Search

Find a vulnerability

Search criteria

    68 vulnerabilities found for f1203_firmware by tenda

    CVE-2024-32312 (GCVE-0-2024-32312)

    Vulnerability from nvd – Published: 2024-04-17 00:00 – Updated: 2024-08-02 02:06
    VLAI
    Summary
    Tenda F1203 V2.0.1.6 firmware has a stack overflow vulnerability located in the adslPwd parameter of the formWanParameterSetting function.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    tenda f1203_firmware Affected: 2.0.1.6
        cpe:2.3:o:tenda:f1203_firmware:2.0.1.6:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:tenda:f1203_firmware:2.0.1.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "f1203_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.0.1.6"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 5.7,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-32312",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-22T19:49:07.665208Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-121",
                    "description": "CWE-121 Stack-based Buffer Overflow",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:49:51.997Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T02:06:44.045Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/formWanParameterSetting.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Tenda F1203 V2.0.1.6 firmware has a stack overflow vulnerability located in the adslPwd parameter of the formWanParameterSetting function."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-17T12:50:18.109Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/formWanParameterSetting.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-32312",
        "datePublished": "2024-04-17T00:00:00.000Z",
        "dateReserved": "2024-04-12T00:00:00.000Z",
        "dateUpdated": "2024-08-02T02:06:44.045Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-32310 (GCVE-0-2024-32310)

    Vulnerability from nvd – Published: 2024-04-17 00:00 – Updated: 2024-08-02 02:06
    VLAI
    Summary
    Tenda F1203 V2.0.1.6 firmware has a stack overflow vulnerability located in the PPW parameter of the fromWizardHandle function.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    tenda f1203_firmware Affected: 2.0.1.6
        cpe:2.3:o:tenda:f1203_firmware:2.0.1.6:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:tenda:f1203_firmware:2.0.1.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "f1203_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.0.1.6"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-32310",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-26T14:43:46.794671Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-121",
                    "description": "CWE-121 Stack-based Buffer Overflow",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-26T16:26:56.645Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T02:06:44.087Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/fromWizardHandle.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Tenda F1203 V2.0.1.6 firmware has a stack overflow vulnerability located in the PPW parameter of the fromWizardHandle function."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-17T12:51:41.648Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/fromWizardHandle.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-32310",
        "datePublished": "2024-04-17T00:00:00.000Z",
        "dateReserved": "2024-04-12T00:00:00.000Z",
        "dateUpdated": "2024-08-02T02:06:44.087Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-2979 (GCVE-0-2024-2979)

    Vulnerability from nvd – Published: 2024-03-27 14:00 – Updated: 2024-08-27 20:38
    VLAI
    Title
    Tenda F1203 openSchedWifi setSchedWifi stack-based overflow
    Summary
    A vulnerability classified as critical was found in Tenda F1203 2.0.1.6. This vulnerability affects the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258148. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.258148 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.258148 signaturepermissions-required
    https://vuldb.com/?submit.301030 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    Tenda F1203 Affected: 2.0.1.6
    Create a notification for this product.
    tenda f1203_firmware Affected: 2.0.1.6
        cpe:2.3:o:tenda:f1203_firmware:2.0.1.6:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_tutu (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T19:32:42.935Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-258148 | Tenda F1203 openSchedWifi setSchedWifi stack-based overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.258148"
              },
              {
                "name": "VDB-258148 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.258148"
              },
              {
                "name": "Submit #301030 | Tenda F1203 V2.0.1.6 buffer overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.301030"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/setSchedWifi_end.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:tenda:f1203_firmware:2.0.1.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "f1203_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.0.1.6"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2979",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-28T15:56:00.862017Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-27T20:38:16.146Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "F1203",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.1.6"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_tutu (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical was found in Tenda F1203 2.0.1.6. This vulnerability affects the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258148. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In Tenda F1203 2.0.1.6 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Dabei geht es um die Funktion setSchedWifi der Datei /goform/openSchedWifi. Dank der Manipulation des Arguments schedStartTime/schedEndTime mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-27T14:00:10.347Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-258148 | Tenda F1203 openSchedWifi setSchedWifi stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.258148"
            },
            {
              "name": "VDB-258148 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.258148"
            },
            {
              "name": "Submit #301030 | Tenda F1203 V2.0.1.6 buffer overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.301030"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/setSchedWifi_end.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-03-27T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-03-27T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-03-27T08:10:02.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda F1203 openSchedWifi setSchedWifi stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-2979",
        "datePublished": "2024-03-27T14:00:10.347Z",
        "dateReserved": "2024-03-27T07:04:01.248Z",
        "dateUpdated": "2024-08-27T20:38:16.146Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-2978 (GCVE-0-2024-2978)

    Vulnerability from nvd – Published: 2024-03-27 14:00 – Updated: 2025-04-10 18:27
    VLAI
    Title
    Tenda F1203 setcfm formSetCfm stack-based overflow
    Summary
    A vulnerability classified as critical has been found in Tenda F1203 2.0.1.6. This affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258147. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.258147 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.258147 signaturepermissions-required
    https://vuldb.com/?submit.301029 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    Tenda F1203 Affected: 2.0.1.6
    Create a notification for this product.
    tenda f1203 Affected: 2.0.1.6
        cpe:2.3:h:tenda:f1203:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_tutu (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:tenda:f1203:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "f1203",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.0.1.6"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2978",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-28T17:28:12.907355Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-10T18:27:28.444Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T19:32:42.477Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-258147 | Tenda F1203 setcfm formSetCfm stack-based overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.258147"
              },
              {
                "name": "VDB-258147 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.258147"
              },
              {
                "name": "Submit #301029 | Tenda F1203 V2.0.1.6 buffer overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.301029"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/formSetCfm.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "F1203",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.1.6"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_tutu (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical has been found in Tenda F1203 2.0.1.6. This affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258147. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in Tenda F1203 2.0.1.6 entdeckt. Sie wurde als kritisch eingestuft. Es geht dabei um die Funktion formSetCfm der Datei /goform/setcfm. Durch Beeinflussen des Arguments funcpara1 mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-27T14:00:08.437Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-258147 | Tenda F1203 setcfm formSetCfm stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.258147"
            },
            {
              "name": "VDB-258147 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.258147"
            },
            {
              "name": "Submit #301029 | Tenda F1203 V2.0.1.6 buffer overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.301029"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/formSetCfm.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-03-27T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-03-27T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-03-27T08:10:00.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda F1203 setcfm formSetCfm stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-2978",
        "datePublished": "2024-03-27T14:00:08.437Z",
        "dateReserved": "2024-03-27T07:03:58.430Z",
        "dateUpdated": "2025-04-10T18:27:28.444Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-2977 (GCVE-0-2024-2977)

    Vulnerability from nvd – Published: 2024-03-27 13:31 – Updated: 2024-08-12 15:44
    VLAI
    Title
    Tenda F1203 QuickIndex formQuickIndex stack-based overflow
    Summary
    A vulnerability was found in Tenda F1203 2.0.1.6. It has been rated as critical. Affected by this issue is the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-258146 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.258146 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.258146 signaturepermissions-required
    https://vuldb.com/?submit.301028 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    Tenda F1203 Affected: 2.0.1.6
    Create a notification for this product.
    tenda fh1203_firmware Affected: 2.0.1.6
        cpe:2.3:o:tenda:fh1203_firmware:2.0.1.6:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_tutu (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T19:32:42.493Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-258146 | Tenda F1203 QuickIndex formQuickIndex stack-based overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.258146"
              },
              {
                "name": "VDB-258146 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.258146"
              },
              {
                "name": "Submit #301028 | Tenda F1203 V2.0.1.6 buffer overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.301028"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/formQuickIndex.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:tenda:fh1203_firmware:2.0.1.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fh1203_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.0.1.6"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2977",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-08T20:21:58.144621Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-12T15:44:08.153Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "F1203",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.1.6"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_tutu (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda F1203 2.0.1.6. It has been rated as critical. Affected by this issue is the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-258146 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Eine kritische Schwachstelle wurde in Tenda F1203 2.0.1.6 ausgemacht. Es geht hierbei um die Funktion formQuickIndex der Datei /goform/QuickIndex. Durch das Beeinflussen des Arguments PPPOEPassword mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-27T13:31:06.045Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-258146 | Tenda F1203 QuickIndex formQuickIndex stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.258146"
            },
            {
              "name": "VDB-258146 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.258146"
            },
            {
              "name": "Submit #301028 | Tenda F1203 V2.0.1.6 buffer overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.301028"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/formQuickIndex.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-03-27T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-03-27T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-03-27T08:09:59.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda F1203 QuickIndex formQuickIndex stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-2977",
        "datePublished": "2024-03-27T13:31:06.045Z",
        "dateReserved": "2024-03-27T07:03:54.704Z",
        "dateUpdated": "2024-08-12T15:44:08.153Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-2976 (GCVE-0-2024-2976)

    Vulnerability from nvd – Published: 2024-03-27 13:31 – Updated: 2024-08-21 14:56
    VLAI
    Title
    Tenda F1203 execCommand R7WebsSecurityHandler stack-based overflow
    Summary
    A vulnerability was found in Tenda F1203 2.0.1.6. It has been declared as critical. Affected by this vulnerability is the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258145 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.258145 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.258145 signaturepermissions-required
    https://vuldb.com/?submit.300997 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    Tenda F1203 Affected: 2.0.1.6
    Create a notification for this product.
    tenda f1203_firmware Affected: 2.0.1.6
        cpe:2.3:o:tenda:f1203_firmware:2.0.1.6:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_tutu (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T19:32:42.512Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-258145 | Tenda F1203 execCommand R7WebsSecurityHandler stack-based overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.258145"
              },
              {
                "name": "VDB-258145 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.258145"
              },
              {
                "name": "Submit #300997 | Tenda F1203 V2.0.1.6 buffer overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.300997"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/R7WebsSecurityHandler.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:tenda:f1203_firmware:2.0.1.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "f1203_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.0.1.6"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2976",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-21T14:54:24.131979Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-21T14:56:30.998Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "F1203",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.1.6"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_tutu (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda F1203 2.0.1.6. It has been declared as critical. Affected by this vulnerability is the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258145 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In Tenda F1203 2.0.1.6 wurde eine kritische Schwachstelle ausgemacht. Es geht um die Funktion R7WebsSecurityHandler der Datei /goform/execCommand. Durch Manipulieren des Arguments password mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-27T13:31:04.472Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-258145 | Tenda F1203 execCommand R7WebsSecurityHandler stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.258145"
            },
            {
              "name": "VDB-258145 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.258145"
            },
            {
              "name": "Submit #300997 | Tenda F1203 V2.0.1.6 buffer overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.300997"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/R7WebsSecurityHandler.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-03-27T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-03-27T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-03-27T08:09:57.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda F1203 execCommand R7WebsSecurityHandler stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-2976",
        "datePublished": "2024-03-27T13:31:04.472Z",
        "dateReserved": "2024-03-27T07:03:52.505Z",
        "dateUpdated": "2024-08-21T14:56:30.998Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38940 (GCVE-0-2023-38940)

    Vulnerability from nvd – Published: 2023-08-07 00:00 – Updated: 2024-10-11 14:17
    VLAI
    Summary
    Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Impacted products
    Vendor Product Version
    tenda f1203 Affected: V2.0.1.6
        cpe:2.3:h:tenda:f1203:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda fh1203 Affected: V2.0.1.6
        cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda fh1205 Affected: V2.0.0.7(775)
        cpe:2.3:h:tenda:fh1205:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:54:39.678Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/form_fast_setting_wifi_set"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:tenda:f1203:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "f1203",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0.1.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fh1203",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0.1.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:fh1205:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fh1205",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0.0.7(775)"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38940",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-11T14:16:25.895234Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-11T14:17:51.430Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-07T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/form_fast_setting_wifi_set"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-38940",
        "datePublished": "2023-08-07T00:00:00.000Z",
        "dateReserved": "2023-07-25T00:00:00.000Z",
        "dateUpdated": "2024-10-11T14:17:51.430Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38936 (GCVE-0-2023-38936)

    Vulnerability from nvd – Published: 2023-08-07 00:00 – Updated: 2024-10-15 20:05
    VLAI
    Summary
    Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6, AC9 V3.0 V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Impacted products
    Vendor Product Version
    tenda ac10 Affected: V1.0 V15.03.06.23
        cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac1206 Affected: V15.03.06.23,
        cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac6 Affected: V2.0 V15.03.06.23
        cpe:2.3:h:tenda:ac6:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac7 Affected: V1.0 V15.03.06.44,
        cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac5 Affected: V1.0 V15.03.06.28
        cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda fh1203 Affected: V2.0.1.6
        cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac9 Affected: V3.0 V15.03.06.42_multi
        cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda fh1205 Affected: V2.0.0.7(775)
        cpe:2.3:h:tenda:fh1205:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:54:39.689Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetSpeedWan/README.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac10",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V1.0 V15.03.06.23"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac1206",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V15.03.06.23,"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac6:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac6",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0 V15.03.06.23"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac7",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V1.0 V15.03.06.44,"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac5",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V1.0 V15.03.06.28"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fh1203",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0.1.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac9",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V3.0 V15.03.06.42_multi"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:fh1205:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fh1205",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0.0.7(775)"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38936",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-15T20:02:03.283677Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-15T20:05:36.911Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6, AC9 V3.0 V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-07T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetSpeedWan/README.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-38936",
        "datePublished": "2023-08-07T00:00:00.000Z",
        "dateReserved": "2023-07-25T00:00:00.000Z",
        "dateUpdated": "2024-10-15T20:05:36.911Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38934 (GCVE-0-2023-38934)

    Vulnerability from nvd – Published: 2023-08-07 00:00 – Updated: 2024-10-15 20:09
    VLAI
    Summary
    Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) was discovered to contain a stack overflow via the deviceId parameter in the formSetDeviceName function.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Impacted products
    Vendor Product Version
    tenda f1203 Affected: V2.0.1.6
        cpe:2.3:h:tenda:f1203:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda fh1203 Affected: V2.0.1.6
        cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda fh1205 Affected: V2.0.0.7(775)
        cpe:2.3:h:tenda:fh1205:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:54:39.706Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetDeviceName/README.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:tenda:f1203:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "f1203",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0.1.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fh1203",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0.1.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:fh1205:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fh1205",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0.0.7(775)"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38934",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-15T20:08:24.537653Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-15T20:09:42.651Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) was discovered to contain a stack overflow via the deviceId parameter in the formSetDeviceName function."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-07T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetDeviceName/README.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-38934",
        "datePublished": "2023-08-07T00:00:00.000Z",
        "dateReserved": "2023-07-25T00:00:00.000Z",
        "dateUpdated": "2024-10-15T20:09:42.651Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38933 (GCVE-0-2023-38933)

    Vulnerability from nvd – Published: 2023-08-07 00:00 – Updated: 2024-10-17 13:51
    VLAI
    Summary
    Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6 and AC9 V3.0 V15.03.06.42_multi, and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Impacted products
    Vendor Product Version
    tenda ac7 Affected: V1.0 V15.03.06.44
        cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda f1203 Affected: V2.0.1.6
        cpe:2.3:h:tenda:f1203:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac5 Affected: V1.0 V15.03.06.28
        cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda fh1203 Affected: V2.0.1.6
        cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac9 Affected: V3.0 V15.03.06.42_multi
        cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda fh1205 Affected: V2.0.0.7(775)
        cpe:2.3:h:tenda:fh1205:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac6 Affected: V2.0 V15.03.06.23
        cpe:2.3:h:tenda:ac6:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:54:39.649Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetClientState/README.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac7",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V1.0 V15.03.06.44"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:f1203:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "f1203",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0.1.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac5",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V1.0 V15.03.06.28"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fh1203",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0.1.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac9",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V3.0 V15.03.06.42_multi"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:fh1205:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fh1205",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0.0.7(775)"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac6:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac6",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0 V15.03.06.23"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38933",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-17T13:48:33.206945Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-17T13:51:46.931Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6 and AC9 V3.0 V15.03.06.42_multi, and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-07T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetClientState/README.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-38933",
        "datePublished": "2023-08-07T00:00:00.000Z",
        "dateReserved": "2023-07-25T00:00:00.000Z",
        "dateUpdated": "2024-10-17T13:51:46.931Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38931 (GCVE-0-2023-38931)

    Vulnerability from nvd – Published: 2023-08-07 00:00 – Updated: 2024-10-17 13:55
    VLAI
    Summary
    Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and FH1203 V2.0.1.6 were discovered to contain a stack overflow via the list parameter in the setaccount function.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Impacted products
    Vendor Product Version
    tenda ac10 Affected: V1.0 V15.03.06.23
        cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac1206 Affected: V15.03.06.23
        cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac8 Affected: v4 V16.03.34.06
        cpe:2.3:h:tenda:ac8:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac6 Affected: V2.0 V15.03.06.23
        cpe:2.3:h:tenda:ac6:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac7 Affected: V1.0 V15.03.06.44
        cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda f1203 Affected: V2.0.1.6
        cpe:2.3:h:tenda:f1203:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac5 Affected: V1.0 V15.03.06.28
        cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac10 Affected: v4.0 V16.03.10.13
        cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda fh1203 Affected: V2.0.1.6
        cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:54:39.242Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/cloudv2_setaccount/README.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac10",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V1.0 V15.03.06.23"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac1206",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V15.03.06.23"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac8:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac8",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "v4 V16.03.34.06"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac6:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac6",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0 V15.03.06.23"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac7",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V1.0 V15.03.06.44"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:f1203:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "f1203",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0.1.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac5",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V1.0 V15.03.06.28"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac10",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "v4.0 V16.03.10.13"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fh1203",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0.1.6"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38931",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-17T13:52:20.173225Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-17T13:55:25.786Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and FH1203 V2.0.1.6 were discovered to contain a stack overflow via the list parameter in the setaccount function."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-07T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/cloudv2_setaccount/README.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-38931",
        "datePublished": "2023-08-07T00:00:00.000Z",
        "dateReserved": "2023-07-25T00:00:00.000Z",
        "dateUpdated": "2024-10-17T13:55:25.786Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38930 (GCVE-0-2023-38930)

    Vulnerability from nvd – Published: 2023-08-07 00:00 – Updated: 2024-10-15 19:35
    VLAI
    Summary
    Tenda AC7 V1.0,V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0,V15.03.06.28, AC9 V3.0,V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Impacted products
    Vendor Product Version
    tenda ac7 Affected: V1.0,V15.03.06.44
    Affected: F1203 V2.0.1.6,
        cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac5 Affected: V1.0,V15.03.06.28
        cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac9 Affected: V3.0,V15.03.06.42_multi
    Affected: FH1205 V2.0.0.7(775)
        cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:54:39.646Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/addWifiMacFilter/README.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac7",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V1.0,V15.03.06.44"
                  },
                  {
                    "status": "affected",
                    "version": "F1203 V2.0.1.6,"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac5",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V1.0,V15.03.06.28"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac9",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V3.0,V15.03.06.42_multi"
                  },
                  {
                    "status": "affected",
                    "version": "FH1205 V2.0.0.7(775)"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38930",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-15T19:31:04.398117Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-15T19:35:44.164Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Tenda AC7 V1.0,V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0,V15.03.06.28, AC9 V3.0,V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-07T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/addWifiMacFilter/README.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-38930",
        "datePublished": "2023-08-07T00:00:00.000Z",
        "dateReserved": "2023-07-25T00:00:00.000Z",
        "dateUpdated": "2024-10-15T19:35:44.164Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-46551 (GCVE-0-2022-46551)

    Vulnerability from nvd – Published: 2022-12-20 00:00 – Updated: 2025-04-16 17:39
    VLAI
    Summary
    Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the time parameter at /goform/saveParentControlInfo.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:31:46.387Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/Double-q1015/CVE-vulns/blob/main/tenda_f1203/saveParentControlInfo_time/saveParentControlInfo_time.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-46551",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T17:13:04.790855Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T17:39:19.179Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the time parameter at /goform/saveParentControlInfo."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-20T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/Double-q1015/CVE-vulns/blob/main/tenda_f1203/saveParentControlInfo_time/saveParentControlInfo_time.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-46551",
        "datePublished": "2022-12-20T00:00:00.000Z",
        "dateReserved": "2022-12-05T00:00:00.000Z",
        "dateUpdated": "2025-04-16T17:39:19.179Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-46550 (GCVE-0-2022-46550)

    Vulnerability from nvd – Published: 2022-12-20 00:00 – Updated: 2025-04-16 17:40
    VLAI
    Summary
    Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the urls parameter at /goform/saveParentControlInfo.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:31:46.482Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/Double-q1015/CVE-vulns/blob/main/tenda_f1203/saveParentControlInfo_urls/saveParentControlInfo_urls.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-46550",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T17:17:25.939009Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T17:40:08.955Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the urls parameter at /goform/saveParentControlInfo."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-20T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/Double-q1015/CVE-vulns/blob/main/tenda_f1203/saveParentControlInfo_urls/saveParentControlInfo_urls.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-46550",
        "datePublished": "2022-12-20T00:00:00.000Z",
        "dateReserved": "2022-12-05T00:00:00.000Z",
        "dateUpdated": "2025-04-16T17:40:08.955Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-46549 (GCVE-0-2022-46549)

    Vulnerability from nvd – Published: 2022-12-20 00:00 – Updated: 2025-04-16 17:40
    VLAI
    Summary
    Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the deviceId parameter at /goform/saveParentControlInfo.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:31:46.489Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/Double-q1015/CVE-vulns/blob/main/tenda_f1203/saveParentControlInfo_deviceId/saveParentControlInfo_deviceId.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-46549",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T17:20:20.455784Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T17:40:57.185Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the deviceId parameter at /goform/saveParentControlInfo."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-20T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/Double-q1015/CVE-vulns/blob/main/tenda_f1203/saveParentControlInfo_deviceId/saveParentControlInfo_deviceId.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-46549",
        "datePublished": "2022-12-20T00:00:00.000Z",
        "dateReserved": "2022-12-05T00:00:00.000Z",
        "dateUpdated": "2025-04-16T17:40:57.185Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-46548 (GCVE-0-2022-46548)

    Vulnerability from nvd – Published: 2022-12-20 00:00 – Updated: 2025-04-16 17:41
    VLAI
    Summary
    Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the page parameter at /goform/DhcpListClient.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:31:46.389Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/Double-q1015/CVE-vulns/blob/main/tenda_f1203/fromDhcpListClient/fromDhcpListClient.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-46548",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T17:21:58.117411Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T17:41:27.520Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the page parameter at /goform/DhcpListClient."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-20T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/Double-q1015/CVE-vulns/blob/main/tenda_f1203/fromDhcpListClient/fromDhcpListClient.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-46548",
        "datePublished": "2022-12-20T00:00:00.000Z",
        "dateReserved": "2022-12-05T00:00:00.000Z",
        "dateUpdated": "2025-04-16T17:41:27.520Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-46547 (GCVE-0-2022-46547)

    Vulnerability from nvd – Published: 2022-12-20 00:00 – Updated: 2025-04-16 18:11
    VLAI
    Summary
    Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the page parameter at /goform/VirtualSer.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:31:46.448Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/Double-q1015/CVE-vulns/blob/main/tenda_f1203/fromVirtualSer/fromVirtualSer.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-46547",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T18:11:01.435547Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T18:11:20.762Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the page parameter at /goform/VirtualSer."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-20T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/Double-q1015/CVE-vulns/blob/main/tenda_f1203/fromVirtualSer/fromVirtualSer.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-46547",
        "datePublished": "2022-12-20T00:00:00.000Z",
        "dateReserved": "2022-12-05T00:00:00.000Z",
        "dateUpdated": "2025-04-16T18:11:20.762Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-46546 (GCVE-0-2022-46546)

    Vulnerability from nvd – Published: 2022-12-20 00:00 – Updated: 2025-04-16 17:42
    VLAI
    Summary
    Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the entrys parameter at /goform/RouteStatic.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:31:46.382Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/Double-q1015/CVE-vulns/blob/main/tenda_f1203/fromRouteStatic/fromRouteStatic.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-46546",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T17:23:28.704151Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T17:42:06.796Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the entrys parameter at /goform/RouteStatic."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-20T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/Double-q1015/CVE-vulns/blob/main/tenda_f1203/fromRouteStatic/fromRouteStatic.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-46546",
        "datePublished": "2022-12-20T00:00:00.000Z",
        "dateReserved": "2022-12-05T00:00:00.000Z",
        "dateUpdated": "2025-04-16T17:42:06.796Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-32310 (GCVE-0-2024-32310)

    Vulnerability from cvelistv5 – Published: 2024-04-17 00:00 – Updated: 2024-08-02 02:06
    VLAI
    Summary
    Tenda F1203 V2.0.1.6 firmware has a stack overflow vulnerability located in the PPW parameter of the fromWizardHandle function.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    tenda f1203_firmware Affected: 2.0.1.6
        cpe:2.3:o:tenda:f1203_firmware:2.0.1.6:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:tenda:f1203_firmware:2.0.1.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "f1203_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.0.1.6"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-32310",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-26T14:43:46.794671Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-121",
                    "description": "CWE-121 Stack-based Buffer Overflow",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-26T16:26:56.645Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T02:06:44.087Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/fromWizardHandle.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Tenda F1203 V2.0.1.6 firmware has a stack overflow vulnerability located in the PPW parameter of the fromWizardHandle function."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-17T12:51:41.648Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/fromWizardHandle.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-32310",
        "datePublished": "2024-04-17T00:00:00.000Z",
        "dateReserved": "2024-04-12T00:00:00.000Z",
        "dateUpdated": "2024-08-02T02:06:44.087Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-32312 (GCVE-0-2024-32312)

    Vulnerability from cvelistv5 – Published: 2024-04-17 00:00 – Updated: 2024-08-02 02:06
    VLAI
    Summary
    Tenda F1203 V2.0.1.6 firmware has a stack overflow vulnerability located in the adslPwd parameter of the formWanParameterSetting function.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    tenda f1203_firmware Affected: 2.0.1.6
        cpe:2.3:o:tenda:f1203_firmware:2.0.1.6:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:tenda:f1203_firmware:2.0.1.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "f1203_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.0.1.6"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 5.7,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-32312",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-22T19:49:07.665208Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-121",
                    "description": "CWE-121 Stack-based Buffer Overflow",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:49:51.997Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T02:06:44.045Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/formWanParameterSetting.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Tenda F1203 V2.0.1.6 firmware has a stack overflow vulnerability located in the adslPwd parameter of the formWanParameterSetting function."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-17T12:50:18.109Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/formWanParameterSetting.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-32312",
        "datePublished": "2024-04-17T00:00:00.000Z",
        "dateReserved": "2024-04-12T00:00:00.000Z",
        "dateUpdated": "2024-08-02T02:06:44.045Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-2979 (GCVE-0-2024-2979)

    Vulnerability from cvelistv5 – Published: 2024-03-27 14:00 – Updated: 2024-08-27 20:38
    VLAI
    Title
    Tenda F1203 openSchedWifi setSchedWifi stack-based overflow
    Summary
    A vulnerability classified as critical was found in Tenda F1203 2.0.1.6. This vulnerability affects the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258148. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.258148 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.258148 signaturepermissions-required
    https://vuldb.com/?submit.301030 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    Tenda F1203 Affected: 2.0.1.6
    Create a notification for this product.
    tenda f1203_firmware Affected: 2.0.1.6
        cpe:2.3:o:tenda:f1203_firmware:2.0.1.6:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_tutu (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T19:32:42.935Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-258148 | Tenda F1203 openSchedWifi setSchedWifi stack-based overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.258148"
              },
              {
                "name": "VDB-258148 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.258148"
              },
              {
                "name": "Submit #301030 | Tenda F1203 V2.0.1.6 buffer overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.301030"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/setSchedWifi_end.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:tenda:f1203_firmware:2.0.1.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "f1203_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.0.1.6"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2979",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-28T15:56:00.862017Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-27T20:38:16.146Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "F1203",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.1.6"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_tutu (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical was found in Tenda F1203 2.0.1.6. This vulnerability affects the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258148. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In Tenda F1203 2.0.1.6 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Dabei geht es um die Funktion setSchedWifi der Datei /goform/openSchedWifi. Dank der Manipulation des Arguments schedStartTime/schedEndTime mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-27T14:00:10.347Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-258148 | Tenda F1203 openSchedWifi setSchedWifi stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.258148"
            },
            {
              "name": "VDB-258148 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.258148"
            },
            {
              "name": "Submit #301030 | Tenda F1203 V2.0.1.6 buffer overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.301030"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/setSchedWifi_end.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-03-27T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-03-27T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-03-27T08:10:02.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda F1203 openSchedWifi setSchedWifi stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-2979",
        "datePublished": "2024-03-27T14:00:10.347Z",
        "dateReserved": "2024-03-27T07:04:01.248Z",
        "dateUpdated": "2024-08-27T20:38:16.146Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-2978 (GCVE-0-2024-2978)

    Vulnerability from cvelistv5 – Published: 2024-03-27 14:00 – Updated: 2025-04-10 18:27
    VLAI
    Title
    Tenda F1203 setcfm formSetCfm stack-based overflow
    Summary
    A vulnerability classified as critical has been found in Tenda F1203 2.0.1.6. This affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258147. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.258147 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.258147 signaturepermissions-required
    https://vuldb.com/?submit.301029 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    Tenda F1203 Affected: 2.0.1.6
    Create a notification for this product.
    tenda f1203 Affected: 2.0.1.6
        cpe:2.3:h:tenda:f1203:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_tutu (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:tenda:f1203:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "f1203",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.0.1.6"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2978",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-28T17:28:12.907355Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-10T18:27:28.444Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T19:32:42.477Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-258147 | Tenda F1203 setcfm formSetCfm stack-based overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.258147"
              },
              {
                "name": "VDB-258147 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.258147"
              },
              {
                "name": "Submit #301029 | Tenda F1203 V2.0.1.6 buffer overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.301029"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/formSetCfm.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "F1203",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.1.6"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_tutu (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical has been found in Tenda F1203 2.0.1.6. This affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258147. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in Tenda F1203 2.0.1.6 entdeckt. Sie wurde als kritisch eingestuft. Es geht dabei um die Funktion formSetCfm der Datei /goform/setcfm. Durch Beeinflussen des Arguments funcpara1 mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-27T14:00:08.437Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-258147 | Tenda F1203 setcfm formSetCfm stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.258147"
            },
            {
              "name": "VDB-258147 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.258147"
            },
            {
              "name": "Submit #301029 | Tenda F1203 V2.0.1.6 buffer overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.301029"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/formSetCfm.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-03-27T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-03-27T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-03-27T08:10:00.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda F1203 setcfm formSetCfm stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-2978",
        "datePublished": "2024-03-27T14:00:08.437Z",
        "dateReserved": "2024-03-27T07:03:58.430Z",
        "dateUpdated": "2025-04-10T18:27:28.444Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-2977 (GCVE-0-2024-2977)

    Vulnerability from cvelistv5 – Published: 2024-03-27 13:31 – Updated: 2024-08-12 15:44
    VLAI
    Title
    Tenda F1203 QuickIndex formQuickIndex stack-based overflow
    Summary
    A vulnerability was found in Tenda F1203 2.0.1.6. It has been rated as critical. Affected by this issue is the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-258146 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.258146 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.258146 signaturepermissions-required
    https://vuldb.com/?submit.301028 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    Tenda F1203 Affected: 2.0.1.6
    Create a notification for this product.
    tenda fh1203_firmware Affected: 2.0.1.6
        cpe:2.3:o:tenda:fh1203_firmware:2.0.1.6:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_tutu (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T19:32:42.493Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-258146 | Tenda F1203 QuickIndex formQuickIndex stack-based overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.258146"
              },
              {
                "name": "VDB-258146 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.258146"
              },
              {
                "name": "Submit #301028 | Tenda F1203 V2.0.1.6 buffer overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.301028"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/formQuickIndex.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:tenda:fh1203_firmware:2.0.1.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fh1203_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.0.1.6"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2977",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-08T20:21:58.144621Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-12T15:44:08.153Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "F1203",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.1.6"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_tutu (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda F1203 2.0.1.6. It has been rated as critical. Affected by this issue is the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-258146 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Eine kritische Schwachstelle wurde in Tenda F1203 2.0.1.6 ausgemacht. Es geht hierbei um die Funktion formQuickIndex der Datei /goform/QuickIndex. Durch das Beeinflussen des Arguments PPPOEPassword mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-27T13:31:06.045Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-258146 | Tenda F1203 QuickIndex formQuickIndex stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.258146"
            },
            {
              "name": "VDB-258146 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.258146"
            },
            {
              "name": "Submit #301028 | Tenda F1203 V2.0.1.6 buffer overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.301028"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/formQuickIndex.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-03-27T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-03-27T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-03-27T08:09:59.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda F1203 QuickIndex formQuickIndex stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-2977",
        "datePublished": "2024-03-27T13:31:06.045Z",
        "dateReserved": "2024-03-27T07:03:54.704Z",
        "dateUpdated": "2024-08-12T15:44:08.153Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-2976 (GCVE-0-2024-2976)

    Vulnerability from cvelistv5 – Published: 2024-03-27 13:31 – Updated: 2024-08-21 14:56
    VLAI
    Title
    Tenda F1203 execCommand R7WebsSecurityHandler stack-based overflow
    Summary
    A vulnerability was found in Tenda F1203 2.0.1.6. It has been declared as critical. Affected by this vulnerability is the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258145 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.258145 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.258145 signaturepermissions-required
    https://vuldb.com/?submit.300997 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    Tenda F1203 Affected: 2.0.1.6
    Create a notification for this product.
    tenda f1203_firmware Affected: 2.0.1.6
        cpe:2.3:o:tenda:f1203_firmware:2.0.1.6:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_tutu (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T19:32:42.512Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-258145 | Tenda F1203 execCommand R7WebsSecurityHandler stack-based overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.258145"
              },
              {
                "name": "VDB-258145 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.258145"
              },
              {
                "name": "Submit #300997 | Tenda F1203 V2.0.1.6 buffer overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.300997"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/R7WebsSecurityHandler.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:tenda:f1203_firmware:2.0.1.6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "f1203_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.0.1.6"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2976",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-21T14:54:24.131979Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-21T14:56:30.998Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "F1203",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.1.6"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_tutu (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda F1203 2.0.1.6. It has been declared as critical. Affected by this vulnerability is the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258145 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In Tenda F1203 2.0.1.6 wurde eine kritische Schwachstelle ausgemacht. Es geht um die Funktion R7WebsSecurityHandler der Datei /goform/execCommand. Durch Manipulieren des Arguments password mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-27T13:31:04.472Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-258145 | Tenda F1203 execCommand R7WebsSecurityHandler stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.258145"
            },
            {
              "name": "VDB-258145 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.258145"
            },
            {
              "name": "Submit #300997 | Tenda F1203 V2.0.1.6 buffer overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.300997"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1203/R7WebsSecurityHandler.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-03-27T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-03-27T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-03-27T08:09:57.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda F1203 execCommand R7WebsSecurityHandler stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-2976",
        "datePublished": "2024-03-27T13:31:04.472Z",
        "dateReserved": "2024-03-27T07:03:52.505Z",
        "dateUpdated": "2024-08-21T14:56:30.998Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38936 (GCVE-0-2023-38936)

    Vulnerability from cvelistv5 – Published: 2023-08-07 00:00 – Updated: 2024-10-15 20:05
    VLAI
    Summary
    Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6, AC9 V3.0 V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Impacted products
    Vendor Product Version
    tenda ac10 Affected: V1.0 V15.03.06.23
        cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac1206 Affected: V15.03.06.23,
        cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac6 Affected: V2.0 V15.03.06.23
        cpe:2.3:h:tenda:ac6:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac7 Affected: V1.0 V15.03.06.44,
        cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac5 Affected: V1.0 V15.03.06.28
        cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda fh1203 Affected: V2.0.1.6
        cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac9 Affected: V3.0 V15.03.06.42_multi
        cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda fh1205 Affected: V2.0.0.7(775)
        cpe:2.3:h:tenda:fh1205:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:54:39.689Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetSpeedWan/README.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac10",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V1.0 V15.03.06.23"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac1206",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V15.03.06.23,"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac6:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac6",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0 V15.03.06.23"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac7",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V1.0 V15.03.06.44,"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac5",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V1.0 V15.03.06.28"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fh1203",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0.1.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac9",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V3.0 V15.03.06.42_multi"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:fh1205:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fh1205",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0.0.7(775)"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38936",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-15T20:02:03.283677Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-15T20:05:36.911Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6, AC9 V3.0 V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-07T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetSpeedWan/README.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-38936",
        "datePublished": "2023-08-07T00:00:00.000Z",
        "dateReserved": "2023-07-25T00:00:00.000Z",
        "dateUpdated": "2024-10-15T20:05:36.911Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38930 (GCVE-0-2023-38930)

    Vulnerability from cvelistv5 – Published: 2023-08-07 00:00 – Updated: 2024-10-15 19:35
    VLAI
    Summary
    Tenda AC7 V1.0,V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0,V15.03.06.28, AC9 V3.0,V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Impacted products
    Vendor Product Version
    tenda ac7 Affected: V1.0,V15.03.06.44
    Affected: F1203 V2.0.1.6,
        cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac5 Affected: V1.0,V15.03.06.28
        cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac9 Affected: V3.0,V15.03.06.42_multi
    Affected: FH1205 V2.0.0.7(775)
        cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:54:39.646Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/addWifiMacFilter/README.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac7",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V1.0,V15.03.06.44"
                  },
                  {
                    "status": "affected",
                    "version": "F1203 V2.0.1.6,"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac5",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V1.0,V15.03.06.28"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac9",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V3.0,V15.03.06.42_multi"
                  },
                  {
                    "status": "affected",
                    "version": "FH1205 V2.0.0.7(775)"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38930",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-15T19:31:04.398117Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-15T19:35:44.164Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Tenda AC7 V1.0,V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0,V15.03.06.28, AC9 V3.0,V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-07T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/addWifiMacFilter/README.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-38930",
        "datePublished": "2023-08-07T00:00:00.000Z",
        "dateReserved": "2023-07-25T00:00:00.000Z",
        "dateUpdated": "2024-10-15T19:35:44.164Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38940 (GCVE-0-2023-38940)

    Vulnerability from cvelistv5 – Published: 2023-08-07 00:00 – Updated: 2024-10-11 14:17
    VLAI
    Summary
    Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Impacted products
    Vendor Product Version
    tenda f1203 Affected: V2.0.1.6
        cpe:2.3:h:tenda:f1203:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda fh1203 Affected: V2.0.1.6
        cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda fh1205 Affected: V2.0.0.7(775)
        cpe:2.3:h:tenda:fh1205:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:54:39.678Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/form_fast_setting_wifi_set"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:tenda:f1203:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "f1203",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0.1.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fh1203",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0.1.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:fh1205:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fh1205",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0.0.7(775)"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38940",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-11T14:16:25.895234Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-11T14:17:51.430Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-07T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/FirmRec/IoT-Vulns/tree/main/tenda/form_fast_setting_wifi_set"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-38940",
        "datePublished": "2023-08-07T00:00:00.000Z",
        "dateReserved": "2023-07-25T00:00:00.000Z",
        "dateUpdated": "2024-10-11T14:17:51.430Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38931 (GCVE-0-2023-38931)

    Vulnerability from cvelistv5 – Published: 2023-08-07 00:00 – Updated: 2024-10-17 13:55
    VLAI
    Summary
    Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and FH1203 V2.0.1.6 were discovered to contain a stack overflow via the list parameter in the setaccount function.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Impacted products
    Vendor Product Version
    tenda ac10 Affected: V1.0 V15.03.06.23
        cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac1206 Affected: V15.03.06.23
        cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac8 Affected: v4 V16.03.34.06
        cpe:2.3:h:tenda:ac8:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac6 Affected: V2.0 V15.03.06.23
        cpe:2.3:h:tenda:ac6:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac7 Affected: V1.0 V15.03.06.44
        cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda f1203 Affected: V2.0.1.6
        cpe:2.3:h:tenda:f1203:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac5 Affected: V1.0 V15.03.06.28
        cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac10 Affected: v4.0 V16.03.10.13
        cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda fh1203 Affected: V2.0.1.6
        cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:54:39.242Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/cloudv2_setaccount/README.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac10",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V1.0 V15.03.06.23"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac1206:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac1206",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V15.03.06.23"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac8:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac8",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "v4 V16.03.34.06"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac6:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac6",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0 V15.03.06.23"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac7",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V1.0 V15.03.06.44"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:f1203:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "f1203",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0.1.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac5",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V1.0 V15.03.06.28"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac10:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac10",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "v4.0 V16.03.10.13"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fh1203",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0.1.6"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38931",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-17T13:52:20.173225Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-17T13:55:25.786Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and FH1203 V2.0.1.6 were discovered to contain a stack overflow via the list parameter in the setaccount function."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-07T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/cloudv2_setaccount/README.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-38931",
        "datePublished": "2023-08-07T00:00:00.000Z",
        "dateReserved": "2023-07-25T00:00:00.000Z",
        "dateUpdated": "2024-10-17T13:55:25.786Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38934 (GCVE-0-2023-38934)

    Vulnerability from cvelistv5 – Published: 2023-08-07 00:00 – Updated: 2024-10-15 20:09
    VLAI
    Summary
    Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) was discovered to contain a stack overflow via the deviceId parameter in the formSetDeviceName function.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Impacted products
    Vendor Product Version
    tenda f1203 Affected: V2.0.1.6
        cpe:2.3:h:tenda:f1203:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda fh1203 Affected: V2.0.1.6
        cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda fh1205 Affected: V2.0.0.7(775)
        cpe:2.3:h:tenda:fh1205:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:54:39.706Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetDeviceName/README.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:tenda:f1203:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "f1203",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0.1.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fh1203",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0.1.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:fh1205:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fh1205",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0.0.7(775)"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38934",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-15T20:08:24.537653Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-15T20:09:42.651Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) was discovered to contain a stack overflow via the deviceId parameter in the formSetDeviceName function."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-07T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetDeviceName/README.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-38934",
        "datePublished": "2023-08-07T00:00:00.000Z",
        "dateReserved": "2023-07-25T00:00:00.000Z",
        "dateUpdated": "2024-10-15T20:09:42.651Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38933 (GCVE-0-2023-38933)

    Vulnerability from cvelistv5 – Published: 2023-08-07 00:00 – Updated: 2024-10-17 13:51
    VLAI
    Summary
    Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6 and AC9 V3.0 V15.03.06.42_multi, and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Impacted products
    Vendor Product Version
    tenda ac7 Affected: V1.0 V15.03.06.44
        cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda f1203 Affected: V2.0.1.6
        cpe:2.3:h:tenda:f1203:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac5 Affected: V1.0 V15.03.06.28
        cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda fh1203 Affected: V2.0.1.6
        cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac9 Affected: V3.0 V15.03.06.42_multi
        cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda fh1205 Affected: V2.0.0.7(775)
        cpe:2.3:h:tenda:fh1205:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda ac6 Affected: V2.0 V15.03.06.23
        cpe:2.3:h:tenda:ac6:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:54:39.649Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetClientState/README.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac7:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac7",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V1.0 V15.03.06.44"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:f1203:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "f1203",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0.1.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac5:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac5",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V1.0 V15.03.06.28"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:fh1203:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fh1203",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0.1.6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac9",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V3.0 V15.03.06.42_multi"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:fh1205:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fh1205",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0.0.7(775)"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:ac6:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ac6",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "V2.0 V15.03.06.23"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38933",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-17T13:48:33.206945Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-17T13:51:46.931Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6 and AC9 V3.0 V15.03.06.42_multi, and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-07T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetClientState/README.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-38933",
        "datePublished": "2023-08-07T00:00:00.000Z",
        "dateReserved": "2023-07-25T00:00:00.000Z",
        "dateUpdated": "2024-10-17T13:51:46.931Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }