer error (CWE-119) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Heap-based buffer overflow (CWE-122) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010653"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-8178"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://vuldb.com/?id.317592"
          },
          {
            "trust": 2.4,
            "url": "https://vuldb.com/?submit.621811"
          },
          {
            "trust": 2.4,
            "url": "https://www.tenda.com.cn/"
          },
          {
            "trust": 1.6,
            "url": "https://vuldb.com/?ctiid.317592"
          },
          {
            "trust": 1.6,
            "url": "https://www.yuque.com/ba1ma0-an29k/nnxoap/qkixf5578145igdt"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-8178"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17347"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010653"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-8178"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-17347"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010653"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-8178"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-31T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-17347"
          },
          {
            "date": "2025-08-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-010653"
          },
          {
            "date": "2025-07-26T05:15:25.920000",
            "db": "NVD",
            "id": "CVE-2025-8178"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-08-01T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-17347"
          },
          {
            "date": "2025-08-05T07:04:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-010653"
          },
          {
            "date": "2025-08-01T20:02:24.790000",
            "db": "NVD",
            "id": "CVE-2025-8178"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0AC10\u00a0 Buffer error vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-010653"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202404-1583

    Vulnerability from variot - Updated: 2025-07-20 23:20

    Tenda AC10 v4.0 V16.03.10.13 and V16.03.10.20 firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting function. Shenzhen Tenda Technology Co.,Ltd. of AC10 A stack-based buffer overflow vulnerability exists in the firmware.Information may be obtained and information may be tampered with. Tenda A18 is a dual-band Gigabit wireless router, mainly for 200M and above fiber users.

    Tenda AC10 has a buffer overflow vulnerability, which is caused by the adslPwd parameter of the formWanParameterSetting method failing to correctly verify the length of the input data. No detailed vulnerability details are currently provided

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202404-1583",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "tenda",
            "version": "16.03.10.13"
          },
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "tenda",
            "version": "16.03.10.20"
          },
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": "ac10  firmware  16.03.10.13"
          },
          {
            "model": "ac10",
            "scope": null,
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": "ac10  firmware  16.03.10.20"
          },
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "tenda",
            "version": "4.0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-16320"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020537"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-32317"
          }
        ]
      },
      "cve": "CVE-2024-32317",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 4.9,
                "id": "CNVD-2025-16320",
                "impactScore": 7.8,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:H/Au:N/C:C/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.2,
                "id": "CVE-2024-32317",
                "impactScore": 4.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "None",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2024-020537",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2024-32317",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2024-020537",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-16320",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-16320"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020537"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-32317"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda AC10 v4.0 V16.03.10.13 and V16.03.10.20 firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting function. Shenzhen Tenda Technology Co.,Ltd. of AC10 A stack-based buffer overflow vulnerability exists in the firmware.Information may be obtained and information may be tampered with. Tenda A18 is a dual-band Gigabit wireless router, mainly for 200M and above fiber users. \n\nTenda AC10 has a buffer overflow vulnerability, which is caused by the adslPwd parameter of the formWanParameterSetting method failing to correctly verify the length of the input data. No detailed vulnerability details are currently provided",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-32317"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020537"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-16320"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-32317",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020537",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-16320",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-16320"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020537"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-32317"
          }
        ]
      },
      "id": "VAR-202404-1583",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-16320"
          }
        ],
        "trust": 0.86649562
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-16320"
          }
        ]
      },
      "last_update_date": "2025-07-20T23:20:50.708000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for Tenda AC10 Buffer Overflow Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/710301"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-16320"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "Stack-based buffer overflow (CWE-121) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020537"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-32317"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://github.com/abcdefg-png/iot-vulnerable/blob/main/tenda/ac10/v16.03.10.13/formwanparametersetting.md"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-32317"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-16320"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020537"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-32317"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-16320"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020537"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-32317"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-16320"
          },
          {
            "date": "2025-03-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-020537"
          },
          {
            "date": "2024-04-17T16:15:09.073000",
            "db": "NVD",
            "id": "CVE-2024-32317"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-16320"
          },
          {
            "date": "2025-03-18T03:14:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-020537"
          },
          {
            "date": "2025-03-17T14:22:37.120000",
            "db": "NVD",
            "id": "CVE-2024-32317"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0AC10\u00a0 Stack-based buffer overflow vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-020537"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202505-2674

    Vulnerability from variot - Updated: 2025-07-17 23:27

    Tenda AC10 V1.0re_V15.03.06.46 is vulnerable to Buffer Overflow in the formSetPPTPUserList handler via the list POST parameter. Shenzhen Tenda Technology Co.,Ltd. of AC10 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC10 is a dual-band Gigabit wireless router launched by China's Tenda. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202505-2674",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "15.03.06.46"
          },
          {
            "model": "ac10",
            "scope": null,
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": "ac10  firmware  15.03.06.46"
          },
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "ac10 v1.0re v15.03.06.46",
            "scope": null,
            "trust": 0.6,
            "vendor": "tenda",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15727"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006918"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-45779"
          }
        ]
      },
      "cve": "CVE-2025-45779",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-15727",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2025-45779",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-006918",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2025-45779",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-006918",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-15727",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15727"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006918"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-45779"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda AC10 V1.0re_V15.03.06.46 is vulnerable to Buffer Overflow in the formSetPPTPUserList handler via the list POST parameter. Shenzhen Tenda Technology Co.,Ltd. of AC10 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC10 is a dual-band Gigabit wireless router launched by China\u0027s Tenda. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-45779"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006918"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-15727"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-45779",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006918",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-15727",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15727"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006918"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-45779"
          }
        ]
      },
      "id": "VAR-202505-2674",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15727"
          }
        ],
        "trust": 0.86649562
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15727"
          }
        ]
      },
      "last_update_date": "2025-07-17T23:27:17.431000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for Tenda AC10 formSetPPTPUserList buffer overflow vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/709101"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15727"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-120",
            "trust": 1.0
          },
          {
            "problemtype": "Classic buffer overflow (CWE-120) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006918"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-45779"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://github.com/sunyou-iot/iot-vul/blob/main/tendaac10/cve-2025-45779/readme.md"
          },
          {
            "trust": 1.8,
            "url": "https://www.tendacn.com/us/download/detail-3782.html"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-45779"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15727"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006918"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-45779"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-15727"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006918"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-45779"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-15727"
          },
          {
            "date": "2025-06-16T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-006918"
          },
          {
            "date": "2025-05-12T17:15:47.297000",
            "db": "NVD",
            "id": "CVE-2025-45779"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-15727"
          },
          {
            "date": "2025-06-16T01:10:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-006918"
          },
          {
            "date": "2025-06-13T13:40:52.883000",
            "db": "NVD",
            "id": "CVE-2025-45779"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0AC10\u00a0 Classic buffer overflow vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006918"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202407-3082

    Vulnerability from variot - Updated: 2025-07-09 22:54

    Buffer Overflow vulnerability in Tenda AC10 v4 US_AC10V4.0si_V16.03.10.20_cn allows a remote attacker to execute arbitrary code via the Virtual_Data_Check function in the bin/httpd component. Shenzhen Tenda Technology Co.,Ltd. of AC10 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202407-3082",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "16.03.10.20"
          },
          {
            "model": "ac10",
            "scope": null,
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": "ac10  firmware  16.03.10.20"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-025801"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-33365"
          }
        ]
      },
      "cve": "CVE-2024-33365",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.6,
                "id": "CVE-2024-33365",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2024-025801",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2024-33365",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2024-025801",
                "trust": 0.8,
                "value": "High"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-025801"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-33365"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer Overflow vulnerability in Tenda AC10 v4 US_AC10V4.0si_V16.03.10.20_cn allows a remote attacker to execute arbitrary code via the Virtual_Data_Check function in the bin/httpd component. Shenzhen Tenda Technology Co.,Ltd. of AC10 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-33365"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-025801"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-33365",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-025801",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-025801"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-33365"
          }
        ]
      },
      "id": "VAR-202407-3082",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.26649562
      },
      "last_update_date": "2025-07-09T22:54:03.496000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-120",
            "trust": 1.0
          },
          {
            "problemtype": "Classic buffer overflow (CWE-120) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-025801"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-33365"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://github.com/johnathanhuutri/cve_report/blob/master/cve-2024-33365/readme.md"
          },
          {
            "trust": 1.8,
            "url": "https://hackmd.io/%40johnathanhuutri/rjnbeitjc"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-33365"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-025801"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-33365"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-025801"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-33365"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-08T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-025801"
          },
          {
            "date": "2024-07-29T17:15:10.947000",
            "db": "NVD",
            "id": "CVE-2024-33365"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-07-08T04:53:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-025801"
          },
          {
            "date": "2025-07-07T16:09:32.320000",
            "db": "NVD",
            "id": "CVE-2024-33365"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0AC10\u00a0 Classic buffer overflow vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-025801"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202505-2213

    Vulnerability from variot - Updated: 2025-06-18 23:32

    Tenda AC10 v4 V16.03.10.13 is vulnerable to Buffer Overflow in the GetParentControlInfo function. Shenzhen Tenda Technology Co.,Ltd. of AC10 Firmware has a classic buffer overflow vulnerability.Information may be obtained and information may be tampered with. No detailed vulnerability details are currently available

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202505-2213",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "16.03.10.13"
          },
          {
            "model": "ac10",
            "scope": null,
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": "ac10  firmware  16.03.10.13"
          },
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "tenda",
            "version": "4.0"
          },
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "tenda",
            "version": "v16.03.10.13"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-10595"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006919"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-44175"
          }
        ]
      },
      "cve": "CVE-2025-44175",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-10595",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2025-44175",
                "impactScore": 2.5,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "None",
                "baseScore": 5.4,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-006919",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2025-44175",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-006919",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-10595",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-10595"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006919"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-44175"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda AC10 v4 V16.03.10.13 is vulnerable to Buffer Overflow in the GetParentControlInfo function. Shenzhen Tenda Technology Co.,Ltd. of AC10 Firmware has a classic buffer overflow vulnerability.Information may be obtained and information may be tampered with. No detailed vulnerability details are currently available",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-44175"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006919"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-10595"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-44175",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006919",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-10595",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-10595"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006919"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-44175"
          }
        ]
      },
      "id": "VAR-202505-2213",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-10595"
          }
        ],
        "trust": 0.86649562
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-10595"
          }
        ]
      },
      "last_update_date": "2025-06-18T23:32:52.501000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-120",
            "trust": 1.0
          },
          {
            "problemtype": "Classic buffer overflow (CWE-120) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006919"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-44175"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://github.com/xubeining/cve_report/blob/main/the%20router%20tenda%20ac10%20v4%20v16.03.10.13%20of%20shenzhen%20jixiang%20tenda%20technology%20co.%2c%20ltd.%20has%20a%20heap%20overflow%20vulnerability.md"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-44175"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-10595"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006919"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-44175"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-10595"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006919"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-44175"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-05-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-10595"
          },
          {
            "date": "2025-06-16T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-006919"
          },
          {
            "date": "2025-05-12T18:15:45.153000",
            "db": "NVD",
            "id": "CVE-2025-44175"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-05-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-10595"
          },
          {
            "date": "2025-06-16T01:11:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-006919"
          },
          {
            "date": "2025-06-13T13:39:01.420000",
            "db": "NVD",
            "id": "CVE-2025-44175"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0AC10\u00a0 Classic buffer overflow vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006919"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202506-0239

    Vulnerability from variot - Updated: 2025-06-15 19:34

    A vulnerability, which was classified as critical, was found in Tenda AC10 up to 15.03.06.47. This affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg of the component HTTP Handler. The manipulation of the argument startIp/endIp leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC10 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202506-0239",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ac10",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "15.03.06.47"
          },
          {
            "model": "ac10",
            "scope": null,
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "ac10",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "tenda",
            "version": "ac10  firmware  15.03.06.47  and earlier"
          },
          {
            "model": "ac10",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "tenda",
            "version": "\u003c=15.03.06.47"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12406"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006491"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5629"
          }
        ]
      },
      "cve": "CVE-2025-5629",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2025-5629",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "OTHER",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-006491",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-12406",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2025-5629",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2025-5629",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-006491",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2025-5629",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2025-5629",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-006491",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-12406",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12406"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006491"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5629"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5629"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability, which was classified as critical, was found in Tenda AC10 up to 15.03.06.47. This affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg of the component HTTP Handler. The manipulation of the argument startIp/endIp leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC10 Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-5629"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006491"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-12406"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-5629",
            "trust": 3.2
          },
          {
            "db": "VULDB",
            "id": "311115",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006491",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-12406",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12406"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006491"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5629"
          }
        ]
      },
      "id": "VAR-202506-0239",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12406"
          }
        ],
        "trust": 0.86649562
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12406"
          }
        ]
      },
      "last_update_date": "2025-06-15T19:34:10.715000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-120",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-119",
            "trust": 1.0
          },
          {
            "problemtype": "Buffer error (CWE-119) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Classic buffer overflow (CWE-120) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Classic buffer overflow (CWE-120) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006491"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5629"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?id.311115"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?submit.589424"
          },
          {
            "trust": 1.8,
            "url": "https://www.tenda.com.cn/"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-5629"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/pfwqdxwdd/cve/blob/main/4.md"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.311115"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12406"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006491"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5629"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-12406"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006491"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-5629"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-12406"
          },
          {
            "date": "2025-06-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-006491"
          },
          {
            "date": "2025-06-05T03:15:26.960000",
            "db": "NVD",
            "id": "CVE-2025-5629"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-06-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-12406"
          },
          {
            "date": "2025-06-10T00:32:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-006491"
          },
          {
            "date": "2025-06-06T15:15:34.450000",
            "db": "NVD",
            "id": "CVE-2025-5629"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0AC10\u00a0 Classic buffer overflow vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-006491"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202311-2507

    Vulnerability from variot - Updated: 2025-06-05 23:10

    Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the firewallEn parameter in the function SetFirewallCfg. Tenda AC10 is a wireless router made by China Tenda Company.

    Tenda AC10 has a buffer overflow vulnerability. This vulnerability is caused by the failure of the firewallEn parameter of the SetFirewallCfg function to correctly verify the length of the input data. A remote attacker can use this vulnerability to execute arbitrary code on the system or cause a denial of service attack

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202311-2507",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "16.03.10.13"
          },
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "tenda",
            "version": "v4.0v16.03.10.13"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-06276"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-45481"
          }
        ]
      },
      "cve": "CVE-2023-45481",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2024-06276",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2023-45481",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-45481",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2023-45481",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2024-06276",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-06276"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-45481"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-45481"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the firewallEn parameter in the function SetFirewallCfg. Tenda AC10 is a wireless router made by China Tenda Company. \n\r\n\r\nTenda AC10 has a buffer overflow vulnerability. This vulnerability is caused by the failure of the firewallEn parameter of the SetFirewallCfg function to correctly verify the length of the input data. A remote attacker can use this vulnerability to execute arbitrary code on the system or cause a denial of service attack",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-45481"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-06276"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-45481",
            "trust": 1.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-06276",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-06276"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-45481"
          }
        ]
      },
      "id": "VAR-202311-2507",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-06276"
          }
        ],
        "trust": 0.86649562
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-06276"
          }
        ]
      },
      "last_update_date": "2025-06-05T23:10:19.744000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for Tenda AC10 SetFirewallCfg function buffer overflow vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/521566"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-06276"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-45481"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://github.com/l3m0nade/iotvul/blob/master/assets/setfirewallcfg_code.png"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/l3m0nade/iotvul/blob/master/setfirewallcfg.md"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-06276"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-45481"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-06276"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-45481"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-01-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-06276"
          },
          {
            "date": "2023-11-29T06:15:46.660000",
            "db": "NVD",
            "id": "CVE-2023-45481"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-01-29T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-06276"
          },
          {
            "date": "2025-06-05T14:15:28.903000",
            "db": "NVD",
            "id": "CVE-2023-45481"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda AC10 SetFirewallCfg function buffer overflow vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-06276"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202411-0858

    Vulnerability from variot - Updated: 2025-05-30 23:27

    A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. Affected by this issue is the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC10 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. An attacker can exploit this vulnerability to execute arbitrary code

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202411-0858",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "tenda",
            "version": "16.03.10.13"
          },
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "ac10",
            "scope": null,
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": "ac10  firmware  16.03.10.13"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-11096"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013166"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11248"
          }
        ]
      },
      "cve": "CVE-2024-11248",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2024-11248",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "OTHER",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2024-013166",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-11096",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2024-11248",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2024-013166",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2024-11248",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2024-11248",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2024-013166",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-11096",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-11096"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013166"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11248"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11248"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. Affected by this issue is the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC10 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. An attacker can exploit this vulnerability to execute arbitrary code",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-11248"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013166"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-11096"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-11248",
            "trust": 3.2
          },
          {
            "db": "VULDB",
            "id": "284684",
            "trust": 1.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013166",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-11096",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-11096"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013166"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11248"
          }
        ]
      },
      "id": "VAR-202411-0858",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-11096"
          }
        ],
        "trust": 0.86649562
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-11096"
          }
        ]
      },
      "last_update_date": "2025-05-30T23:27:01.716000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for Tenda AC10 Buffer Overflow Vulnerability (CNVD-2025-11096)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/691491"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-11096"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "Buffer error (CWE-119) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Stack-based buffer overflow (CWE-121) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013166"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11248"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://tasty-foxtrot-3a8.notion.site/tenda-ac10v4-formsetreboottimer-stack-overflow-13d0448e619580bf8ab1df7cfb6c018b"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?submit.443204"
          },
          {
            "trust": 1.8,
            "url": "https://www.tenda.com.cn/"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-11248"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.284684"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?id.284684"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-11096"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013166"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11248"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-11096"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013166"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11248"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-05-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-11096"
          },
          {
            "date": "2024-11-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-013166"
          },
          {
            "date": "2024-11-15T17:15:19.580000",
            "db": "NVD",
            "id": "CVE-2024-11248"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-05-29T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-11096"
          },
          {
            "date": "2024-11-21T01:42:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-013166"
          },
          {
            "date": "2024-11-19T21:51:57.467000",
            "db": "NVD",
            "id": "CVE-2024-11248"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0AC10\u00a0 Buffer error vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-013166"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202501-1425

    Vulnerability from variot - Updated: 2025-05-30 23:22

    A vulnerability, which was classified as critical, has been found in Tenda AC8, AC10 and AC18 16.03.10.20. Affected by this issue is some unknown functionality of the file /goform/telnet of the component HTTP Request Handler. The manipulation leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC8 firmware, AC10 firmware, AC18 The firmware has injection vulnerabilities, command injection vulnerabilities, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the file /goform/telnet failing to properly filter special characters and commands in the constructed command. Attackers can exploit this vulnerability to cause arbitrary command execution

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202501-1425",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "tenda",
            "version": "16.03.10.20"
          },
          {
            "model": "ac8",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "16.03.10.20"
          },
          {
            "model": "ac18",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "16.03.10.20"
          },
          {
            "model": "ac10",
            "scope": null,
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "ac18",
            "scope": null,
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "ac8",
            "scope": null,
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-02533"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-005832"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-0528"
          }
        ]
      },
      "cve": "CVE-2025-0528",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "MULTIPLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.4,
                "id": "CVE-2025-0528",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Multiple",
                "author": "OTHER",
                "availabilityImpact": "Complete",
                "baseScore": 8.3,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-005832",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "MULTIPLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.4,
                "id": "CNVD-2025-02533",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2025-0528",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-005832",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2025-0528",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2025-0528",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-005832",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-02533",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-02533"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-005832"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-0528"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-0528"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability, which was classified as critical, has been found in Tenda AC8, AC10 and AC18 16.03.10.20. Affected by this issue is some unknown functionality of the file /goform/telnet of the component HTTP Request Handler. The manipulation leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC8 firmware, AC10 firmware, AC18 The firmware has injection vulnerabilities, command injection vulnerabilities, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the file /goform/telnet failing to properly filter special characters and commands in the constructed command. Attackers can exploit this vulnerability to cause arbitrary command execution",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-0528"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-005832"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-02533"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-0528",
            "trust": 3.2
          },
          {
            "db": "VULDB",
            "id": "292412",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-005832",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-02533",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-02533"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-005832"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-0528"
          }
        ]
      },
      "id": "VAR-202501-1425",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-02533"
          }
        ],
        "trust": 0.9162093266666667
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-02533"
          }
        ]
      },
      "last_update_date": "2025-05-30T23:22:03.721000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-77",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-74",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "injection (CWE-74) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Command injection (CWE-77) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-005832"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-0528"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://github.com/pr0b1em/iot/blob/master/tendaac10v16.03.10.20telnet.md"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?id.292412"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?submit.478175"
          },
          {
            "trust": 1.8,
            "url": "https://www.tenda.com.cn/"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-0528"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.292412"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-02533"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-005832"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-0528"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-02533"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-005832"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-0528"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-01-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-02533"
          },
          {
            "date": "2025-05-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-005832"
          },
          {
            "date": "2025-01-17T15:15:12.430000",
            "db": "NVD",
            "id": "CVE-2025-0528"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-02-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-02533"
          },
          {
            "date": "2025-05-29T02:39:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-005832"
          },
          {
            "date": "2025-05-28T14:42:21.953000",
            "db": "NVD",
            "id": "CVE-2025-0528"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural \u00a0Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 Product Injection Vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-005832"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202411-0498

    Vulnerability from variot - Updated: 2025-05-30 19:34

    A vulnerability classified as critical was found in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function FUN_0044db3c of the file /goform/fast_setting_wifi_set. The manipulation of the argument timeZone leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC10 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC10 is an 11ac dual-band router designed for 200M and above fiber homes. Attackers can exploit this vulnerability to launch targeted attacks on the target and endanger the security of the site system

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202411-0498",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "tenda",
            "version": "16.03.10.13"
          },
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": "ac10  firmware  16.03.10.13"
          },
          {
            "model": "ac10",
            "scope": null,
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-11097"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-012663"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11061"
          }
        ]
      },
      "cve": "CVE-2024-11061",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2024-11061",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "OTHER",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2024-012663",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-11097",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2024-11061",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2024-012663",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2024-11061",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2024-11061",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2024-012663",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-11097",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-11097"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-012663"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11061"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11061"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability classified as critical was found in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function FUN_0044db3c of the file /goform/fast_setting_wifi_set. The manipulation of the argument timeZone leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC10 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC10 is an 11ac dual-band router designed for 200M and above fiber homes. Attackers can exploit this vulnerability to launch targeted attacks on the target and endanger the security of the site system",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-11061"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-012663"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-11097"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-11061",
            "trust": 3.2
          },
          {
            "db": "VULDB",
            "id": "283807",
            "trust": 1.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-012663",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-11097",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-11097"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-012663"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11061"
          }
        ]
      },
      "id": "VAR-202411-0498",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-11097"
          }
        ],
        "trust": 0.86649562
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-11097"
          }
        ]
      },
      "last_update_date": "2025-05-30T19:34:46.872000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for Tenda AC10 stack buffer overflow vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/691401"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-11097"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-121",
            "trust": 1.0
          },
          {
            "problemtype": "Buffer error (CWE-119) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Stack-based buffer overflow (CWE-121) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-012663"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11061"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://tasty-foxtrot-3a8.notion.site/tenda-ac10v4-fun_0044db3c-stack-overflow-13a0448e619580ae96fee2899545e159"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?submit.440825"
          },
          {
            "trust": 1.8,
            "url": "https://www.tenda.com.cn/"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-11061"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.283807"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?id.283807"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-11097"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-012663"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11061"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-11097"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-012663"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-11061"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-05-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-11097"
          },
          {
            "date": "2024-11-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-012663"
          },
          {
            "date": "2024-11-11T01:15:04.523000",
            "db": "NVD",
            "id": "CVE-2024-11061"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-05-29T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-11097"
          },
          {
            "date": "2024-11-15T02:32:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-012663"
          },
          {
            "date": "2024-11-13T23:04:25.633000",
            "db": "NVD",
            "id": "CVE-2024-11061"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0AC10\u00a0 Buffer error vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-012663"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202505-1772

    Vulnerability from variot - Updated: 2025-05-29 23:47

    A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. Affected by this issue is some unknown functionality of the file /goform/UserCongratulationsExec. The manipulation of the argument getuid leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC10 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state.

    Tenda AC10 has a buffer overflow vulnerability, which is caused by the parameter getuid in the file /goform/UserCongratulationsExec failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202505-1772",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "tenda",
            "version": "16.03.10.13"
          },
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "ac10",
            "scope": null,
            "trust": 0.8,
            "vendor": "tenda",
            "version": null
          },
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "tenda",
            "version": "ac10  firmware  16.03.10.13"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-10591"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-005769"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4896"
          }
        ]
      },
      "cve": "CVE-2025-4896",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2025-4896",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "OTHER",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-005769",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2025-10591",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2025-4896",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2025-4896",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-005769",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2025-4896",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2025-4896",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-005769",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-10591",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-10591"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-005769"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4896"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4896"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. Affected by this issue is some unknown functionality of the file /goform/UserCongratulationsExec. The manipulation of the argument getuid leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Shenzhen Tenda Technology Co.,Ltd. of AC10 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. \n\nTenda AC10 has a buffer overflow vulnerability, which is caused by the parameter getuid in the file /goform/UserCongratulationsExec failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-4896"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-005769"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-10591"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-4896",
            "trust": 3.2
          },
          {
            "db": "VULDB",
            "id": "309452",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-005769",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-10591",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-10591"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-005769"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4896"
          }
        ]
      },
      "id": "VAR-202505-1772",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-10591"
          }
        ],
        "trust": 0.86649562
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-10591"
          }
        ]
      },
      "last_update_date": "2025-05-29T23:47:33.600000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-120",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-119",
            "trust": 1.0
          },
          {
            "problemtype": "Buffer error (CWE-119) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Classic buffer overflow (CWE-120) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Classic buffer overflow (CWE-120) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-005769"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4896"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?id.309452"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?submit.578034"
          },
          {
            "trust": 1.8,
            "url": "https://www.tenda.com.cn/"
          },
          {
            "trust": 1.6,
            "url": "https://github.com/byxs0x0/cve2/blob/main/tenda%20ac10.md"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.309452"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-4896"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-10591"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-005769"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4896"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-10591"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-005769"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-4896"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-05-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-10591"
          },
          {
            "date": "2025-05-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-005769"
          },
          {
            "date": "2025-05-18T21:15:19.873000",
            "db": "NVD",
            "id": "CVE-2025-4896"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-05-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-10591"
          },
          {
            "date": "2025-05-28T05:48:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-005769"
          },
          {
            "date": "2025-05-27T16:30:13.490000",
            "db": "NVD",
            "id": "CVE-2025-4896"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Shenzhen\u00a0Tenda\u00a0Technology\u00a0Co.,Ltd.\u00a0 of \u00a0AC10\u00a0 Buffer error vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-005769"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202210-1789

    Vulnerability from variot - Updated: 2025-05-17 03:59

    Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formWifiWpsStart.

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202210-1789",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "15.03.06.23"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-42170"
          }
        ]
      },
      "cve": "CVE-2022-42170",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-42170",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-42170",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-42170",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202210-1092",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1092"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-42170"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-42170"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formWifiWpsStart.",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-42170"
          }
        ],
        "trust": 1.0
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-42170",
            "trust": 1.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1092",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1092"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-42170"
          }
        ]
      },
      "id": "VAR-202210-1789",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.26649562
      },
      "last_update_date": "2025-05-17T03:59:01.307000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-42170"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://github.com/z1r00/iot_vul/blob/main/tenda/ac10/formwifiwpsstart/readme.md"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-42170/"
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1092"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-42170"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1092"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-42170"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202210-1092"
          },
          {
            "date": "2022-10-17T14:15:14.167000",
            "db": "NVD",
            "id": "CVE-2022-42170"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-10-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202210-1092"
          },
          {
            "date": "2025-05-15T16:15:30.640000",
            "db": "NVD",
            "id": "CVE-2022-42170"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1092"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda AC10 Buffer error vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1092"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1092"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202210-1127

    Vulnerability from variot - Updated: 2025-05-17 03:54

    Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/saveParentControlInfo.

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202210-1127",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "15.03.06.23"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-42171"
          }
        ]
      },
      "cve": "CVE-2022-42171",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-42171",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-42171",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-42171",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202210-1090",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1090"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-42171"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-42171"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/saveParentControlInfo.",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-42171"
          }
        ],
        "trust": 1.0
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-42171",
            "trust": 1.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1090",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1090"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-42171"
          }
        ]
      },
      "id": "VAR-202210-1127",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.26649562
      },
      "last_update_date": "2025-05-17T03:54:50.541000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-42171"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://github.com/z1r00/iot_vul/blob/main/tenda/ac10/saveparentcontrolinfo/readme.md"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-42171/"
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1090"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-42171"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1090"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-42171"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202210-1090"
          },
          {
            "date": "2022-10-17T14:15:14.323000",
            "db": "NVD",
            "id": "CVE-2022-42171"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-10-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202210-1090"
          },
          {
            "date": "2025-05-15T16:15:30.850000",
            "db": "NVD",
            "id": "CVE-2022-42171"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1090"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda AC10 Buffer error vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1090"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1090"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202210-1088

    Vulnerability from variot - Updated: 2025-05-17 03:50

    Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromNatStaticSetting.

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202210-1088",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "15.03.06.23"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-42163"
          }
        ]
      },
      "cve": "CVE-2022-42163",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-42163",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-42163",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-42163",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202210-1068",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1068"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-42163"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-42163"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromNatStaticSetting.",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-42163"
          }
        ],
        "trust": 1.0
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-42163",
            "trust": 1.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1068",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1068"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-42163"
          }
        ]
      },
      "id": "VAR-202210-1088",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.26649562
      },
      "last_update_date": "2025-05-17T03:50:00.969000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-42163"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://github.com/z1r00/iot_vul/blob/main/tenda/ac10/fromnatstaticsetting/readme.md"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-42163/"
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1068"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-42163"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1068"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-42163"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202210-1068"
          },
          {
            "date": "2022-10-17T13:15:10.700000",
            "db": "NVD",
            "id": "CVE-2022-42163"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-10-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202210-1068"
          },
          {
            "date": "2025-05-15T17:15:46.110000",
            "db": "NVD",
            "id": "CVE-2022-42163"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1068"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda AC10 Buffer error vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1068"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1068"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202210-1085

    Vulnerability from variot - Updated: 2025-05-15 23:20

    Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromSetIpMacBind.

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202210-1085",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "15.03.06.23"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-42168"
          }
        ]
      },
      "cve": "CVE-2022-42168",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-42168",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-42168",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-42168",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202210-1099",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1099"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-42168"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-42168"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromSetIpMacBind.",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-42168"
          }
        ],
        "trust": 1.0
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-42168",
            "trust": 1.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1099",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1099"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-42168"
          }
        ]
      },
      "id": "VAR-202210-1085",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.26649562
      },
      "last_update_date": "2025-05-15T23:20:53.571000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-42168"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://github.com/z1r00/iot_vul/blob/main/tenda/ac10/fromsetipmacbind/readme.md"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-42168/"
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1099"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-42168"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1099"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-42168"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202210-1099"
          },
          {
            "date": "2022-10-17T14:15:14.020000",
            "db": "NVD",
            "id": "CVE-2022-42168"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-10-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202210-1099"
          },
          {
            "date": "2025-05-15T16:15:30.247000",
            "db": "NVD",
            "id": "CVE-2022-42168"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1099"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda AC10 Buffer error vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1099"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1099"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202210-1217

    Vulnerability from variot - Updated: 2025-05-15 23:11

    Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetFirewallCfg.

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202210-1217",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "15.03.06.23"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-42167"
          }
        ]
      },
      "cve": "CVE-2022-42167",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-42167",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-42167",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-42167",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202210-1095",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1095"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-42167"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-42167"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetFirewallCfg.",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-42167"
          }
        ],
        "trust": 1.0
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-42167",
            "trust": 1.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1095",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1095"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-42167"
          }
        ]
      },
      "id": "VAR-202210-1217",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.26649562
      },
      "last_update_date": "2025-05-15T23:11:59.569000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-42167"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://github.com/z1r00/iot_vul/blob/main/tenda/ac10/formsetfirewallcfg/readme.md"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-42167/"
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1095"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-42167"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1095"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-42167"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202210-1095"
          },
          {
            "date": "2022-10-17T14:15:13.963000",
            "db": "NVD",
            "id": "CVE-2022-42167"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-10-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202210-1095"
          },
          {
            "date": "2025-05-15T16:15:30.073000",
            "db": "NVD",
            "id": "CVE-2022-42167"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1095"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda AC10 Buffer error vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1095"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1095"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202210-1170

    Vulnerability from variot - Updated: 2025-05-15 22:56

    Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/addWifiMacFilter. Tenda AC10 is a wireless router. An attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system, or cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202210-1170",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "15.03.06.23"
          },
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "tenda",
            "version": "v15.03.06.23"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-50810"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-42169"
          }
        ]
      },
      "cve": "CVE-2022-42169",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2023-50810",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-42169",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-42169",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-42169",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-50810",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202210-1093",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-50810"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1093"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-42169"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-42169"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/addWifiMacFilter. Tenda AC10 is a wireless router. An attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system, or cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-42169"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-50810"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-42169",
            "trust": 2.2
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-50810",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1093",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-50810"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1093"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-42169"
          }
        ]
      },
      "id": "VAR-202210-1170",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-50810"
          }
        ],
        "trust": 0.86649562
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-50810"
          }
        ]
      },
      "last_update_date": "2025-05-15T22:56:20.754000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-42169"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://github.com/z1r00/iot_vul/blob/main/tenda/ac10/addwifimacfilter/readme.md"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42169"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-42169/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-50810"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1093"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-42169"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-50810"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1093"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-42169"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-06-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-50810"
          },
          {
            "date": "2022-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202210-1093"
          },
          {
            "date": "2022-10-17T14:15:14.077000",
            "db": "NVD",
            "id": "CVE-2022-42169"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-06-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-50810"
          },
          {
            "date": "2022-10-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202210-1093"
          },
          {
            "date": "2025-05-15T16:15:30.420000",
            "db": "NVD",
            "id": "CVE-2022-42169"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1093"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda AC10 Stack Buffer Overflow Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-50810"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1093"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202210-1219

    Vulnerability from variot - Updated: 2025-05-15 22:49

    Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetClientState. Tenda AC10 is a wireless router. An attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system, or cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202210-1219",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "15.03.06.23"
          },
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "tenda",
            "version": "v15.03.06.23"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-50811"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-42164"
          }
        ]
      },
      "cve": "CVE-2022-42164",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2023-50811",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-42164",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-42164",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-42164",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-50811",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202210-1066",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-50811"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1066"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-42164"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-42164"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetClientState. Tenda AC10 is a wireless router. An attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system, or cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-42164"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-50811"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-42164",
            "trust": 2.2
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-50811",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1066",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-50811"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1066"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-42164"
          }
        ]
      },
      "id": "VAR-202210-1219",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-50811"
          }
        ],
        "trust": 0.86649562
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-50811"
          }
        ]
      },
      "last_update_date": "2025-05-15T22:49:16.569000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-42164"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://github.com/z1r00/iot_vul/blob/main/tenda/ac10/formsetclientstate/readme.md"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42164"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-42164/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-50811"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1066"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-42164"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-50811"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1066"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-42164"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-06-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-50811"
          },
          {
            "date": "2022-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202210-1066"
          },
          {
            "date": "2022-10-17T13:15:10.747000",
            "db": "NVD",
            "id": "CVE-2022-42164"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-06-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-50811"
          },
          {
            "date": "2022-10-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202210-1066"
          },
          {
            "date": "2025-05-15T16:15:29.893000",
            "db": "NVD",
            "id": "CVE-2022-42164"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1066"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda AC10 Stack Buffer Overflow Vulnerability (CNVD-2023-50811)",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-50811"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1066"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202210-1138

    Vulnerability from variot - Updated: 2025-05-13 23:22

    Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetSpeedWan.

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202210-1138",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "15.03.06.23"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-42166"
          }
        ]
      },
      "cve": "CVE-2022-42166",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-42166",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-42166",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-42166",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202210-1096",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1096"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-42166"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-42166"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetSpeedWan.",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-42166"
          }
        ],
        "trust": 1.0
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-42166",
            "trust": 1.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1096",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1096"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-42166"
          }
        ]
      },
      "id": "VAR-202210-1138",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.26649562
      },
      "last_update_date": "2025-05-13T23:22:01.368000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-42166"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://github.com/z1r00/iot_vul/blob/main/tenda/ac10/formsetspeedwan/readme.md"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-42166/"
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1096"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-42166"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1096"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-42166"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202210-1096"
          },
          {
            "date": "2022-10-17T14:15:13.900000",
            "db": "NVD",
            "id": "CVE-2022-42166"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-10-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202210-1096"
          },
          {
            "date": "2025-05-13T16:15:23.030000",
            "db": "NVD",
            "id": "CVE-2022-42166"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1096"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda AC10 Buffer error vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1096"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1096"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202210-1110

    Vulnerability from variot - Updated: 2025-05-13 22:59

    Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetDeviceName. Tenda AC10 is a wireless router. Attackers can exploit this vulnerability to overflow the buffer and execute arbitrary code on the system or cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202210-1110",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "tenda",
            "version": "15.03.06.23"
          },
          {
            "model": "ac10",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "tenda",
            "version": "v15.03.06.23"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-48102"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-42165"
          }
        ]
      },
      "cve": "CVE-2022-42165",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2024-48102",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2022-42165",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-42165",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2022-42165",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2024-48102",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202210-1065",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-48102"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1065"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-42165"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-42165"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetDeviceName. Tenda AC10 is a wireless router. Attackers can exploit this vulnerability to overflow the buffer and execute arbitrary code on the system or cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-42165"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-48102"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-42165",
            "trust": 2.2
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-48102",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1065",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-48102"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1065"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-42165"
          }
        ]
      },
      "id": "VAR-202210-1110",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-48102"
          }
        ],
        "trust": 0.86649562
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-48102"
          }
        ]
      },
      "last_update_date": "2025-05-13T22:59:15.588000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-42165"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://github.com/z1r00/iot_vul/blob/main/tenda/ac10/formsetdevicename/readme.md"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-42165"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-42165/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-48102"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1065"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-42165"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-48102"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1065"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-42165"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-12-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-48102"
          },
          {
            "date": "2022-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202210-1065"
          },
          {
            "date": "2022-10-17T13:15:10.797000",
            "db": "NVD",
            "id": "CVE-2022-42165"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-12-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-48102"
          },
          {
            "date": "2022-10-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202210-1065"
          },
          {
            "date": "2025-05-13T15:15:50.450000",
            "db": "NVD",
            "id": "CVE-2022-42165"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1065"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Tenda AC10 formSetDeviceName function stack overflow vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-48102"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202210-1065"
          }
        ],
        "trust": 0.6
      }
    }