Search

Find a vulnerability

Search criteria

    88 vulnerabilities found for ac1206_firmware by tenda

    CVE-2026-0581 (GCVE-0-2026-0581)

    Vulnerability from nvd – Published: 2026-01-05 08:02 – Updated: 2026-02-23 08:13
    VLAI
    Title
    Tenda AC1206 httpd BehaviorManager formBehaviorManager command injection
    Summary
    A vulnerability was determined in Tenda AC1206 15.03.06.23. Affected by this issue is the function formBehaviorManager of the file /goform/BehaviorManager of the component httpd. Executing a manipulation of the argument modulename/option/data/switch can lead to command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.339473 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.339473 signaturepermissions-required
    https://vuldb.com/?submit.731193 third-party-advisory
    https://github.com/ccc-iotsec/cve-/blob/Tenda/Ten… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda AC1206 Affected: 15.03.06.23
        cpe:2.3:o:tenda:ac1206_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    2160288544 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0581",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-05T21:12:38.055555Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-05T21:12:48.557Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:tenda:ac1206_firmware:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "httpd"
              ],
              "product": "AC1206",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "15.03.06.23"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "2160288544 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was determined in Tenda AC1206 15.03.06.23. Affected by this issue is the function formBehaviorManager of the file /goform/BehaviorManager of the component httpd. Executing a manipulation of the argument modulename/option/data/switch can lead to command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-23T08:13:25.661Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-339473 | Tenda AC1206 httpd BehaviorManager formBehaviorManager command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.339473"
            },
            {
              "name": "VDB-339473 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.339473"
            },
            {
              "name": "Submit #731193 | Tenda AC1206 AC1206V1.0RTL_V15.03.06.23 Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.731193"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/ccc-iotsec/cve-/blob/Tenda/Tenda%20AC1206%E5%91%BD%E4%BB%A4%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-01-04T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-01-04T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-01-12T19:19:00.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda AC1206 httpd BehaviorManager formBehaviorManager command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-0581",
        "datePublished": "2026-01-05T08:02:08.449Z",
        "dateReserved": "2026-01-04T06:49:02.040Z",
        "dateUpdated": "2026-02-23T08:13:25.661Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-10432 (GCVE-0-2025-10432)

    Vulnerability from nvd – Published: 2025-09-15 07:32 – Updated: 2025-09-15 15:38
    VLAI
    Title
    Tenda AC1206 HTTP Request AdvSetMacMtuWa check_param_changed stack-based overflow
    Summary
    A vulnerability was found in Tenda AC1206 15.03.06.23. This vulnerability affects the function check_param_changed of the file /goform/AdvSetMacMtuWa of the component HTTP Request Handler. Performing manipulation of the argument wanMTU results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.323866 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.323866 signaturepermissions-required
    https://vuldb.com/?submit.647527 third-party-advisory
    https://github.com/M4st3rYi/IoTVulPocs/blob/main/… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda AC1206 Affected: 15.03.06.23
    Create a notification for this product.
    Credits
    nevv of Red-Shield Security Lab (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-10432",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-15T15:36:47.504619Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-15T15:38:03.857Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "HTTP Request Handler"
              ],
              "product": "AC1206",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "15.03.06.23"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "nevv of Red-Shield Security Lab (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda AC1206 15.03.06.23. This vulnerability affects the function check_param_changed of the file /goform/AdvSetMacMtuWa of the component HTTP Request Handler. Performing manipulation of the argument wanMTU results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used."
            },
            {
              "lang": "de",
              "value": "In Tenda AC1206 15.03.06.23 wurde eine Schwachstelle gefunden. Es geht um die Funktion check_param_changed der Datei /goform/AdvSetMacMtuWa der Komponente HTTP Request Handler. Durch Manipulation des Arguments wanMTU mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 10,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-15T07:32:07.178Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-323866 | Tenda AC1206 HTTP Request AdvSetMacMtuWa check_param_changed stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.323866"
            },
            {
              "name": "VDB-323866 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.323866"
            },
            {
              "name": "Submit #647527 | Tenda AC1206 AC1206V1.0RTL_V15.03.06.23 Stack-based Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.647527"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/M4st3rYi/IoTVulPocs/blob/main/Tenda/AC1206/fromAdvSetMacMtuWan.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-09-14T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-09-14T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-09-14T12:22:40.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda AC1206 HTTP Request AdvSetMacMtuWa check_param_changed stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-10432",
        "datePublished": "2025-09-15T07:32:07.178Z",
        "dateReserved": "2025-09-14T10:17:37.510Z",
        "dateUpdated": "2025-09-15T15:38:03.857Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-9523 (GCVE-0-2025-9523)

    Vulnerability from nvd – Published: 2025-08-27 10:32 – Updated: 2025-08-27 13:22
    VLAI
    Title
    Tenda AC1206 GetParentControlInfo stack-based overflow
    Summary
    A vulnerability was detected in Tenda AC1206 15.03.06.23. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.321541 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.321541 signaturepermissions-required
    https://vuldb.com/?submit.634309 third-party-advisory
    https://github.com/XXRicardo/iot-cve/blob/main/Te… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda AC1206 Affected: 15.03.06.23
    Create a notification for this product.
    Credits
    lxyilu (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9523",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-27T13:21:42.471514Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-27T13:22:13.925Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AC1206",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "15.03.06.23"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "lxyilu (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in Tenda AC1206 15.03.06.23. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in Tenda AC1206 15.03.06.23 entdeckt. Betroffen ist die Funktion GetParentControlInfo der Datei /goform/GetParentControlInfo. Durch die Manipulation des Arguments mac mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Es ist m\u00f6glich, den Angriff aus der Ferne durchzuf\u00fchren. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 10,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-27T10:32:07.976Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-321541 | Tenda AC1206 GetParentControlInfo stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.321541"
            },
            {
              "name": "VDB-321541 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.321541"
            },
            {
              "name": "Submit #634309 | Tenda Tenda Wi-Fi 5 Router AC1206 AC1206V1.0RTL_V15.03.06.23 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.634309"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/XXRicardo/iot-cve/blob/main/Tenda/AC1206/AC1206V1.0RTL_V15.03.06.23.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-08-27T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-08-27T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-08-27T07:08:38.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda AC1206 GetParentControlInfo stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-9523",
        "datePublished": "2025-08-27T10:32:07.976Z",
        "dateReserved": "2025-08-27T05:03:24.435Z",
        "dateUpdated": "2025-08-27T13:22:13.925Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-7544 (GCVE-0-2025-7544)

    Vulnerability from nvd – Published: 2025-07-13 21:32 – Updated: 2025-07-15 19:53
    Title
    Tenda AC1206 setMacFilterCfg formSetMacFilterCfg stack-based overflow
    Summary
    A vulnerability was found in Tenda AC1206 15.03.06.23. It has been rated as critical. This issue affects the function formSetMacFilterCfg of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Tenda AC1206 Affected: 15.03.06.23
    Create a notification for this product.
    Credits
    panda_0x1 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7544",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-14T16:43:46.557917Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-15T19:53:10.386Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/panda666-888/vuls/blob/main/tenda/ac1206/formSetMacFilterCfg.md"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AC1206",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "15.03.06.23"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "panda_0x1 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda AC1206 15.03.06.23. It has been rated as critical. This issue affects the function formSetMacFilterCfg of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in Tenda AC1206 15.03.06.23 ausgemacht. Sie wurde als kritisch eingestuft. Es geht hierbei um die Funktion formSetMacFilterCfg der Datei /goform/setMacFilterCfg. Mit der Manipulation des Arguments deviceList mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-13T21:32:07.187Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-316241 | Tenda AC1206 setMacFilterCfg formSetMacFilterCfg stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.316241"
            },
            {
              "name": "VDB-316241 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.316241"
            },
            {
              "name": "Submit #614089 | Tenda AC1206 15.03.06.23 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.614089"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/tenda/ac1206/formSetMacFilterCfg.md"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/tenda/ac1206/formSetMacFilterCfg.md#poc"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-07-12T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-07-12T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-07-12T15:35:54.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda AC1206 setMacFilterCfg formSetMacFilterCfg stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-7544",
        "datePublished": "2025-07-13T21:32:07.187Z",
        "dateReserved": "2025-07-12T13:30:51.339Z",
        "dateUpdated": "2025-07-15T19:53:10.386Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-4299 (GCVE-0-2025-4299)

    Vulnerability from nvd – Published: 2025-05-06 00:00 – Updated: 2025-05-06 13:40
    VLAI
    Title
    Tenda AC1206 openSchedWifi setSchedWifi buffer overflow
    Summary
    A vulnerability was found in Tenda AC1206 up to 15.03.06.23. It has been rated as critical. This issue affects the function setSchedWifi of the file /goform/openSchedWifi. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.307403 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.307403 signaturepermissions-required
    https://vuldb.com/?submit.563558 third-party-advisory
    https://github.com/CH13hh/tmp_store_cc/blob/main/… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda AC1206 Affected: 15.03.06.0
    Affected: 15.03.06.1
    Affected: 15.03.06.2
    Affected: 15.03.06.3
    Affected: 15.03.06.4
    Affected: 15.03.06.5
    Affected: 15.03.06.6
    Affected: 15.03.06.7
    Affected: 15.03.06.8
    Affected: 15.03.06.9
    Affected: 15.03.06.10
    Affected: 15.03.06.11
    Affected: 15.03.06.12
    Affected: 15.03.06.13
    Affected: 15.03.06.14
    Affected: 15.03.06.15
    Affected: 15.03.06.16
    Affected: 15.03.06.17
    Affected: 15.03.06.18
    Affected: 15.03.06.19
    Affected: 15.03.06.20
    Affected: 15.03.06.21
    Affected: 15.03.06.22
    Affected: 15.03.06.23
    Create a notification for this product.
    Credits
    CH13hh (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-4299",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-06T13:37:18.259171Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-06T13:40:44.930Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AC1206",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "15.03.06.0"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.1"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.2"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.3"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.4"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.5"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.6"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.7"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.8"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.9"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.10"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.11"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.12"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.13"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.14"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.15"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.16"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.17"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.18"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.19"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.20"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.21"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.22"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.23"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "CH13hh (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda AC1206 up to 15.03.06.23. It has been rated as critical. This issue affects the function setSchedWifi of the file /goform/openSchedWifi. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in Tenda AC1206 bis 15.03.06.23 ausgemacht. Sie wurde als kritisch eingestuft. Betroffen davon ist die Funktion setSchedWifi der Datei /goform/openSchedWifi. Durch Manipulieren mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-06T00:00:07.726Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-307403 | Tenda AC1206 openSchedWifi setSchedWifi buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.307403"
            },
            {
              "name": "VDB-307403 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.307403"
            },
            {
              "name": "Submit #563558 | Shenzhen Tenda Technology Co.,Ltd. AC1206 \u003c=V15.03.06.23 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.563558"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/CH13hh/tmp_store_cc/blob/main/AC1206/AC1206setSchedWifi/setSchedWifi.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-05-05T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-05-05T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-05-05T14:27:31.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda AC1206 openSchedWifi setSchedWifi buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-4299",
        "datePublished": "2025-05-06T00:00:07.726Z",
        "dateReserved": "2025-05-05T12:22:23.778Z",
        "dateUpdated": "2025-05-06T13:40:44.930Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-4298 (GCVE-0-2025-4298)

    Vulnerability from nvd – Published: 2025-05-05 23:31 – Updated: 2025-05-06 02:45
    VLAI
    Title
    Tenda AC1206 setcfm formSetCfm buffer overflow
    Summary
    A vulnerability was found in Tenda AC1206 up to 15.03.06.23. It has been declared as critical. This vulnerability affects the function formSetCfm of the file /goform/setcfm. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.307402 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.307402 signaturepermissions-required
    https://vuldb.com/?submit.563557 third-party-advisory
    https://github.com/CH13hh/tmp_store_cc/blob/main/… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda AC1206 Affected: 15.03.06.0
    Affected: 15.03.06.1
    Affected: 15.03.06.2
    Affected: 15.03.06.3
    Affected: 15.03.06.4
    Affected: 15.03.06.5
    Affected: 15.03.06.6
    Affected: 15.03.06.7
    Affected: 15.03.06.8
    Affected: 15.03.06.9
    Affected: 15.03.06.10
    Affected: 15.03.06.11
    Affected: 15.03.06.12
    Affected: 15.03.06.13
    Affected: 15.03.06.14
    Affected: 15.03.06.15
    Affected: 15.03.06.16
    Affected: 15.03.06.17
    Affected: 15.03.06.18
    Affected: 15.03.06.19
    Affected: 15.03.06.20
    Affected: 15.03.06.21
    Affected: 15.03.06.22
    Affected: 15.03.06.23
    Create a notification for this product.
    Credits
    CH13hh (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-4298",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-06T02:44:44.141214Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-06T02:45:01.333Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AC1206",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "15.03.06.0"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.1"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.2"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.3"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.4"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.5"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.6"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.7"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.8"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.9"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.10"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.11"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.12"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.13"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.14"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.15"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.16"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.17"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.18"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.19"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.20"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.21"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.22"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.23"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "CH13hh (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda AC1206 up to 15.03.06.23. It has been declared as critical. This vulnerability affects the function formSetCfm of the file /goform/setcfm. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "In Tenda AC1206 bis 15.03.06.23 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Betroffen ist die Funktion formSetCfm der Datei /goform/setcfm. Durch das Manipulieren mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-05T23:31:05.551Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-307402 | Tenda AC1206 setcfm formSetCfm buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.307402"
            },
            {
              "name": "VDB-307402 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.307402"
            },
            {
              "name": "Submit #563557 | Shenzhen Tenda Technology Co.,Ltd. AC1206 \u003c=V15.03.06.23 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.563557"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/CH13hh/tmp_store_cc/blob/main/AC1206/AC1206formSetCfm/formSetCfm.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-05-05T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-05-05T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-05-05T14:27:29.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda AC1206 setcfm formSetCfm buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-4298",
        "datePublished": "2025-05-05T23:31:05.551Z",
        "dateReserved": "2025-05-05T12:22:21.498Z",
        "dateUpdated": "2025-05-06T02:45:01.333Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3328 (GCVE-0-2025-3328)

    Vulnerability from nvd – Published: 2025-04-07 00:31 – Updated: 2025-04-07 14:01
    VLAI
    Title
    Tenda AC1206 fast_setting_wifi_set form_fast_setting_wifi_set buffer overflow
    Summary
    A vulnerability was found in Tenda AC1206 15.03.06.23. It has been classified as critical. Affected is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid/timeZone leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Tenda AC1206 Affected: 15.03.06.23
    Create a notification for this product.
    Credits
    CH13hh (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3328",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-07T14:01:21.877841Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-07T14:01:25.436Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/CH13hh/tmp_store_cc/blob/main/AC1206/AC1206form_fast_setting_wifi_set/form_fast_setting_wifi_set.md"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/CH13hh/tmp_store_cc/blob/main/AC1206/AC1206form_fast_setting_wifi_set_time/time.md"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AC1206",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "15.03.06.23"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "CH13hh (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda AC1206 15.03.06.23. It has been classified as critical. Affected is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid/timeZone leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well."
            },
            {
              "lang": "de",
              "value": "Es wurde eine kritische Schwachstelle in Tenda AC1206 15.03.06.23 ausgemacht. Es betrifft die Funktion form_fast_setting_wifi_set der Datei /goform/fast_setting_wifi_set. Mittels Manipulieren des Arguments ssid/timeZone mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-07T00:31:07.509Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-303540 | Tenda AC1206 fast_setting_wifi_set form_fast_setting_wifi_set buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.303540"
            },
            {
              "name": "VDB-303540 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.303540"
            },
            {
              "name": "Submit #551893 | Shenzhen Tenda Technology Co.,Ltd. AC1206 V15.03.06.23 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.551893"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/CH13hh/tmp_store_cc/blob/main/AC1206/AC1206form_fast_setting_wifi_set_time/time.md"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/CH13hh/tmp_store_cc/blob/main/AC1206/AC1206form_fast_setting_wifi_set/form_fast_setting_wifi_set.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-04-06T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-04-06T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-04-06T08:03:38.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda AC1206 fast_setting_wifi_set form_fast_setting_wifi_set buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-3328",
        "datePublished": "2025-04-07T00:31:07.509Z",
        "dateReserved": "2025-04-06T05:58:34.606Z",
        "dateUpdated": "2025-04-07T14:01:25.436Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-10434 (GCVE-0-2024-10434)

    Vulnerability from nvd – Published: 2024-10-28 00:31 – Updated: 2024-10-28 13:00
    VLAI
    Title
    Tenda AC1206 ate ate_Tenda_mfg_check_usb3 stack-based overflow
    Summary
    A vulnerability was found in Tenda AC1206 up to 20241027. It has been classified as critical. This affects the function ate_Tenda_mfg_check_usb/ate_Tenda_mfg_check_usb3 of the file /goform/ate. The manipulation of the argument arg leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.281985 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.281985 signaturepermissions-required
    https://vuldb.com/?submit.431291 third-party-advisory
    https://github.com/physicszq/Routers/blob/main/Te… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda AC1206 Affected: 20241027
    Create a notification for this product.
    tenda ac1206 Affected: 20241027
        cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    physicszq (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac1206",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "20241027"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-10434",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T12:59:43.912430Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T13:00:50.500Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AC1206",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "20241027"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "physicszq (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda AC1206 up to 20241027. It has been classified as critical. This affects the function ate_Tenda_mfg_check_usb/ate_Tenda_mfg_check_usb3 of the file /goform/ate. The manipulation of the argument arg leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in Tenda AC1206 bis 20241027 ausgemacht. Sie wurde als kritisch eingestuft. Es betrifft die Funktion ate_Tenda_mfg_check_usb/ate_Tenda_mfg_check_usb3 der Datei /goform/ate. Dank der Manipulation des Arguments arg mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-28T00:31:05.947Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-281985 | Tenda AC1206 ate ate_Tenda_mfg_check_usb3 stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.281985"
            },
            {
              "name": "VDB-281985 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.281985"
            },
            {
              "name": "Submit #431291 | tenda tenda router   AC1206 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.431291"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/physicszq/Routers/blob/main/Tenda/README.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-10-27T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-10-27T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-10-27T08:26:44.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda AC1206 ate ate_Tenda_mfg_check_usb3 stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-10434",
        "datePublished": "2024-10-28T00:31:05.947Z",
        "dateReserved": "2024-10-27T07:21:32.313Z",
        "dateUpdated": "2024-10-28T13:00:50.500Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-10280 (GCVE-0-2024-10280)

    Vulnerability from nvd – Published: 2024-10-23 13:31 – Updated: 2024-10-23 17:41
    VLAI
    Title
    Tenda AC6/AC7/AC8/AC9/AC10/AC10U/AC15/AC18/AC500/AC1206 GetIPTV websReadEvent null pointer dereference
    Summary
    A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.281555 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.281555 signaturepermissions-required
    https://vuldb.com/?submit.426417 third-party-advisory
    https://github.com/JohenanLi/router_vuls/blob/mai… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda AC6 Affected: 20241022
    Create a notification for this product.
    Tenda AC7 Affected: 20241022
    Create a notification for this product.
    Tenda AC8 Affected: 20241022
    Create a notification for this product.
    Tenda AC9 Affected: 20241022
    Create a notification for this product.
    Tenda AC10 Affected: 20241022
    Create a notification for this product.
    Tenda AC10U Affected: 20241022
    Create a notification for this product.
    Tenda AC15 Affected: 20241022
    Create a notification for this product.
    Tenda AC18 Affected: 20241022
    Create a notification for this product.
    Tenda AC500 Affected: 20241022
    Create a notification for this product.
    Tenda AC1206 Affected: 20241022
    Create a notification for this product.
    tenda ac6_firmware Affected: 15.03.06.23
        cpe:2.3:o:tenda:ac6_firmware:15.03.06.23:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac8_firmware Affected: 16.03.34.06
        cpe:2.3:o:tenda:ac8_firmware:16.03.34.06:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac8_firmware Affected: 16.03.34.09
        cpe:2.3:a:tenda:ac8_firmware:16.03.34.09:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac10_firmware Affected: 16.03.48.23
    Affected: 16.03.48.19
    Affected: 16.03.48.20
    Affected: 16.03.48.13
        cpe:2.3:o:tenda:ac10_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac1206_firmware Affected: 15.03.06.23
        cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac9_firmware Affected: 15.03.06.42
    Affected: 15.03.05.19\(6318_\)
    Affected: 15.03.05.14
    Affected: 15.03.2.13
        cpe:2.3:o:tenda:ac9_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac18_firmware Affected: 15.03.05.05
        cpe:2.3:o:tenda:ac18_firmware:15.03.05.05:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac18_firmware Affected: 15.03.05.19\(6318\)
        cpe:2.3:o:tenda:ac18_firmware:15.03.05.19\(6318\):*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac500_firmware Affected: 2.0.1.9\(1307\)
        cpe:2.3:o:tenda:ac500_firmware:2.0.1.9\(1307\):*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac500_firmware Affected: 1.0.0.16
        cpe:2.3:o:tenda:ac500_firmware:1.0.0.16:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac500_firmware Affected: 1.0.0.14
        cpe:2.3:o:tenda:ac500_firmware:1.0.0.14:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac10u_firmware Affected: 15.03.06.48
        cpe:2.3:o:tenda:ac10u_firmware:15.03.06.48:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac10u_firmware Affected: 15.03.06.49
        cpe:2.3:o:tenda:ac10u_firmware:15.03.06.49:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac7_firmware Affected: 15.03.06.44
        cpe:2.3:o:tenda:ac7_firmware:15.03.06.44:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac15_firmware Affected: 15.03.05.18
        cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac15_firmware Affected: 15.03.05.19
        cpe:2.3:o:tenda:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    minipython (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:tenda:ac6_firmware:15.03.06.23:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac6_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.03.06.23"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:tenda:ac8_firmware:16.03.34.06:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac8_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.03.34.06"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:tenda:ac8_firmware:16.03.34.09:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac8_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.03.34.09"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:tenda:ac10_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac10_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.03.48.23"
                  },
                  {
                    "status": "affected",
                    "version": "16.03.48.19"
                  },
                  {
                    "status": "affected",
                    "version": "16.03.48.20"
                  },
                  {
                    "status": "affected",
                    "version": "16.03.48.13"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac1206_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.03.06.23"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:tenda:ac9_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac9_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.03.06.42"
                  },
                  {
                    "status": "affected",
                    "version": "15.03.05.19\\(6318_\\)"
                  },
                  {
                    "status": "affected",
                    "version": "15.03.05.14"
                  },
                  {
                    "status": "affected",
                    "version": "15.03.2.13"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:tenda:ac18_firmware:15.03.05.05:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac18_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.03.05.05"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:tenda:ac18_firmware:15.03.05.19\\(6318\\):*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac18_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.03.05.19\\(6318\\)"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:tenda:ac500_firmware:2.0.1.9\\(1307\\):*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac500_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.0.1.9\\(1307\\)"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:tenda:ac500_firmware:1.0.0.16:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac500_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.0.0.16"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:tenda:ac500_firmware:1.0.0.14:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac500_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.0.0.14"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:tenda:ac10u_firmware:15.03.06.48:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac10u_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.03.06.48"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:tenda:ac10u_firmware:15.03.06.49:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac10u_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.03.06.49"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:tenda:ac7_firmware:15.03.06.44:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac7_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.03.06.44"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac15_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.03.05.18"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:tenda:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac15_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.03.05.19"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-10280",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T17:28:19.760214Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-23T17:41:57.370Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AC6",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "20241022"
                }
              ]
            },
            {
              "product": "AC7",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "20241022"
                }
              ]
            },
            {
              "product": "AC8",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "20241022"
                }
              ]
            },
            {
              "product": "AC9",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "20241022"
                }
              ]
            },
            {
              "product": "AC10",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "20241022"
                }
              ]
            },
            {
              "product": "AC10U",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "20241022"
                }
              ]
            },
            {
              "product": "AC15",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "20241022"
                }
              ]
            },
            {
              "product": "AC18",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "20241022"
                }
              ]
            },
            {
              "product": "AC500",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "20241022"
                }
              ]
            },
            {
              "product": "AC1206",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "20241022"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "minipython (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 bis 20241022 ausgemacht. Sie wurde als problematisch eingestuft. Davon betroffen ist die Funktion websReadEvent der Datei /goform/GetIPTV. Durch Beeinflussen des Arguments Content-Length mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.8,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-23T13:31:07.315Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-281555 | Tenda AC6/AC7/AC8/AC9/AC10/AC10U/AC15/AC18/AC500/AC1206 GetIPTV websReadEvent null pointer dereference",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.281555"
            },
            {
              "name": "VDB-281555 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.281555"
            },
            {
              "name": "Submit #426417 | Tenda AC8v4 V16.03.34.06 NULL Pointer Dereference",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.426417"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/JohenanLi/router_vuls/blob/main/websReadEvent/websReadEvent.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-10-23T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-10-23T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-10-23T08:07:55.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda AC6/AC7/AC8/AC9/AC10/AC10U/AC15/AC18/AC500/AC1206 GetIPTV websReadEvent null pointer dereference"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-10280",
        "datePublished": "2024-10-23T13:31:07.315Z",
        "dateReserved": "2024-10-23T06:02:03.363Z",
        "dateUpdated": "2024-10-23T17:41:57.370Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-9793 (GCVE-0-2024-9793)

    Vulnerability from nvd – Published: 2024-10-10 15:31 – Updated: 2024-10-10 17:46
    VLAI
    Title
    Tenda AC1206 ate ate_ifconfig_set command injection
    Summary
    A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. This vulnerability affects the function ate_iwpriv_set/ate_ifconfig_set of the file /goform/ate. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Tenda AC1206 Affected: 15.03.06.0
    Affected: 15.03.06.1
    Affected: 15.03.06.2
    Affected: 15.03.06.3
    Affected: 15.03.06.4
    Affected: 15.03.06.5
    Affected: 15.03.06.6
    Affected: 15.03.06.7
    Affected: 15.03.06.8
    Affected: 15.03.06.9
    Affected: 15.03.06.10
    Affected: 15.03.06.11
    Affected: 15.03.06.12
    Affected: 15.03.06.13
    Affected: 15.03.06.14
    Affected: 15.03.06.15
    Affected: 15.03.06.16
    Affected: 15.03.06.17
    Affected: 15.03.06.18
    Affected: 15.03.06.19
    Affected: 15.03.06.20
    Affected: 15.03.06.21
    Affected: 15.03.06.22
    Affected: 15.03.06.23
    Create a notification for this product.
    tenda ac1206_firmware Affected: 0 , ≤ 15.03.06.23 (custom)
        cpe:2.3:o:tenda:ac1206_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    ixout (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:tenda:ac1206_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac1206_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "lessThanOrEqual": "15.03.06.23",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-9793",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-10T16:09:15.570083Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-10T17:46:05.897Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AC1206",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "15.03.06.0"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.1"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.2"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.3"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.4"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.5"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.6"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.7"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.8"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.9"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.10"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.11"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.12"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.13"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.14"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.15"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.16"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.17"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.18"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.19"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.20"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.21"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.22"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.23"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "ixout (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. This vulnerability affects the function ate_iwpriv_set/ate_ifconfig_set of the file /goform/ate. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In Tenda AC1206 bis 15.03.06.23 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Das betrifft die Funktion ate_iwpriv_set/ate_ifconfig_set der Datei /goform/ate. Durch das Manipulieren mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-10T15:31:06.625Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-279946 | Tenda AC1206 ate ate_ifconfig_set command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.279946"
            },
            {
              "name": "VDB-279946 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.279946"
            },
            {
              "name": "Submit #418061 | Tenda Router V15.03.06.23 and earlier Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.418061"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/ixout/iotVuls/blob/main/Tenda/ac1206_004/report.md"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/ixout/iotVuls/blob/main/Tenda/ac1206_003/report.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-10-10T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-10-10T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-10-10T09:28:24.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda AC1206 ate ate_ifconfig_set command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-9793",
        "datePublished": "2024-10-10T15:31:06.625Z",
        "dateReserved": "2024-10-10T07:23:14.015Z",
        "dateUpdated": "2024-10-10T17:46:05.897Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38937 (GCVE-0-2023-38937)

    Vulnerability from nvd – Published: 2023-08-07 00:00 – Updated: 2024-10-17 14:40
    VLAI
    Summary
    Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, AC9 V3.0 V15.03.06.42_multi and AC10 v4.0 V16.03.10.13 were discovered to contain a stack overflow via the list parameter in the formSetVirtualSer function.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Impacted products
    Vendor Product Version
    tenda ac6 Affected: V2.0 V15.03.06.23
        cpe:2.3:h:tenda:ac6:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac10 Affected: V1.0 V15.03.06.23
        cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac1206 Affected: V15.03.06.23
        cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac8 Affected: v4 V16.03.34.06
        cpe:2.3:h:tenda:ac8:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac7 Affected: V1.0 V15.03.06.44
        cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac5 Affected: V1.0 V15.03.06.28
        cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac9 Affected: V3.0 V15.03.06.42_multi
        cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac10 Affected: v4.0 V16.03.10.13
        cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:54:39.643Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetVirtualSer/README.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac6:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac6",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0 V15.03.06.23"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac10",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V1.0 V15.03.06.23"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac1206",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V15.03.06.23"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac8:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac8",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "v4 V16.03.34.06"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac7",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V1.0 V15.03.06.44"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac5",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V1.0 V15.03.06.28"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac9",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V3.0 V15.03.06.42_multi"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac10",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "v4.0 V16.03.10.13"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38937",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-17T14:37:17.298133Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-17T14:40:31.909Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, AC9 V3.0 V15.03.06.42_multi and AC10 v4.0 V16.03.10.13 were discovered to contain a stack overflow via the list parameter in the formSetVirtualSer function."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-07T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetVirtualSer/README.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-38937",
        "datePublished": "2023-08-07T00:00:00.000Z",
        "dateReserved": "2023-07-25T00:00:00.000Z",
        "dateUpdated": "2024-10-17T14:40:31.909Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38936 (GCVE-0-2023-38936)

    Vulnerability from nvd – Published: 2023-08-07 00:00 – Updated: 2024-10-15 20:05
    VLAI
    Summary
    Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6, AC9 V3.0 V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Impacted products
    Vendor Product Version
    tenda ac10 Affected: V1.0 V15.03.06.23
        cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac1206 Affected: V15.03.06.23,
        cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac6 Affected: V2.0 V15.03.06.23
        cpe:2.3:h:tenda:ac6:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac7 Affected: V1.0 V15.03.06.44,
        cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac5 Affected: V1.0 V15.03.06.28
        cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda fh1203 Affected: V2.0.1.6
        cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac9 Affected: V3.0 V15.03.06.42_multi
        cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda fh1205 Affected: V2.0.0.7(775)
        cpe:2.3:h:tenda:fh1205:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:54:39.689Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetSpeedWan/README.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac10",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V1.0 V15.03.06.23"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac1206",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V15.03.06.23,"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac6:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac6",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0 V15.03.06.23"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac7",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V1.0 V15.03.06.44,"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac5",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V1.0 V15.03.06.28"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fh1203",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0.1.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac9",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V3.0 V15.03.06.42_multi"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:fh1205:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fh1205",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0.0.7(775)"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38936",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-15T20:02:03.283677Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-15T20:05:36.911Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6, AC9 V3.0 V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-07T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetSpeedWan/README.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-38936",
        "datePublished": "2023-08-07T00:00:00.000Z",
        "dateReserved": "2023-07-25T00:00:00.000Z",
        "dateUpdated": "2024-10-15T20:05:36.911Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38935 (GCVE-0-2023-38935)

    Vulnerability from nvd – Published: 2023-08-07 00:00 – Updated: 2024-10-15 20:07
    VLAI
    Summary
    Tenda AC1206 V15.03.06.23, AC8 V4 V16.03.34.06, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and AC9 V3.0 V15.03.06.42_multi were discovered to contain a tack overflow via the list parameter in the formSetQosBand function.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Impacted products
    Vendor Product Version
    tenda ac1206 Affected: V15.03.06.23
        cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac8 Affected: V4 V16.03.34.06
        cpe:2.3:h:tenda:ac8:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac5 Affected: V1.0 V15.03.06.28
        cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac10 Affected: v4.0 V16.03.10.13
        cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac9 Affected: V3.0 V15.03.06.42_multi
        cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:54:39.522Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetQosBand/README.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac1206",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V15.03.06.23"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac8:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac8",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V4 V16.03.34.06"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac5",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V1.0 V15.03.06.28"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac10",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "v4.0 V16.03.10.13"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac9",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V3.0 V15.03.06.42_multi"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38935",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-15T20:06:05.688360Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-15T20:07:56.040Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Tenda AC1206 V15.03.06.23, AC8 V4 V16.03.34.06, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and AC9 V3.0 V15.03.06.42_multi were discovered to contain a tack overflow via the list parameter in the formSetQosBand function."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-07T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetQosBand/README.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-38935",
        "datePublished": "2023-08-07T00:00:00.000Z",
        "dateReserved": "2023-07-25T00:00:00.000Z",
        "dateUpdated": "2024-10-15T20:07:56.040Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38933 (GCVE-0-2023-38933)

    Vulnerability from nvd – Published: 2023-08-07 00:00 – Updated: 2024-10-17 13:51
    VLAI
    Summary
    Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6 and AC9 V3.0 V15.03.06.42_multi, and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Impacted products
    Vendor Product Version
    tenda ac7 Affected: V1.0 V15.03.06.44
        cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda f1203 Affected: V2.0.1.6
        cpe:2.3:h:tenda:f1203:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac5 Affected: V1.0 V15.03.06.28
        cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda fh1203 Affected: V2.0.1.6
        cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac9 Affected: V3.0 V15.03.06.42_multi
        cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda fh1205 Affected: V2.0.0.7(775)
        cpe:2.3:h:tenda:fh1205:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac6 Affected: V2.0 V15.03.06.23
        cpe:2.3:h:tenda:ac6:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:54:39.649Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetClientState/README.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac7",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V1.0 V15.03.06.44"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:f1203:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "f1203",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0.1.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac5",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V1.0 V15.03.06.28"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fh1203",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0.1.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac9",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V3.0 V15.03.06.42_multi"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:fh1205:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fh1205",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0.0.7(775)"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac6:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac6",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0 V15.03.06.23"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38933",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-17T13:48:33.206945Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-17T13:51:46.931Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6 and AC9 V3.0 V15.03.06.42_multi, and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-07T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetClientState/README.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-38933",
        "datePublished": "2023-08-07T00:00:00.000Z",
        "dateReserved": "2023-07-25T00:00:00.000Z",
        "dateUpdated": "2024-10-17T13:51:46.931Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38931 (GCVE-0-2023-38931)

    Vulnerability from nvd – Published: 2023-08-07 00:00 – Updated: 2024-10-17 13:55
    VLAI
    Summary
    Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and FH1203 V2.0.1.6 were discovered to contain a stack overflow via the list parameter in the setaccount function.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Impacted products
    Vendor Product Version
    tenda ac10 Affected: V1.0 V15.03.06.23
        cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac1206 Affected: V15.03.06.23
        cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac8 Affected: v4 V16.03.34.06
        cpe:2.3:h:tenda:ac8:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac6 Affected: V2.0 V15.03.06.23
        cpe:2.3:h:tenda:ac6:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac7 Affected: V1.0 V15.03.06.44
        cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda f1203 Affected: V2.0.1.6
        cpe:2.3:h:tenda:f1203:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac5 Affected: V1.0 V15.03.06.28
        cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac10 Affected: v4.0 V16.03.10.13
        cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda fh1203 Affected: V2.0.1.6
        cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:54:39.242Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/cloudv2_setaccount/README.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac10",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V1.0 V15.03.06.23"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac1206",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V15.03.06.23"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac8:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac8",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "v4 V16.03.34.06"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac6:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac6",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0 V15.03.06.23"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac7",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V1.0 V15.03.06.44"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:f1203:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "f1203",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0.1.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac5",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V1.0 V15.03.06.28"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac10",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "v4.0 V16.03.10.13"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fh1203",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0.1.6"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38931",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-17T13:52:20.173225Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-17T13:55:25.786Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and FH1203 V2.0.1.6 were discovered to contain a stack overflow via the list parameter in the setaccount function."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-07T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/cloudv2_setaccount/README.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-38931",
        "datePublished": "2023-08-07T00:00:00.000Z",
        "dateReserved": "2023-07-25T00:00:00.000Z",
        "dateUpdated": "2024-10-17T13:55:25.786Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-0581 (GCVE-0-2026-0581)

    Vulnerability from cvelistv5 – Published: 2026-01-05 08:02 – Updated: 2026-02-23 08:13
    VLAI
    Title
    Tenda AC1206 httpd BehaviorManager formBehaviorManager command injection
    Summary
    A vulnerability was determined in Tenda AC1206 15.03.06.23. Affected by this issue is the function formBehaviorManager of the file /goform/BehaviorManager of the component httpd. Executing a manipulation of the argument modulename/option/data/switch can lead to command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.339473 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.339473 signaturepermissions-required
    https://vuldb.com/?submit.731193 third-party-advisory
    https://github.com/ccc-iotsec/cve-/blob/Tenda/Ten… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda AC1206 Affected: 15.03.06.23
        cpe:2.3:o:tenda:ac1206_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    2160288544 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0581",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-05T21:12:38.055555Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-05T21:12:48.557Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:o:tenda:ac1206_firmware:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "httpd"
              ],
              "product": "AC1206",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "15.03.06.23"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "2160288544 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was determined in Tenda AC1206 15.03.06.23. Affected by this issue is the function formBehaviorManager of the file /goform/BehaviorManager of the component httpd. Executing a manipulation of the argument modulename/option/data/switch can lead to command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-23T08:13:25.661Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-339473 | Tenda AC1206 httpd BehaviorManager formBehaviorManager command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.339473"
            },
            {
              "name": "VDB-339473 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.339473"
            },
            {
              "name": "Submit #731193 | Tenda AC1206 AC1206V1.0RTL_V15.03.06.23 Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.731193"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/ccc-iotsec/cve-/blob/Tenda/Tenda%20AC1206%E5%91%BD%E4%BB%A4%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-01-04T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-01-04T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-01-12T19:19:00.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda AC1206 httpd BehaviorManager formBehaviorManager command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-0581",
        "datePublished": "2026-01-05T08:02:08.449Z",
        "dateReserved": "2026-01-04T06:49:02.040Z",
        "dateUpdated": "2026-02-23T08:13:25.661Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-10432 (GCVE-0-2025-10432)

    Vulnerability from cvelistv5 – Published: 2025-09-15 07:32 – Updated: 2025-09-15 15:38
    VLAI
    Title
    Tenda AC1206 HTTP Request AdvSetMacMtuWa check_param_changed stack-based overflow
    Summary
    A vulnerability was found in Tenda AC1206 15.03.06.23. This vulnerability affects the function check_param_changed of the file /goform/AdvSetMacMtuWa of the component HTTP Request Handler. Performing manipulation of the argument wanMTU results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.323866 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.323866 signaturepermissions-required
    https://vuldb.com/?submit.647527 third-party-advisory
    https://github.com/M4st3rYi/IoTVulPocs/blob/main/… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda AC1206 Affected: 15.03.06.23
    Create a notification for this product.
    Credits
    nevv of Red-Shield Security Lab (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-10432",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-15T15:36:47.504619Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-15T15:38:03.857Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "HTTP Request Handler"
              ],
              "product": "AC1206",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "15.03.06.23"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "nevv of Red-Shield Security Lab (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda AC1206 15.03.06.23. This vulnerability affects the function check_param_changed of the file /goform/AdvSetMacMtuWa of the component HTTP Request Handler. Performing manipulation of the argument wanMTU results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used."
            },
            {
              "lang": "de",
              "value": "In Tenda AC1206 15.03.06.23 wurde eine Schwachstelle gefunden. Es geht um die Funktion check_param_changed der Datei /goform/AdvSetMacMtuWa der Komponente HTTP Request Handler. Durch Manipulation des Arguments wanMTU mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 10,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-15T07:32:07.178Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-323866 | Tenda AC1206 HTTP Request AdvSetMacMtuWa check_param_changed stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.323866"
            },
            {
              "name": "VDB-323866 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.323866"
            },
            {
              "name": "Submit #647527 | Tenda AC1206 AC1206V1.0RTL_V15.03.06.23 Stack-based Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.647527"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/M4st3rYi/IoTVulPocs/blob/main/Tenda/AC1206/fromAdvSetMacMtuWan.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-09-14T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-09-14T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-09-14T12:22:40.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda AC1206 HTTP Request AdvSetMacMtuWa check_param_changed stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-10432",
        "datePublished": "2025-09-15T07:32:07.178Z",
        "dateReserved": "2025-09-14T10:17:37.510Z",
        "dateUpdated": "2025-09-15T15:38:03.857Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-9523 (GCVE-0-2025-9523)

    Vulnerability from cvelistv5 – Published: 2025-08-27 10:32 – Updated: 2025-08-27 13:22
    VLAI
    Title
    Tenda AC1206 GetParentControlInfo stack-based overflow
    Summary
    A vulnerability was detected in Tenda AC1206 15.03.06.23. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.321541 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.321541 signaturepermissions-required
    https://vuldb.com/?submit.634309 third-party-advisory
    https://github.com/XXRicardo/iot-cve/blob/main/Te… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda AC1206 Affected: 15.03.06.23
    Create a notification for this product.
    Credits
    lxyilu (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9523",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-27T13:21:42.471514Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-27T13:22:13.925Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AC1206",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "15.03.06.23"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "lxyilu (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in Tenda AC1206 15.03.06.23. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in Tenda AC1206 15.03.06.23 entdeckt. Betroffen ist die Funktion GetParentControlInfo der Datei /goform/GetParentControlInfo. Durch die Manipulation des Arguments mac mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Es ist m\u00f6glich, den Angriff aus der Ferne durchzuf\u00fchren. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 10,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-27T10:32:07.976Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-321541 | Tenda AC1206 GetParentControlInfo stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.321541"
            },
            {
              "name": "VDB-321541 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.321541"
            },
            {
              "name": "Submit #634309 | Tenda Tenda Wi-Fi 5 Router AC1206 AC1206V1.0RTL_V15.03.06.23 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.634309"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/XXRicardo/iot-cve/blob/main/Tenda/AC1206/AC1206V1.0RTL_V15.03.06.23.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-08-27T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-08-27T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-08-27T07:08:38.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda AC1206 GetParentControlInfo stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-9523",
        "datePublished": "2025-08-27T10:32:07.976Z",
        "dateReserved": "2025-08-27T05:03:24.435Z",
        "dateUpdated": "2025-08-27T13:22:13.925Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-7544 (GCVE-0-2025-7544)

    Vulnerability from cvelistv5 – Published: 2025-07-13 21:32 – Updated: 2025-07-15 19:53
    Title
    Tenda AC1206 setMacFilterCfg formSetMacFilterCfg stack-based overflow
    Summary
    A vulnerability was found in Tenda AC1206 15.03.06.23. It has been rated as critical. This issue affects the function formSetMacFilterCfg of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Tenda AC1206 Affected: 15.03.06.23
    Create a notification for this product.
    Credits
    panda_0x1 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7544",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-14T16:43:46.557917Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-15T19:53:10.386Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/panda666-888/vuls/blob/main/tenda/ac1206/formSetMacFilterCfg.md"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AC1206",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "15.03.06.23"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "panda_0x1 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda AC1206 15.03.06.23. It has been rated as critical. This issue affects the function formSetMacFilterCfg of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in Tenda AC1206 15.03.06.23 ausgemacht. Sie wurde als kritisch eingestuft. Es geht hierbei um die Funktion formSetMacFilterCfg der Datei /goform/setMacFilterCfg. Mit der Manipulation des Arguments deviceList mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-13T21:32:07.187Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-316241 | Tenda AC1206 setMacFilterCfg formSetMacFilterCfg stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.316241"
            },
            {
              "name": "VDB-316241 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.316241"
            },
            {
              "name": "Submit #614089 | Tenda AC1206 15.03.06.23 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.614089"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/tenda/ac1206/formSetMacFilterCfg.md"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/panda666-888/vuls/blob/main/tenda/ac1206/formSetMacFilterCfg.md#poc"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-07-12T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-07-12T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-07-12T15:35:54.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda AC1206 setMacFilterCfg formSetMacFilterCfg stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-7544",
        "datePublished": "2025-07-13T21:32:07.187Z",
        "dateReserved": "2025-07-12T13:30:51.339Z",
        "dateUpdated": "2025-07-15T19:53:10.386Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-4299 (GCVE-0-2025-4299)

    Vulnerability from cvelistv5 – Published: 2025-05-06 00:00 – Updated: 2025-05-06 13:40
    VLAI
    Title
    Tenda AC1206 openSchedWifi setSchedWifi buffer overflow
    Summary
    A vulnerability was found in Tenda AC1206 up to 15.03.06.23. It has been rated as critical. This issue affects the function setSchedWifi of the file /goform/openSchedWifi. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.307403 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.307403 signaturepermissions-required
    https://vuldb.com/?submit.563558 third-party-advisory
    https://github.com/CH13hh/tmp_store_cc/blob/main/… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda AC1206 Affected: 15.03.06.0
    Affected: 15.03.06.1
    Affected: 15.03.06.2
    Affected: 15.03.06.3
    Affected: 15.03.06.4
    Affected: 15.03.06.5
    Affected: 15.03.06.6
    Affected: 15.03.06.7
    Affected: 15.03.06.8
    Affected: 15.03.06.9
    Affected: 15.03.06.10
    Affected: 15.03.06.11
    Affected: 15.03.06.12
    Affected: 15.03.06.13
    Affected: 15.03.06.14
    Affected: 15.03.06.15
    Affected: 15.03.06.16
    Affected: 15.03.06.17
    Affected: 15.03.06.18
    Affected: 15.03.06.19
    Affected: 15.03.06.20
    Affected: 15.03.06.21
    Affected: 15.03.06.22
    Affected: 15.03.06.23
    Create a notification for this product.
    Credits
    CH13hh (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-4299",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-06T13:37:18.259171Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-06T13:40:44.930Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AC1206",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "15.03.06.0"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.1"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.2"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.3"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.4"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.5"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.6"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.7"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.8"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.9"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.10"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.11"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.12"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.13"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.14"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.15"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.16"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.17"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.18"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.19"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.20"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.21"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.22"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.23"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "CH13hh (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda AC1206 up to 15.03.06.23. It has been rated as critical. This issue affects the function setSchedWifi of the file /goform/openSchedWifi. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in Tenda AC1206 bis 15.03.06.23 ausgemacht. Sie wurde als kritisch eingestuft. Betroffen davon ist die Funktion setSchedWifi der Datei /goform/openSchedWifi. Durch Manipulieren mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-06T00:00:07.726Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-307403 | Tenda AC1206 openSchedWifi setSchedWifi buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.307403"
            },
            {
              "name": "VDB-307403 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.307403"
            },
            {
              "name": "Submit #563558 | Shenzhen Tenda Technology Co.,Ltd. AC1206 \u003c=V15.03.06.23 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.563558"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/CH13hh/tmp_store_cc/blob/main/AC1206/AC1206setSchedWifi/setSchedWifi.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-05-05T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-05-05T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-05-05T14:27:31.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda AC1206 openSchedWifi setSchedWifi buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-4299",
        "datePublished": "2025-05-06T00:00:07.726Z",
        "dateReserved": "2025-05-05T12:22:23.778Z",
        "dateUpdated": "2025-05-06T13:40:44.930Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-4298 (GCVE-0-2025-4298)

    Vulnerability from cvelistv5 – Published: 2025-05-05 23:31 – Updated: 2025-05-06 02:45
    VLAI
    Title
    Tenda AC1206 setcfm formSetCfm buffer overflow
    Summary
    A vulnerability was found in Tenda AC1206 up to 15.03.06.23. It has been declared as critical. This vulnerability affects the function formSetCfm of the file /goform/setcfm. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.307402 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.307402 signaturepermissions-required
    https://vuldb.com/?submit.563557 third-party-advisory
    https://github.com/CH13hh/tmp_store_cc/blob/main/… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda AC1206 Affected: 15.03.06.0
    Affected: 15.03.06.1
    Affected: 15.03.06.2
    Affected: 15.03.06.3
    Affected: 15.03.06.4
    Affected: 15.03.06.5
    Affected: 15.03.06.6
    Affected: 15.03.06.7
    Affected: 15.03.06.8
    Affected: 15.03.06.9
    Affected: 15.03.06.10
    Affected: 15.03.06.11
    Affected: 15.03.06.12
    Affected: 15.03.06.13
    Affected: 15.03.06.14
    Affected: 15.03.06.15
    Affected: 15.03.06.16
    Affected: 15.03.06.17
    Affected: 15.03.06.18
    Affected: 15.03.06.19
    Affected: 15.03.06.20
    Affected: 15.03.06.21
    Affected: 15.03.06.22
    Affected: 15.03.06.23
    Create a notification for this product.
    Credits
    CH13hh (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-4298",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-06T02:44:44.141214Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-06T02:45:01.333Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AC1206",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "15.03.06.0"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.1"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.2"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.3"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.4"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.5"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.6"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.7"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.8"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.9"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.10"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.11"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.12"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.13"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.14"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.15"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.16"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.17"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.18"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.19"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.20"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.21"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.22"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.23"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "CH13hh (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda AC1206 up to 15.03.06.23. It has been declared as critical. This vulnerability affects the function formSetCfm of the file /goform/setcfm. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "In Tenda AC1206 bis 15.03.06.23 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Betroffen ist die Funktion formSetCfm der Datei /goform/setcfm. Durch das Manipulieren mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-05T23:31:05.551Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-307402 | Tenda AC1206 setcfm formSetCfm buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.307402"
            },
            {
              "name": "VDB-307402 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.307402"
            },
            {
              "name": "Submit #563557 | Shenzhen Tenda Technology Co.,Ltd. AC1206 \u003c=V15.03.06.23 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.563557"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/CH13hh/tmp_store_cc/blob/main/AC1206/AC1206formSetCfm/formSetCfm.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-05-05T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-05-05T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-05-05T14:27:29.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda AC1206 setcfm formSetCfm buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-4298",
        "datePublished": "2025-05-05T23:31:05.551Z",
        "dateReserved": "2025-05-05T12:22:21.498Z",
        "dateUpdated": "2025-05-06T02:45:01.333Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3328 (GCVE-0-2025-3328)

    Vulnerability from cvelistv5 – Published: 2025-04-07 00:31 – Updated: 2025-04-07 14:01
    VLAI
    Title
    Tenda AC1206 fast_setting_wifi_set form_fast_setting_wifi_set buffer overflow
    Summary
    A vulnerability was found in Tenda AC1206 15.03.06.23. It has been classified as critical. Affected is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid/timeZone leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Tenda AC1206 Affected: 15.03.06.23
    Create a notification for this product.
    Credits
    CH13hh (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3328",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-07T14:01:21.877841Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-07T14:01:25.436Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/CH13hh/tmp_store_cc/blob/main/AC1206/AC1206form_fast_setting_wifi_set/form_fast_setting_wifi_set.md"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/CH13hh/tmp_store_cc/blob/main/AC1206/AC1206form_fast_setting_wifi_set_time/time.md"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AC1206",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "15.03.06.23"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "CH13hh (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda AC1206 15.03.06.23. It has been classified as critical. Affected is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid/timeZone leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well."
            },
            {
              "lang": "de",
              "value": "Es wurde eine kritische Schwachstelle in Tenda AC1206 15.03.06.23 ausgemacht. Es betrifft die Funktion form_fast_setting_wifi_set der Datei /goform/fast_setting_wifi_set. Mittels Manipulieren des Arguments ssid/timeZone mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-04-07T00:31:07.509Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-303540 | Tenda AC1206 fast_setting_wifi_set form_fast_setting_wifi_set buffer overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.303540"
            },
            {
              "name": "VDB-303540 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.303540"
            },
            {
              "name": "Submit #551893 | Shenzhen Tenda Technology Co.,Ltd. AC1206 V15.03.06.23 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.551893"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/CH13hh/tmp_store_cc/blob/main/AC1206/AC1206form_fast_setting_wifi_set_time/time.md"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/CH13hh/tmp_store_cc/blob/main/AC1206/AC1206form_fast_setting_wifi_set/form_fast_setting_wifi_set.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-04-06T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-04-06T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-04-06T08:03:38.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda AC1206 fast_setting_wifi_set form_fast_setting_wifi_set buffer overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-3328",
        "datePublished": "2025-04-07T00:31:07.509Z",
        "dateReserved": "2025-04-06T05:58:34.606Z",
        "dateUpdated": "2025-04-07T14:01:25.436Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-10434 (GCVE-0-2024-10434)

    Vulnerability from cvelistv5 – Published: 2024-10-28 00:31 – Updated: 2024-10-28 13:00
    VLAI
    Title
    Tenda AC1206 ate ate_Tenda_mfg_check_usb3 stack-based overflow
    Summary
    A vulnerability was found in Tenda AC1206 up to 20241027. It has been classified as critical. This affects the function ate_Tenda_mfg_check_usb/ate_Tenda_mfg_check_usb3 of the file /goform/ate. The manipulation of the argument arg leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.281985 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.281985 signaturepermissions-required
    https://vuldb.com/?submit.431291 third-party-advisory
    https://github.com/physicszq/Routers/blob/main/Te… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda AC1206 Affected: 20241027
    Create a notification for this product.
    tenda ac1206 Affected: 20241027
        cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    physicszq (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac1206",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "20241027"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-10434",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T12:59:43.912430Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T13:00:50.500Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AC1206",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "20241027"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "physicszq (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda AC1206 up to 20241027. It has been classified as critical. This affects the function ate_Tenda_mfg_check_usb/ate_Tenda_mfg_check_usb3 of the file /goform/ate. The manipulation of the argument arg leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in Tenda AC1206 bis 20241027 ausgemacht. Sie wurde als kritisch eingestuft. Es betrifft die Funktion ate_Tenda_mfg_check_usb/ate_Tenda_mfg_check_usb3 der Datei /goform/ate. Dank der Manipulation des Arguments arg mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-28T00:31:05.947Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-281985 | Tenda AC1206 ate ate_Tenda_mfg_check_usb3 stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.281985"
            },
            {
              "name": "VDB-281985 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.281985"
            },
            {
              "name": "Submit #431291 | tenda tenda router   AC1206 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.431291"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/physicszq/Routers/blob/main/Tenda/README.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-10-27T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-10-27T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-10-27T08:26:44.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda AC1206 ate ate_Tenda_mfg_check_usb3 stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-10434",
        "datePublished": "2024-10-28T00:31:05.947Z",
        "dateReserved": "2024-10-27T07:21:32.313Z",
        "dateUpdated": "2024-10-28T13:00:50.500Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-10280 (GCVE-0-2024-10280)

    Vulnerability from cvelistv5 – Published: 2024-10-23 13:31 – Updated: 2024-10-23 17:41
    VLAI
    Title
    Tenda AC6/AC7/AC8/AC9/AC10/AC10U/AC15/AC18/AC500/AC1206 GetIPTV websReadEvent null pointer dereference
    Summary
    A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.281555 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.281555 signaturepermissions-required
    https://vuldb.com/?submit.426417 third-party-advisory
    https://github.com/JohenanLi/router_vuls/blob/mai… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda AC6 Affected: 20241022
    Create a notification for this product.
    Tenda AC7 Affected: 20241022
    Create a notification for this product.
    Tenda AC8 Affected: 20241022
    Create a notification for this product.
    Tenda AC9 Affected: 20241022
    Create a notification for this product.
    Tenda AC10 Affected: 20241022
    Create a notification for this product.
    Tenda AC10U Affected: 20241022
    Create a notification for this product.
    Tenda AC15 Affected: 20241022
    Create a notification for this product.
    Tenda AC18 Affected: 20241022
    Create a notification for this product.
    Tenda AC500 Affected: 20241022
    Create a notification for this product.
    Tenda AC1206 Affected: 20241022
    Create a notification for this product.
    tenda ac6_firmware Affected: 15.03.06.23
        cpe:2.3:o:tenda:ac6_firmware:15.03.06.23:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac8_firmware Affected: 16.03.34.06
        cpe:2.3:o:tenda:ac8_firmware:16.03.34.06:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac8_firmware Affected: 16.03.34.09
        cpe:2.3:a:tenda:ac8_firmware:16.03.34.09:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac10_firmware Affected: 16.03.48.23
    Affected: 16.03.48.19
    Affected: 16.03.48.20
    Affected: 16.03.48.13
        cpe:2.3:o:tenda:ac10_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac1206_firmware Affected: 15.03.06.23
        cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac9_firmware Affected: 15.03.06.42
    Affected: 15.03.05.19\(6318_\)
    Affected: 15.03.05.14
    Affected: 15.03.2.13
        cpe:2.3:o:tenda:ac9_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac18_firmware Affected: 15.03.05.05
        cpe:2.3:o:tenda:ac18_firmware:15.03.05.05:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac18_firmware Affected: 15.03.05.19\(6318\)
        cpe:2.3:o:tenda:ac18_firmware:15.03.05.19\(6318\):*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac500_firmware Affected: 2.0.1.9\(1307\)
        cpe:2.3:o:tenda:ac500_firmware:2.0.1.9\(1307\):*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac500_firmware Affected: 1.0.0.16
        cpe:2.3:o:tenda:ac500_firmware:1.0.0.16:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac500_firmware Affected: 1.0.0.14
        cpe:2.3:o:tenda:ac500_firmware:1.0.0.14:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac10u_firmware Affected: 15.03.06.48
        cpe:2.3:o:tenda:ac10u_firmware:15.03.06.48:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac10u_firmware Affected: 15.03.06.49
        cpe:2.3:o:tenda:ac10u_firmware:15.03.06.49:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac7_firmware Affected: 15.03.06.44
        cpe:2.3:o:tenda:ac7_firmware:15.03.06.44:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac15_firmware Affected: 15.03.05.18
        cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac15_firmware Affected: 15.03.05.19
        cpe:2.3:o:tenda:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    minipython (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:tenda:ac6_firmware:15.03.06.23:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac6_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.03.06.23"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:tenda:ac8_firmware:16.03.34.06:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac8_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.03.34.06"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:tenda:ac8_firmware:16.03.34.09:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac8_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.03.34.09"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:tenda:ac10_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac10_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "16.03.48.23"
                  },
                  {
                    "status": "affected",
                    "version": "16.03.48.19"
                  },
                  {
                    "status": "affected",
                    "version": "16.03.48.20"
                  },
                  {
                    "status": "affected",
                    "version": "16.03.48.13"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:tenda:ac1206_firmware:15.03.06.23:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac1206_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.03.06.23"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:tenda:ac9_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac9_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.03.06.42"
                  },
                  {
                    "status": "affected",
                    "version": "15.03.05.19\\(6318_\\)"
                  },
                  {
                    "status": "affected",
                    "version": "15.03.05.14"
                  },
                  {
                    "status": "affected",
                    "version": "15.03.2.13"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:tenda:ac18_firmware:15.03.05.05:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac18_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.03.05.05"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:tenda:ac18_firmware:15.03.05.19\\(6318\\):*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac18_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.03.05.19\\(6318\\)"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:tenda:ac500_firmware:2.0.1.9\\(1307\\):*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac500_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.0.1.9\\(1307\\)"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:tenda:ac500_firmware:1.0.0.16:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac500_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.0.0.16"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:tenda:ac500_firmware:1.0.0.14:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac500_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.0.0.14"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:tenda:ac10u_firmware:15.03.06.48:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac10u_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.03.06.48"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:tenda:ac10u_firmware:15.03.06.49:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac10u_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.03.06.49"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:tenda:ac7_firmware:15.03.06.44:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac7_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.03.06.44"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:tenda:ac15_firmware:15.03.05.18:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac15_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.03.05.18"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:tenda:ac15_firmware:15.03.05.19:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac15_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.03.05.19"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-10280",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T17:28:19.760214Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-23T17:41:57.370Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AC6",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "20241022"
                }
              ]
            },
            {
              "product": "AC7",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "20241022"
                }
              ]
            },
            {
              "product": "AC8",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "20241022"
                }
              ]
            },
            {
              "product": "AC9",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "20241022"
                }
              ]
            },
            {
              "product": "AC10",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "20241022"
                }
              ]
            },
            {
              "product": "AC10U",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "20241022"
                }
              ]
            },
            {
              "product": "AC15",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "20241022"
                }
              ]
            },
            {
              "product": "AC18",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "20241022"
                }
              ]
            },
            {
              "product": "AC500",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "20241022"
                }
              ]
            },
            {
              "product": "AC1206",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "20241022"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "minipython (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 bis 20241022 ausgemacht. Sie wurde als problematisch eingestuft. Davon betroffen ist die Funktion websReadEvent der Datei /goform/GetIPTV. Durch Beeinflussen des Arguments Content-Length mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.8,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-23T13:31:07.315Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-281555 | Tenda AC6/AC7/AC8/AC9/AC10/AC10U/AC15/AC18/AC500/AC1206 GetIPTV websReadEvent null pointer dereference",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.281555"
            },
            {
              "name": "VDB-281555 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.281555"
            },
            {
              "name": "Submit #426417 | Tenda AC8v4 V16.03.34.06 NULL Pointer Dereference",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.426417"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/JohenanLi/router_vuls/blob/main/websReadEvent/websReadEvent.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-10-23T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-10-23T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-10-23T08:07:55.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda AC6/AC7/AC8/AC9/AC10/AC10U/AC15/AC18/AC500/AC1206 GetIPTV websReadEvent null pointer dereference"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-10280",
        "datePublished": "2024-10-23T13:31:07.315Z",
        "dateReserved": "2024-10-23T06:02:03.363Z",
        "dateUpdated": "2024-10-23T17:41:57.370Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-9793 (GCVE-0-2024-9793)

    Vulnerability from cvelistv5 – Published: 2024-10-10 15:31 – Updated: 2024-10-10 17:46
    VLAI
    Title
    Tenda AC1206 ate ate_ifconfig_set command injection
    Summary
    A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. This vulnerability affects the function ate_iwpriv_set/ate_ifconfig_set of the file /goform/ate. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Tenda AC1206 Affected: 15.03.06.0
    Affected: 15.03.06.1
    Affected: 15.03.06.2
    Affected: 15.03.06.3
    Affected: 15.03.06.4
    Affected: 15.03.06.5
    Affected: 15.03.06.6
    Affected: 15.03.06.7
    Affected: 15.03.06.8
    Affected: 15.03.06.9
    Affected: 15.03.06.10
    Affected: 15.03.06.11
    Affected: 15.03.06.12
    Affected: 15.03.06.13
    Affected: 15.03.06.14
    Affected: 15.03.06.15
    Affected: 15.03.06.16
    Affected: 15.03.06.17
    Affected: 15.03.06.18
    Affected: 15.03.06.19
    Affected: 15.03.06.20
    Affected: 15.03.06.21
    Affected: 15.03.06.22
    Affected: 15.03.06.23
    Create a notification for this product.
    tenda ac1206_firmware Affected: 0 , ≤ 15.03.06.23 (custom)
        cpe:2.3:o:tenda:ac1206_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    ixout (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:tenda:ac1206_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac1206_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "lessThanOrEqual": "15.03.06.23",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-9793",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-10T16:09:15.570083Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-10T17:46:05.897Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AC1206",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "15.03.06.0"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.1"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.2"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.3"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.4"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.5"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.6"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.7"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.8"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.9"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.10"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.11"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.12"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.13"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.14"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.15"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.16"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.17"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.18"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.19"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.20"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.21"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.22"
                },
                {
                  "status": "affected",
                  "version": "15.03.06.23"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "ixout (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. This vulnerability affects the function ate_iwpriv_set/ate_ifconfig_set of the file /goform/ate. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In Tenda AC1206 bis 15.03.06.23 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Das betrifft die Funktion ate_iwpriv_set/ate_ifconfig_set der Datei /goform/ate. Durch das Manipulieren mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-10T15:31:06.625Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-279946 | Tenda AC1206 ate ate_ifconfig_set command injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.279946"
            },
            {
              "name": "VDB-279946 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.279946"
            },
            {
              "name": "Submit #418061 | Tenda Router V15.03.06.23 and earlier Command Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.418061"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/ixout/iotVuls/blob/main/Tenda/ac1206_004/report.md"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/ixout/iotVuls/blob/main/Tenda/ac1206_003/report.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-10-10T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-10-10T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-10-10T09:28:24.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda AC1206 ate ate_ifconfig_set command injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-9793",
        "datePublished": "2024-10-10T15:31:06.625Z",
        "dateReserved": "2024-10-10T07:23:14.015Z",
        "dateUpdated": "2024-10-10T17:46:05.897Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38937 (GCVE-0-2023-38937)

    Vulnerability from cvelistv5 – Published: 2023-08-07 00:00 – Updated: 2024-10-17 14:40
    VLAI
    Summary
    Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, AC9 V3.0 V15.03.06.42_multi and AC10 v4.0 V16.03.10.13 were discovered to contain a stack overflow via the list parameter in the formSetVirtualSer function.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Impacted products
    Vendor Product Version
    tenda ac6 Affected: V2.0 V15.03.06.23
        cpe:2.3:h:tenda:ac6:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac10 Affected: V1.0 V15.03.06.23
        cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac1206 Affected: V15.03.06.23
        cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac8 Affected: v4 V16.03.34.06
        cpe:2.3:h:tenda:ac8:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac7 Affected: V1.0 V15.03.06.44
        cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac5 Affected: V1.0 V15.03.06.28
        cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac9 Affected: V3.0 V15.03.06.42_multi
        cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac10 Affected: v4.0 V16.03.10.13
        cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:54:39.643Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetVirtualSer/README.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac6:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac6",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0 V15.03.06.23"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac10",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V1.0 V15.03.06.23"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac1206",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V15.03.06.23"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac8:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac8",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "v4 V16.03.34.06"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac7",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V1.0 V15.03.06.44"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac5",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V1.0 V15.03.06.28"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac9",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V3.0 V15.03.06.42_multi"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac10",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "v4.0 V16.03.10.13"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38937",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-17T14:37:17.298133Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-17T14:40:31.909Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, AC9 V3.0 V15.03.06.42_multi and AC10 v4.0 V16.03.10.13 were discovered to contain a stack overflow via the list parameter in the formSetVirtualSer function."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-07T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetVirtualSer/README.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-38937",
        "datePublished": "2023-08-07T00:00:00.000Z",
        "dateReserved": "2023-07-25T00:00:00.000Z",
        "dateUpdated": "2024-10-17T14:40:31.909Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38931 (GCVE-0-2023-38931)

    Vulnerability from cvelistv5 – Published: 2023-08-07 00:00 – Updated: 2024-10-17 13:55
    VLAI
    Summary
    Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and FH1203 V2.0.1.6 were discovered to contain a stack overflow via the list parameter in the setaccount function.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Impacted products
    Vendor Product Version
    tenda ac10 Affected: V1.0 V15.03.06.23
        cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac1206 Affected: V15.03.06.23
        cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac8 Affected: v4 V16.03.34.06
        cpe:2.3:h:tenda:ac8:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac6 Affected: V2.0 V15.03.06.23
        cpe:2.3:h:tenda:ac6:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac7 Affected: V1.0 V15.03.06.44
        cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda f1203 Affected: V2.0.1.6
        cpe:2.3:h:tenda:f1203:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac5 Affected: V1.0 V15.03.06.28
        cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac10 Affected: v4.0 V16.03.10.13
        cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda fh1203 Affected: V2.0.1.6
        cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:54:39.242Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/cloudv2_setaccount/README.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac10",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V1.0 V15.03.06.23"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac1206",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V15.03.06.23"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac8:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac8",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "v4 V16.03.34.06"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac6:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac6",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0 V15.03.06.23"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac7",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V1.0 V15.03.06.44"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:f1203:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "f1203",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0.1.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac5",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V1.0 V15.03.06.28"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac10",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "v4.0 V16.03.10.13"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fh1203",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0.1.6"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38931",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-17T13:52:20.173225Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-17T13:55:25.786Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and FH1203 V2.0.1.6 were discovered to contain a stack overflow via the list parameter in the setaccount function."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-07T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/cloudv2_setaccount/README.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-38931",
        "datePublished": "2023-08-07T00:00:00.000Z",
        "dateReserved": "2023-07-25T00:00:00.000Z",
        "dateUpdated": "2024-10-17T13:55:25.786Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38933 (GCVE-0-2023-38933)

    Vulnerability from cvelistv5 – Published: 2023-08-07 00:00 – Updated: 2024-10-17 13:51
    VLAI
    Summary
    Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6 and AC9 V3.0 V15.03.06.42_multi, and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Impacted products
    Vendor Product Version
    tenda ac7 Affected: V1.0 V15.03.06.44
        cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda f1203 Affected: V2.0.1.6
        cpe:2.3:h:tenda:f1203:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac5 Affected: V1.0 V15.03.06.28
        cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda fh1203 Affected: V2.0.1.6
        cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac9 Affected: V3.0 V15.03.06.42_multi
        cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda fh1205 Affected: V2.0.0.7(775)
        cpe:2.3:h:tenda:fh1205:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac6 Affected: V2.0 V15.03.06.23
        cpe:2.3:h:tenda:ac6:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:54:39.649Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetClientState/README.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac7",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V1.0 V15.03.06.44"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:f1203:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "f1203",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0.1.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac5",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V1.0 V15.03.06.28"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fh1203",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0.1.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac9",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V3.0 V15.03.06.42_multi"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:fh1205:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fh1205",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0.0.7(775)"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac6:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac6",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0 V15.03.06.23"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38933",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-17T13:48:33.206945Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-17T13:51:46.931Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6 and AC9 V3.0 V15.03.06.42_multi, and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-07T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetClientState/README.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-38933",
        "datePublished": "2023-08-07T00:00:00.000Z",
        "dateReserved": "2023-07-25T00:00:00.000Z",
        "dateUpdated": "2024-10-17T13:51:46.931Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38936 (GCVE-0-2023-38936)

    Vulnerability from cvelistv5 – Published: 2023-08-07 00:00 – Updated: 2024-10-15 20:05
    VLAI
    Summary
    Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6, AC9 V3.0 V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Impacted products
    Vendor Product Version
    tenda ac10 Affected: V1.0 V15.03.06.23
        cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac1206 Affected: V15.03.06.23,
        cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac6 Affected: V2.0 V15.03.06.23
        cpe:2.3:h:tenda:ac6:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac7 Affected: V1.0 V15.03.06.44,
        cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac5 Affected: V1.0 V15.03.06.28
        cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda fh1203 Affected: V2.0.1.6
        cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac9 Affected: V3.0 V15.03.06.42_multi
        cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda fh1205 Affected: V2.0.0.7(775)
        cpe:2.3:h:tenda:fh1205:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:54:39.689Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetSpeedWan/README.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac10",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V1.0 V15.03.06.23"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac1206",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V15.03.06.23,"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac6:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac6",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0 V15.03.06.23"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac7",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V1.0 V15.03.06.44,"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac5",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V1.0 V15.03.06.28"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fh1203",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0.1.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac9",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V3.0 V15.03.06.42_multi"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:fh1205:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fh1205",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0.0.7(775)"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38936",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-15T20:02:03.283677Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-15T20:05:36.911Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6, AC9 V3.0 V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-07T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetSpeedWan/README.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-38936",
        "datePublished": "2023-08-07T00:00:00.000Z",
        "dateReserved": "2023-07-25T00:00:00.000Z",
        "dateUpdated": "2024-10-15T20:05:36.911Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38935 (GCVE-0-2023-38935)

    Vulnerability from cvelistv5 – Published: 2023-08-07 00:00 – Updated: 2024-10-15 20:07
    VLAI
    Summary
    Tenda AC1206 V15.03.06.23, AC8 V4 V16.03.34.06, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and AC9 V3.0 V15.03.06.42_multi were discovered to contain a tack overflow via the list parameter in the formSetQosBand function.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Impacted products
    Vendor Product Version
    tenda ac1206 Affected: V15.03.06.23
        cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac8 Affected: V4 V16.03.34.06
        cpe:2.3:h:tenda:ac8:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac5 Affected: V1.0 V15.03.06.28
        cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac10 Affected: v4.0 V16.03.10.13
        cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac9 Affected: V3.0 V15.03.06.42_multi
        cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:54:39.522Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetQosBand/README.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac1206",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V15.03.06.23"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac8:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac8",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V4 V16.03.34.06"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac5",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V1.0 V15.03.06.28"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac10",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "v4.0 V16.03.10.13"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac9",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V3.0 V15.03.06.42_multi"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38935",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-15T20:06:05.688360Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-15T20:07:56.040Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Tenda AC1206 V15.03.06.23, AC8 V4 V16.03.34.06, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and AC9 V3.0 V15.03.06.42_multi were discovered to contain a tack overflow via the list parameter in the formSetQosBand function."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-07T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetQosBand/README.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-38935",
        "datePublished": "2023-08-07T00:00:00.000Z",
        "dateReserved": "2023-07-25T00:00:00.000Z",
        "dateUpdated": "2024-10-15T20:07:56.040Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }