Search criteria
68 vulnerabilities found for f1203_firmware by tenda
CVE-2024-32312 (GCVE-0-2024-32312)
Vulnerability from nvd – Published: 2024-04-17 00:00 – Updated: 2024-08-02 02:06
VLAI?
Summary
Tenda F1203 V2.0.1.6 firmware has a stack overflow vulnerability located in the adslPwd parameter of the formWanParameterSetting function.
Severity ?
5.7 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:f1203_firmware:2.0.1.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "f1203_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "2.0.1.6"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-32312",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-22T19:49:07.665208Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:49:51.997Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:06:44.045Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/formWanParameterSetting.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda F1203 V2.0.1.6 firmware has a stack overflow vulnerability located in the adslPwd parameter of the formWanParameterSetting function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-17T12:50:18.109458",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/formWanParameterSetting.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-32312",
"datePublished": "2024-04-17T00:00:00",
"dateReserved": "2024-04-12T00:00:00",
"dateUpdated": "2024-08-02T02:06:44.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32310 (GCVE-0-2024-32310)
Vulnerability from nvd – Published: 2024-04-17 00:00 – Updated: 2024-08-02 02:06
VLAI?
Summary
Tenda F1203 V2.0.1.6 firmware has a stack overflow vulnerability located in the PPW parameter of the fromWizardHandle function.
Severity ?
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:f1203_firmware:2.0.1.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "f1203_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "2.0.1.6"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-32310",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-26T14:43:46.794671Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T16:26:56.645Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:06:44.087Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/fromWizardHandle.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda F1203 V2.0.1.6 firmware has a stack overflow vulnerability located in the PPW parameter of the fromWizardHandle function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-17T12:51:41.648225",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/fromWizardHandle.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-32310",
"datePublished": "2024-04-17T00:00:00",
"dateReserved": "2024-04-12T00:00:00",
"dateUpdated": "2024-08-02T02:06:44.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2979 (GCVE-0-2024-2979)
Vulnerability from nvd – Published: 2024-03-27 14:00 – Updated: 2024-08-27 20:38
VLAI?
Title
Tenda F1203 openSchedWifi setSchedWifi stack-based overflow
Summary
A vulnerability classified as critical was found in Tenda F1203 2.0.1.6. This vulnerability affects the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258148. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
8.8 (High)
8.8 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Credits
wxhwxhwxh_tutu (VulDB User)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:32:42.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-258148 | Tenda F1203 openSchedWifi setSchedWifi stack-based overflow",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.258148"
},
{
"name": "VDB-258148 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.258148"
},
{
"name": "Submit #301030 | Tenda F1203 V2.0.1.6 buffer overflow",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.301030"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/setSchedWifi_end.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:f1203_firmware:2.0.1.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "f1203_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "2.0.1.6"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2979",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-28T15:56:00.862017Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-27T20:38:16.146Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "F1203",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "2.0.1.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "wxhwxhwxh_tutu (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Tenda F1203 2.0.1.6. This vulnerability affects the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258148. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Tenda F1203 2.0.1.6 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Dabei geht es um die Funktion setSchedWifi der Datei /goform/openSchedWifi. Dank der Manipulation des Arguments schedStartTime/schedEndTime mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-27T14:00:10.347Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-258148 | Tenda F1203 openSchedWifi setSchedWifi stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.258148"
},
{
"name": "VDB-258148 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.258148"
},
{
"name": "Submit #301030 | Tenda F1203 V2.0.1.6 buffer overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.301030"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/setSchedWifi_end.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-03-27T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-03-27T08:10:02.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda F1203 openSchedWifi setSchedWifi stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-2979",
"datePublished": "2024-03-27T14:00:10.347Z",
"dateReserved": "2024-03-27T07:04:01.248Z",
"dateUpdated": "2024-08-27T20:38:16.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2978 (GCVE-0-2024-2978)
Vulnerability from nvd – Published: 2024-03-27 14:00 – Updated: 2025-04-10 18:27
VLAI?
Title
Tenda F1203 setcfm formSetCfm stack-based overflow
Summary
A vulnerability classified as critical has been found in Tenda F1203 2.0.1.6. This affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258147. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
8.8 (High)
8.8 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Credits
wxhwxhwxh_tutu (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:tenda:f1203:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "f1203",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "2.0.1.6"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2978",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-28T17:28:12.907355Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T18:27:28.444Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:32:42.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-258147 | Tenda F1203 setcfm formSetCfm stack-based overflow",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.258147"
},
{
"name": "VDB-258147 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.258147"
},
{
"name": "Submit #301029 | Tenda F1203 V2.0.1.6 buffer overflow",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.301029"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/formSetCfm.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "F1203",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "2.0.1.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "wxhwxhwxh_tutu (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in Tenda F1203 2.0.1.6. This affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258147. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Tenda F1203 2.0.1.6 entdeckt. Sie wurde als kritisch eingestuft. Es geht dabei um die Funktion formSetCfm der Datei /goform/setcfm. Durch Beeinflussen des Arguments funcpara1 mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-27T14:00:08.437Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-258147 | Tenda F1203 setcfm formSetCfm stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.258147"
},
{
"name": "VDB-258147 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.258147"
},
{
"name": "Submit #301029 | Tenda F1203 V2.0.1.6 buffer overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.301029"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/formSetCfm.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-03-27T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-03-27T08:10:00.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda F1203 setcfm formSetCfm stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-2978",
"datePublished": "2024-03-27T14:00:08.437Z",
"dateReserved": "2024-03-27T07:03:58.430Z",
"dateUpdated": "2025-04-10T18:27:28.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2977 (GCVE-0-2024-2977)
Vulnerability from nvd – Published: 2024-03-27 13:31 – Updated: 2024-08-12 15:44
VLAI?
Title
Tenda F1203 QuickIndex formQuickIndex stack-based overflow
Summary
A vulnerability was found in Tenda F1203 2.0.1.6. It has been rated as critical. Affected by this issue is the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-258146 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
8.8 (High)
8.8 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Credits
wxhwxhwxh_tutu (VulDB User)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:32:42.493Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-258146 | Tenda F1203 QuickIndex formQuickIndex stack-based overflow",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.258146"
},
{
"name": "VDB-258146 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.258146"
},
{
"name": "Submit #301028 | Tenda F1203 V2.0.1.6 buffer overflow",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.301028"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/formQuickIndex.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:fh1203_firmware:2.0.1.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fh1203_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "2.0.1.6"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2977",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-08T20:21:58.144621Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T15:44:08.153Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "F1203",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "2.0.1.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "wxhwxhwxh_tutu (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda F1203 2.0.1.6. It has been rated as critical. Affected by this issue is the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-258146 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in Tenda F1203 2.0.1.6 ausgemacht. Es geht hierbei um die Funktion formQuickIndex der Datei /goform/QuickIndex. Durch das Beeinflussen des Arguments PPPOEPassword mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-27T13:31:06.045Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-258146 | Tenda F1203 QuickIndex formQuickIndex stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.258146"
},
{
"name": "VDB-258146 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.258146"
},
{
"name": "Submit #301028 | Tenda F1203 V2.0.1.6 buffer overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.301028"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/formQuickIndex.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-03-27T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-03-27T08:09:59.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda F1203 QuickIndex formQuickIndex stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-2977",
"datePublished": "2024-03-27T13:31:06.045Z",
"dateReserved": "2024-03-27T07:03:54.704Z",
"dateUpdated": "2024-08-12T15:44:08.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2976 (GCVE-0-2024-2976)
Vulnerability from nvd – Published: 2024-03-27 13:31 – Updated: 2024-08-21 14:56
VLAI?
Title
Tenda F1203 execCommand R7WebsSecurityHandler stack-based overflow
Summary
A vulnerability was found in Tenda F1203 2.0.1.6. It has been declared as critical. Affected by this vulnerability is the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258145 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
8.8 (High)
8.8 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Credits
wxhwxhwxh_tutu (VulDB User)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:32:42.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-258145 | Tenda F1203 execCommand R7WebsSecurityHandler stack-based overflow",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.258145"
},
{
"name": "VDB-258145 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.258145"
},
{
"name": "Submit #300997 | Tenda F1203 V2.0.1.6 buffer overflow",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.300997"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/R7WebsSecurityHandler.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:f1203_firmware:2.0.1.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "f1203_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "2.0.1.6"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2976",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T14:54:24.131979Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T14:56:30.998Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "F1203",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "2.0.1.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "wxhwxhwxh_tutu (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda F1203 2.0.1.6. It has been declared as critical. Affected by this vulnerability is the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258145 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Tenda F1203 2.0.1.6 wurde eine kritische Schwachstelle ausgemacht. Es geht um die Funktion R7WebsSecurityHandler der Datei /goform/execCommand. Durch Manipulieren des Arguments password mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-27T13:31:04.472Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-258145 | Tenda F1203 execCommand R7WebsSecurityHandler stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.258145"
},
{
"name": "VDB-258145 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.258145"
},
{
"name": "Submit #300997 | Tenda F1203 V2.0.1.6 buffer overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.300997"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/R7WebsSecurityHandler.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-03-27T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-03-27T08:09:57.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda F1203 execCommand R7WebsSecurityHandler stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-2976",
"datePublished": "2024-03-27T13:31:04.472Z",
"dateReserved": "2024-03-27T07:03:52.505Z",
"dateUpdated": "2024-08-21T14:56:30.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38940 (GCVE-0-2023-38940)
Vulnerability from nvd – Published: 2023-08-07 00:00 – Updated: 2024-10-11 14:17
VLAI?
Summary
Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:54:39.678Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/form_fast_setting_wifi_set"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:tenda:f1203:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "f1203",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V2.0.1.6"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fh1203",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V2.0.1.6"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:fh1205:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fh1205",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V2.0.0.7(775)"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38940",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T14:16:25.895234Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T14:17:51.430Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-07T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/form_fast_setting_wifi_set"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38940",
"datePublished": "2023-08-07T00:00:00",
"dateReserved": "2023-07-25T00:00:00",
"dateUpdated": "2024-10-11T14:17:51.430Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38936 (GCVE-0-2023-38936)
Vulnerability from nvd – Published: 2023-08-07 00:00 – Updated: 2024-10-15 20:05
VLAI?
Summary
Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6, AC9 V3.0 V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:54:39.689Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetSpeedWan/README.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac10",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V1.0 V15.03.06.23"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac1206",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V15.03.06.23,"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac6:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac6",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V2.0 V15.03.06.23"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac7",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V1.0 V15.03.06.44,"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac5",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V1.0 V15.03.06.28"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fh1203",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V2.0.1.6"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac9",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V3.0 V15.03.06.42_multi"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:fh1205:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fh1205",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V2.0.0.7(775)"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38936",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T20:02:03.283677Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T20:05:36.911Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6, AC9 V3.0 V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-07T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetSpeedWan/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38936",
"datePublished": "2023-08-07T00:00:00",
"dateReserved": "2023-07-25T00:00:00",
"dateUpdated": "2024-10-15T20:05:36.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38934 (GCVE-0-2023-38934)
Vulnerability from nvd – Published: 2023-08-07 00:00 – Updated: 2024-10-15 20:09
VLAI?
Summary
Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) was discovered to contain a stack overflow via the deviceId parameter in the formSetDeviceName function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:54:39.706Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetDeviceName/README.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:tenda:f1203:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "f1203",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V2.0.1.6"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fh1203",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V2.0.1.6"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:fh1205:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fh1205",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V2.0.0.7(775)"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38934",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T20:08:24.537653Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T20:09:42.651Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) was discovered to contain a stack overflow via the deviceId parameter in the formSetDeviceName function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-07T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetDeviceName/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38934",
"datePublished": "2023-08-07T00:00:00",
"dateReserved": "2023-07-25T00:00:00",
"dateUpdated": "2024-10-15T20:09:42.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38933 (GCVE-0-2023-38933)
Vulnerability from nvd – Published: 2023-08-07 00:00 – Updated: 2024-10-17 13:51
VLAI?
Summary
Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6 and AC9 V3.0 V15.03.06.42_multi, and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:54:39.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetClientState/README.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac7",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V1.0 V15.03.06.44"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:f1203:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "f1203",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V2.0.1.6"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac5",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V1.0 V15.03.06.28"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fh1203",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V2.0.1.6"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac9",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V3.0 V15.03.06.42_multi"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:fh1205:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fh1205",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V2.0.0.7(775)"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac6:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac6",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V2.0 V15.03.06.23"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38933",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T13:48:33.206945Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T13:51:46.931Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6 and AC9 V3.0 V15.03.06.42_multi, and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-07T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetClientState/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38933",
"datePublished": "2023-08-07T00:00:00",
"dateReserved": "2023-07-25T00:00:00",
"dateUpdated": "2024-10-17T13:51:46.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38931 (GCVE-0-2023-38931)
Vulnerability from nvd – Published: 2023-08-07 00:00 – Updated: 2024-10-17 13:55
VLAI?
Summary
Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and FH1203 V2.0.1.6 were discovered to contain a stack overflow via the list parameter in the setaccount function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:54:39.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/cloudv2_setaccount/README.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac10",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V1.0 V15.03.06.23"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac1206",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V15.03.06.23"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac8:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac8",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "v4 V16.03.34.06"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac6:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac6",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V2.0 V15.03.06.23"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac7",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V1.0 V15.03.06.44"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:f1203:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "f1203",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V2.0.1.6"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac5",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V1.0 V15.03.06.28"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac10",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "v4.0 V16.03.10.13"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fh1203",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V2.0.1.6"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38931",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T13:52:20.173225Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T13:55:25.786Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and FH1203 V2.0.1.6 were discovered to contain a stack overflow via the list parameter in the setaccount function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-07T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/cloudv2_setaccount/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38931",
"datePublished": "2023-08-07T00:00:00",
"dateReserved": "2023-07-25T00:00:00",
"dateUpdated": "2024-10-17T13:55:25.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38930 (GCVE-0-2023-38930)
Vulnerability from nvd – Published: 2023-08-07 00:00 – Updated: 2024-10-15 19:35
VLAI?
Summary
Tenda AC7 V1.0,V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0,V15.03.06.28, AC9 V3.0,V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:54:39.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/addWifiMacFilter/README.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac7",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V1.0,V15.03.06.44"
},
{
"status": "affected",
"version": "F1203 V2.0.1.6,"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac5",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V1.0,V15.03.06.28"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac9",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V3.0,V15.03.06.42_multi"
},
{
"status": "affected",
"version": "FH1205 V2.0.0.7(775)"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38930",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T19:31:04.398117Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T19:35:44.164Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC7 V1.0,V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0,V15.03.06.28, AC9 V3.0,V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-07T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/addWifiMacFilter/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38930",
"datePublished": "2023-08-07T00:00:00",
"dateReserved": "2023-07-25T00:00:00",
"dateUpdated": "2024-10-15T19:35:44.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46551 (GCVE-0-2022-46551)
Vulnerability from nvd – Published: 2022-12-20 00:00 – Updated: 2025-04-16 17:39
VLAI?
Summary
Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the time parameter at /goform/saveParentControlInfo.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:31:46.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Double-q1015/CVE-vulns/blob/main/tenda_f1203/saveParentControlInfo_time/saveParentControlInfo_time.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-46551",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:13:04.790855Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:39:19.179Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the time parameter at /goform/saveParentControlInfo."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-20T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Double-q1015/CVE-vulns/blob/main/tenda_f1203/saveParentControlInfo_time/saveParentControlInfo_time.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-46551",
"datePublished": "2022-12-20T00:00:00.000Z",
"dateReserved": "2022-12-05T00:00:00.000Z",
"dateUpdated": "2025-04-16T17:39:19.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46550 (GCVE-0-2022-46550)
Vulnerability from nvd – Published: 2022-12-20 00:00 – Updated: 2025-04-16 17:40
VLAI?
Summary
Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the urls parameter at /goform/saveParentControlInfo.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:31:46.482Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Double-q1015/CVE-vulns/blob/main/tenda_f1203/saveParentControlInfo_urls/saveParentControlInfo_urls.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-46550",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:17:25.939009Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:40:08.955Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the urls parameter at /goform/saveParentControlInfo."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-20T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Double-q1015/CVE-vulns/blob/main/tenda_f1203/saveParentControlInfo_urls/saveParentControlInfo_urls.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-46550",
"datePublished": "2022-12-20T00:00:00.000Z",
"dateReserved": "2022-12-05T00:00:00.000Z",
"dateUpdated": "2025-04-16T17:40:08.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46549 (GCVE-0-2022-46549)
Vulnerability from nvd – Published: 2022-12-20 00:00 – Updated: 2025-04-16 17:40
VLAI?
Summary
Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the deviceId parameter at /goform/saveParentControlInfo.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:31:46.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Double-q1015/CVE-vulns/blob/main/tenda_f1203/saveParentControlInfo_deviceId/saveParentControlInfo_deviceId.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-46549",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:20:20.455784Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:40:57.185Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the deviceId parameter at /goform/saveParentControlInfo."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-20T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Double-q1015/CVE-vulns/blob/main/tenda_f1203/saveParentControlInfo_deviceId/saveParentControlInfo_deviceId.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-46549",
"datePublished": "2022-12-20T00:00:00.000Z",
"dateReserved": "2022-12-05T00:00:00.000Z",
"dateUpdated": "2025-04-16T17:40:57.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46548 (GCVE-0-2022-46548)
Vulnerability from nvd – Published: 2022-12-20 00:00 – Updated: 2025-04-16 17:41
VLAI?
Summary
Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the page parameter at /goform/DhcpListClient.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:31:46.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Double-q1015/CVE-vulns/blob/main/tenda_f1203/fromDhcpListClient/fromDhcpListClient.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-46548",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:21:58.117411Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:41:27.520Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the page parameter at /goform/DhcpListClient."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-20T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Double-q1015/CVE-vulns/blob/main/tenda_f1203/fromDhcpListClient/fromDhcpListClient.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-46548",
"datePublished": "2022-12-20T00:00:00.000Z",
"dateReserved": "2022-12-05T00:00:00.000Z",
"dateUpdated": "2025-04-16T17:41:27.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46547 (GCVE-0-2022-46547)
Vulnerability from nvd – Published: 2022-12-20 00:00 – Updated: 2025-04-16 18:11
VLAI?
Summary
Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the page parameter at /goform/VirtualSer.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:31:46.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Double-q1015/CVE-vulns/blob/main/tenda_f1203/fromVirtualSer/fromVirtualSer.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-46547",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T18:11:01.435547Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T18:11:20.762Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the page parameter at /goform/VirtualSer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-20T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Double-q1015/CVE-vulns/blob/main/tenda_f1203/fromVirtualSer/fromVirtualSer.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-46547",
"datePublished": "2022-12-20T00:00:00.000Z",
"dateReserved": "2022-12-05T00:00:00.000Z",
"dateUpdated": "2025-04-16T18:11:20.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46546 (GCVE-0-2022-46546)
Vulnerability from nvd – Published: 2022-12-20 00:00 – Updated: 2025-04-16 17:42
VLAI?
Summary
Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the entrys parameter at /goform/RouteStatic.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:31:46.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Double-q1015/CVE-vulns/blob/main/tenda_f1203/fromRouteStatic/fromRouteStatic.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-46546",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:23:28.704151Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:42:06.796Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the entrys parameter at /goform/RouteStatic."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-20T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Double-q1015/CVE-vulns/blob/main/tenda_f1203/fromRouteStatic/fromRouteStatic.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-46546",
"datePublished": "2022-12-20T00:00:00.000Z",
"dateReserved": "2022-12-05T00:00:00.000Z",
"dateUpdated": "2025-04-16T17:42:06.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32310 (GCVE-0-2024-32310)
Vulnerability from cvelistv5 – Published: 2024-04-17 00:00 – Updated: 2024-08-02 02:06
VLAI?
Summary
Tenda F1203 V2.0.1.6 firmware has a stack overflow vulnerability located in the PPW parameter of the fromWizardHandle function.
Severity ?
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:f1203_firmware:2.0.1.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "f1203_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "2.0.1.6"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-32310",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-26T14:43:46.794671Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T16:26:56.645Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:06:44.087Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/fromWizardHandle.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda F1203 V2.0.1.6 firmware has a stack overflow vulnerability located in the PPW parameter of the fromWizardHandle function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-17T12:51:41.648225",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/fromWizardHandle.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-32310",
"datePublished": "2024-04-17T00:00:00",
"dateReserved": "2024-04-12T00:00:00",
"dateUpdated": "2024-08-02T02:06:44.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32312 (GCVE-0-2024-32312)
Vulnerability from cvelistv5 – Published: 2024-04-17 00:00 – Updated: 2024-08-02 02:06
VLAI?
Summary
Tenda F1203 V2.0.1.6 firmware has a stack overflow vulnerability located in the adslPwd parameter of the formWanParameterSetting function.
Severity ?
5.7 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:f1203_firmware:2.0.1.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "f1203_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "2.0.1.6"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-32312",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-22T19:49:07.665208Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:49:51.997Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:06:44.045Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/formWanParameterSetting.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda F1203 V2.0.1.6 firmware has a stack overflow vulnerability located in the adslPwd parameter of the formWanParameterSetting function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-17T12:50:18.109458",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/formWanParameterSetting.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-32312",
"datePublished": "2024-04-17T00:00:00",
"dateReserved": "2024-04-12T00:00:00",
"dateUpdated": "2024-08-02T02:06:44.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2979 (GCVE-0-2024-2979)
Vulnerability from cvelistv5 – Published: 2024-03-27 14:00 – Updated: 2024-08-27 20:38
VLAI?
Title
Tenda F1203 openSchedWifi setSchedWifi stack-based overflow
Summary
A vulnerability classified as critical was found in Tenda F1203 2.0.1.6. This vulnerability affects the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258148. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
8.8 (High)
8.8 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Credits
wxhwxhwxh_tutu (VulDB User)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:32:42.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-258148 | Tenda F1203 openSchedWifi setSchedWifi stack-based overflow",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.258148"
},
{
"name": "VDB-258148 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.258148"
},
{
"name": "Submit #301030 | Tenda F1203 V2.0.1.6 buffer overflow",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.301030"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/setSchedWifi_end.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:f1203_firmware:2.0.1.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "f1203_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "2.0.1.6"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2979",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-28T15:56:00.862017Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-27T20:38:16.146Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "F1203",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "2.0.1.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "wxhwxhwxh_tutu (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Tenda F1203 2.0.1.6. This vulnerability affects the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258148. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Tenda F1203 2.0.1.6 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Dabei geht es um die Funktion setSchedWifi der Datei /goform/openSchedWifi. Dank der Manipulation des Arguments schedStartTime/schedEndTime mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-27T14:00:10.347Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-258148 | Tenda F1203 openSchedWifi setSchedWifi stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.258148"
},
{
"name": "VDB-258148 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.258148"
},
{
"name": "Submit #301030 | Tenda F1203 V2.0.1.6 buffer overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.301030"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/setSchedWifi_end.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-03-27T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-03-27T08:10:02.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda F1203 openSchedWifi setSchedWifi stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-2979",
"datePublished": "2024-03-27T14:00:10.347Z",
"dateReserved": "2024-03-27T07:04:01.248Z",
"dateUpdated": "2024-08-27T20:38:16.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2978 (GCVE-0-2024-2978)
Vulnerability from cvelistv5 – Published: 2024-03-27 14:00 – Updated: 2025-04-10 18:27
VLAI?
Title
Tenda F1203 setcfm formSetCfm stack-based overflow
Summary
A vulnerability classified as critical has been found in Tenda F1203 2.0.1.6. This affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258147. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
8.8 (High)
8.8 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Credits
wxhwxhwxh_tutu (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:tenda:f1203:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "f1203",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "2.0.1.6"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2978",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-28T17:28:12.907355Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T18:27:28.444Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:32:42.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-258147 | Tenda F1203 setcfm formSetCfm stack-based overflow",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.258147"
},
{
"name": "VDB-258147 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.258147"
},
{
"name": "Submit #301029 | Tenda F1203 V2.0.1.6 buffer overflow",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.301029"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/formSetCfm.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "F1203",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "2.0.1.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "wxhwxhwxh_tutu (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in Tenda F1203 2.0.1.6. This affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258147. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Tenda F1203 2.0.1.6 entdeckt. Sie wurde als kritisch eingestuft. Es geht dabei um die Funktion formSetCfm der Datei /goform/setcfm. Durch Beeinflussen des Arguments funcpara1 mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-27T14:00:08.437Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-258147 | Tenda F1203 setcfm formSetCfm stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.258147"
},
{
"name": "VDB-258147 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.258147"
},
{
"name": "Submit #301029 | Tenda F1203 V2.0.1.6 buffer overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.301029"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/formSetCfm.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-03-27T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-03-27T08:10:00.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda F1203 setcfm formSetCfm stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-2978",
"datePublished": "2024-03-27T14:00:08.437Z",
"dateReserved": "2024-03-27T07:03:58.430Z",
"dateUpdated": "2025-04-10T18:27:28.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2977 (GCVE-0-2024-2977)
Vulnerability from cvelistv5 – Published: 2024-03-27 13:31 – Updated: 2024-08-12 15:44
VLAI?
Title
Tenda F1203 QuickIndex formQuickIndex stack-based overflow
Summary
A vulnerability was found in Tenda F1203 2.0.1.6. It has been rated as critical. Affected by this issue is the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-258146 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
8.8 (High)
8.8 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Credits
wxhwxhwxh_tutu (VulDB User)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:32:42.493Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-258146 | Tenda F1203 QuickIndex formQuickIndex stack-based overflow",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.258146"
},
{
"name": "VDB-258146 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.258146"
},
{
"name": "Submit #301028 | Tenda F1203 V2.0.1.6 buffer overflow",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.301028"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/formQuickIndex.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:fh1203_firmware:2.0.1.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fh1203_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "2.0.1.6"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2977",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-08T20:21:58.144621Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T15:44:08.153Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "F1203",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "2.0.1.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "wxhwxhwxh_tutu (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda F1203 2.0.1.6. It has been rated as critical. Affected by this issue is the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-258146 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in Tenda F1203 2.0.1.6 ausgemacht. Es geht hierbei um die Funktion formQuickIndex der Datei /goform/QuickIndex. Durch das Beeinflussen des Arguments PPPOEPassword mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-27T13:31:06.045Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-258146 | Tenda F1203 QuickIndex formQuickIndex stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.258146"
},
{
"name": "VDB-258146 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.258146"
},
{
"name": "Submit #301028 | Tenda F1203 V2.0.1.6 buffer overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.301028"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/formQuickIndex.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-03-27T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-03-27T08:09:59.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda F1203 QuickIndex formQuickIndex stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-2977",
"datePublished": "2024-03-27T13:31:06.045Z",
"dateReserved": "2024-03-27T07:03:54.704Z",
"dateUpdated": "2024-08-12T15:44:08.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2976 (GCVE-0-2024-2976)
Vulnerability from cvelistv5 – Published: 2024-03-27 13:31 – Updated: 2024-08-21 14:56
VLAI?
Title
Tenda F1203 execCommand R7WebsSecurityHandler stack-based overflow
Summary
A vulnerability was found in Tenda F1203 2.0.1.6. It has been declared as critical. Affected by this vulnerability is the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258145 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
8.8 (High)
8.8 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Credits
wxhwxhwxh_tutu (VulDB User)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:32:42.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-258145 | Tenda F1203 execCommand R7WebsSecurityHandler stack-based overflow",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.258145"
},
{
"name": "VDB-258145 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.258145"
},
{
"name": "Submit #300997 | Tenda F1203 V2.0.1.6 buffer overflow",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.300997"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/R7WebsSecurityHandler.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:f1203_firmware:2.0.1.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "f1203_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "2.0.1.6"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2976",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T14:54:24.131979Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T14:56:30.998Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "F1203",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "2.0.1.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "wxhwxhwxh_tutu (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda F1203 2.0.1.6. It has been declared as critical. Affected by this vulnerability is the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258145 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Tenda F1203 2.0.1.6 wurde eine kritische Schwachstelle ausgemacht. Es geht um die Funktion R7WebsSecurityHandler der Datei /goform/execCommand. Durch Manipulieren des Arguments password mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-27T13:31:04.472Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-258145 | Tenda F1203 execCommand R7WebsSecurityHandler stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.258145"
},
{
"name": "VDB-258145 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.258145"
},
{
"name": "Submit #300997 | Tenda F1203 V2.0.1.6 buffer overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.300997"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/R7WebsSecurityHandler.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-03-27T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-03-27T08:09:57.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda F1203 execCommand R7WebsSecurityHandler stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-2976",
"datePublished": "2024-03-27T13:31:04.472Z",
"dateReserved": "2024-03-27T07:03:52.505Z",
"dateUpdated": "2024-08-21T14:56:30.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38934 (GCVE-0-2023-38934)
Vulnerability from cvelistv5 – Published: 2023-08-07 00:00 – Updated: 2024-10-15 20:09
VLAI?
Summary
Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) was discovered to contain a stack overflow via the deviceId parameter in the formSetDeviceName function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:54:39.706Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetDeviceName/README.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:tenda:f1203:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "f1203",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V2.0.1.6"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fh1203",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V2.0.1.6"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:fh1205:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fh1205",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V2.0.0.7(775)"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38934",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T20:08:24.537653Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T20:09:42.651Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) was discovered to contain a stack overflow via the deviceId parameter in the formSetDeviceName function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-07T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetDeviceName/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38934",
"datePublished": "2023-08-07T00:00:00",
"dateReserved": "2023-07-25T00:00:00",
"dateUpdated": "2024-10-15T20:09:42.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38936 (GCVE-0-2023-38936)
Vulnerability from cvelistv5 – Published: 2023-08-07 00:00 – Updated: 2024-10-15 20:05
VLAI?
Summary
Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6, AC9 V3.0 V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:54:39.689Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetSpeedWan/README.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac10",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V1.0 V15.03.06.23"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac1206",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V15.03.06.23,"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac6:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac6",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V2.0 V15.03.06.23"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac7",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V1.0 V15.03.06.44,"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac5",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V1.0 V15.03.06.28"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fh1203",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V2.0.1.6"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac9",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V3.0 V15.03.06.42_multi"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:fh1205:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fh1205",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V2.0.0.7(775)"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38936",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T20:02:03.283677Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T20:05:36.911Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6, AC9 V3.0 V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-07T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetSpeedWan/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38936",
"datePublished": "2023-08-07T00:00:00",
"dateReserved": "2023-07-25T00:00:00",
"dateUpdated": "2024-10-15T20:05:36.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38930 (GCVE-0-2023-38930)
Vulnerability from cvelistv5 – Published: 2023-08-07 00:00 – Updated: 2024-10-15 19:35
VLAI?
Summary
Tenda AC7 V1.0,V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0,V15.03.06.28, AC9 V3.0,V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:54:39.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/addWifiMacFilter/README.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac7",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V1.0,V15.03.06.44"
},
{
"status": "affected",
"version": "F1203 V2.0.1.6,"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac5",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V1.0,V15.03.06.28"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac9",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V3.0,V15.03.06.42_multi"
},
{
"status": "affected",
"version": "FH1205 V2.0.0.7(775)"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38930",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T19:31:04.398117Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T19:35:44.164Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC7 V1.0,V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0,V15.03.06.28, AC9 V3.0,V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-07T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/addWifiMacFilter/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38930",
"datePublished": "2023-08-07T00:00:00",
"dateReserved": "2023-07-25T00:00:00",
"dateUpdated": "2024-10-15T19:35:44.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38933 (GCVE-0-2023-38933)
Vulnerability from cvelistv5 – Published: 2023-08-07 00:00 – Updated: 2024-10-17 13:51
VLAI?
Summary
Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6 and AC9 V3.0 V15.03.06.42_multi, and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:54:39.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetClientState/README.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac7",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V1.0 V15.03.06.44"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:f1203:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "f1203",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V2.0.1.6"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac5",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V1.0 V15.03.06.28"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fh1203",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V2.0.1.6"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac9",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V3.0 V15.03.06.42_multi"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:fh1205:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fh1205",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V2.0.0.7(775)"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac6:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac6",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V2.0 V15.03.06.23"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38933",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T13:48:33.206945Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T13:51:46.931Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6 and AC9 V3.0 V15.03.06.42_multi, and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-07T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetClientState/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38933",
"datePublished": "2023-08-07T00:00:00",
"dateReserved": "2023-07-25T00:00:00",
"dateUpdated": "2024-10-17T13:51:46.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38940 (GCVE-0-2023-38940)
Vulnerability from cvelistv5 – Published: 2023-08-07 00:00 – Updated: 2024-10-11 14:17
VLAI?
Summary
Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:54:39.678Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/form_fast_setting_wifi_set"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:tenda:f1203:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "f1203",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V2.0.1.6"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fh1203",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V2.0.1.6"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:fh1205:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fh1205",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V2.0.0.7(775)"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38940",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T14:16:25.895234Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T14:17:51.430Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-07T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/form_fast_setting_wifi_set"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38940",
"datePublished": "2023-08-07T00:00:00",
"dateReserved": "2023-07-25T00:00:00",
"dateUpdated": "2024-10-11T14:17:51.430Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38931 (GCVE-0-2023-38931)
Vulnerability from cvelistv5 – Published: 2023-08-07 00:00 – Updated: 2024-10-17 13:55
VLAI?
Summary
Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and FH1203 V2.0.1.6 were discovered to contain a stack overflow via the list parameter in the setaccount function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:54:39.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/cloudv2_setaccount/README.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac10",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V1.0 V15.03.06.23"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac1206",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V15.03.06.23"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac8:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac8",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "v4 V16.03.34.06"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac6:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac6",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V2.0 V15.03.06.23"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac7",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V1.0 V15.03.06.44"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:f1203:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "f1203",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V2.0.1.6"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac5",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V1.0 V15.03.06.28"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ac10",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "v4.0 V16.03.10.13"
}
]
},
{
"cpes": [
"cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fh1203",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "V2.0.1.6"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38931",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T13:52:20.173225Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T13:55:25.786Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and FH1203 V2.0.1.6 were discovered to contain a stack overflow via the list parameter in the setaccount function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-07T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/cloudv2_setaccount/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38931",
"datePublished": "2023-08-07T00:00:00",
"dateReserved": "2023-07-25T00:00:00",
"dateUpdated": "2024-10-17T13:55:25.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}