Search

Find a vulnerability

Search criteria

    18 vulnerabilities found for rx9_pro_firmware by tenda

    CVE-2024-10351 (GCVE-0-2024-10351)

    Vulnerability from nvd – Published: 2024-10-24 23:31 – Updated: 2024-10-25 20:50
    VLAI
    Title
    Tenda RX9 Pro POST Request setMacFilterCfg sub_424CE0 stack-based overflow
    Summary
    A vulnerability was found in Tenda RX9 Pro 22.03.02.20. It has been rated as critical. This issue affects the function sub_424CE0 of the file /goform/setMacFilterCfg of the component POST Request Handler. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.281699 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.281699 signaturepermissions-required
    https://vuldb.com/?submit.427706 third-party-advisory
    https://gitee.com/GXB0_0/iot-vul/blob/master/Tend… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda RX9 Pro Affected: 22.03.02.20
    Create a notification for this product.
    tenda rx9_pro_firmware Affected: 22.03.02.20
        cpe:2.3:o:tenda:rx9_pro_firmware:22.03.02.20:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    GuoXB (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:tenda:rx9_pro_firmware:22.03.02.20:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "rx9_pro_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "22.03.02.20"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-10351",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-25T20:00:12.566902Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T20:50:14.294Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "POST Request Handler"
              ],
              "product": "RX9 Pro",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "22.03.02.20"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "GuoXB (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda RX9 Pro 22.03.02.20. It has been rated as critical. This issue affects the function sub_424CE0 of the file /goform/setMacFilterCfg of the component POST Request Handler. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in Tenda RX9 Pro 22.03.02.20 ausgemacht. Sie wurde als kritisch eingestuft. Hierbei geht es um die Funktion sub_424CE0 der Datei /goform/setMacFilterCfg der Komponente POST Request Handler. Dank der Manipulation des Arguments deviceList mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-24T23:31:11.527Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-281699 | Tenda RX9 Pro POST Request setMacFilterCfg sub_424CE0 stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.281699"
            },
            {
              "name": "VDB-281699 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.281699"
            },
            {
              "name": "Submit #427706 | Tenda Rx9 Router RX9 Pro Firmware V22.03.02.20 Stack-based Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.427706"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gitee.com/GXB0_0/iot-vul/blob/master/Tenda/RX9/20/setMacFilterCfg.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-10-24T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-10-24T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-10-24T17:39:44.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda RX9 Pro POST Request setMacFilterCfg sub_424CE0 stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-10351",
        "datePublished": "2024-10-24T23:31:11.527Z",
        "dateReserved": "2024-10-24T15:34:29.365Z",
        "dateUpdated": "2024-10-25T20:50:14.294Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-10283 (GCVE-0-2024-10283)

    Vulnerability from nvd – Published: 2024-10-23 15:00 – Updated: 2024-10-23 17:33
    VLAI
    Title
    Tenda RX9/RX9 Pro SetNetControlList sub_4337EC stack-based overflow
    Summary
    A vulnerability, which was classified as critical, has been found in Tenda RX9 and RX9 Pro 22.03.02.20. Affected by this issue is the function sub_4337EC of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.281558 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.281558 signaturepermissions-required
    https://vuldb.com/?submit.427064 third-party-advisory
    https://gitee.com/GXB0_0/iot-vul/blob/master/Tend… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda RX9 Affected: 22.03.02.20
    Create a notification for this product.
    Tenda RX9 Pro Affected: 22.03.02.20
    Create a notification for this product.
    tenda rx9_pro Affected: 22.03.02.20
        cpe:2.3:h:tenda:rx9_pro:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda rx9 Affected: 22.03.02.20
        cpe:2.3:a:tenda:rx9:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    GuoXB (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:tenda:rx9_pro:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "rx9_pro",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "22.03.02.20"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:tenda:rx9:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "rx9",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "22.03.02.20"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-10283",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T17:30:46.351880Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-23T17:33:05.674Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RX9",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "22.03.02.20"
                }
              ]
            },
            {
              "product": "RX9 Pro",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "22.03.02.20"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "GuoXB (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as critical, has been found in Tenda RX9 and RX9 Pro 22.03.02.20. Affected by this issue is the function sub_4337EC of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Eine kritische Schwachstelle wurde in Tenda RX9 and RX9 Pro 22.03.02.20 entdeckt. Betroffen davon ist die Funktion sub_4337EC der Datei /goform/SetNetControlList. Mit der Manipulation des Arguments list mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-23T15:00:12.454Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-281558 | Tenda RX9/RX9 Pro SetNetControlList sub_4337EC stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.281558"
            },
            {
              "name": "VDB-281558 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.281558"
            },
            {
              "name": "Submit #427064 | Tenda RX9 Router RX9 Pro Firmware V22.03.02.20 Stack-based Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.427064"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gitee.com/GXB0_0/iot-vul/blob/master/Tenda/RX9/20/SetNetControlList.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-10-23T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-10-23T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-10-23T08:12:57.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda RX9/RX9 Pro SetNetControlList sub_4337EC stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-10283",
        "datePublished": "2024-10-23T15:00:12.454Z",
        "dateReserved": "2024-10-23T06:07:52.411Z",
        "dateUpdated": "2024-10-23T17:33:05.674Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-10282 (GCVE-0-2024-10282)

    Vulnerability from nvd – Published: 2024-10-23 14:31 – Updated: 2024-10-23 17:51
    VLAI
    Title
    Tenda RX9/RX9 Pro SetVirtualServerCfg sub_42EA38 stack-based overflow
    Summary
    A vulnerability classified as critical was found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. Affected by this vulnerability is the function sub_42EA38 of the file /goform/SetVirtualServerCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.281557 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.281557 signaturepermissions-required
    https://vuldb.com/?submit.427066 third-party-advisory
    https://gitee.com/GXB0_0/iot-vul/blob/master/Tend… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda RX9 Affected: 22.03.02.10
    Affected: 22.03.02.20
    Create a notification for this product.
    Tenda RX9 Pro Affected: 22.03.02.10
    Affected: 22.03.02.20
    Create a notification for this product.
    tenda rx9 Affected: 22.03.02.10
    Affected: 22.03.02.20
        cpe:2.3:a:tenda:rx9:*:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda rx9_pro Affected: 22.03.02.10
    Affected: 22.03.02.20
        cpe:2.3:h:tenda:rx9_pro:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    GuoXB (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:tenda:rx9:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "rx9",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "22.03.02.10"
                  },
                  {
                    "status": "affected",
                    "version": "22.03.02.20"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:rx9_pro:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "rx9_pro",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "22.03.02.10"
                  },
                  {
                    "status": "affected",
                    "version": "22.03.02.20"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-10282",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T17:50:18.481537Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-23T17:51:56.577Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RX9",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "22.03.02.10"
                },
                {
                  "status": "affected",
                  "version": "22.03.02.20"
                }
              ]
            },
            {
              "product": "RX9 Pro",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "22.03.02.10"
                },
                {
                  "status": "affected",
                  "version": "22.03.02.20"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "GuoXB (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical was found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. Affected by this vulnerability is the function sub_42EA38 of the file /goform/SetVirtualServerCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "In Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20 wurde eine kritische Schwachstelle entdeckt. Betroffen ist die Funktion sub_42EA38 der Datei /goform/SetVirtualServerCfg. Dank Manipulation des Arguments list mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-23T14:31:24.051Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-281557 | Tenda RX9/RX9 Pro SetVirtualServerCfg sub_42EA38 stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.281557"
            },
            {
              "name": "VDB-281557 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.281557"
            },
            {
              "name": "Submit #427066 | Tenda RX9 Router RX9 Pro Firmware V22.03.02.10\u3001RX9 Pro Firmware V22.03.02.20 Stack-based Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.427066"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gitee.com/GXB0_0/iot-vul/blob/master/Tenda/RX9/20/SetVirtualServerCfg.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-10-23T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-10-23T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-10-23T08:12:46.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda RX9/RX9 Pro SetVirtualServerCfg sub_42EA38 stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-10282",
        "datePublished": "2024-10-23T14:31:24.051Z",
        "dateReserved": "2024-10-23T06:07:37.708Z",
        "dateUpdated": "2024-10-23T17:51:56.577Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-10281 (GCVE-0-2024-10281)

    Vulnerability from nvd – Published: 2024-10-23 14:00 – Updated: 2024-10-23 18:20
    VLAI
    Title
    Tenda RX9/RX9 Pro SetStaticRouteCfg sub_42EEE0 stack-based overflow
    Summary
    A vulnerability classified as critical has been found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. Affected is the function sub_42EEE0 of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.281556 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.281556 signaturepermissions-required
    https://vuldb.com/?submit.427065 third-party-advisory
    https://gitee.com/GXB0_0/iot-vul/blob/master/Tend… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda RX9 Affected: 22.03.02.10
    Affected: 22.03.02.20
    Create a notification for this product.
    Tenda RX9 Pro Affected: 22.03.02.10
    Affected: 22.03.02.20
    Create a notification for this product.
    tenda rx9 Affected: 22.03.02.10
    Affected: 22.03.02.20
        cpe:2.3:a:tenda:rx9:*:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda rx9_pro Affected: 22.03.02.10
    Affected: 22.03.02.20
        cpe:2.3:h:tenda:rx9_pro:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    GuoXB (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:tenda:rx9:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "rx9",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "22.03.02.10"
                  },
                  {
                    "status": "affected",
                    "version": "22.03.02.20"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:rx9_pro:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "rx9_pro",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "22.03.02.10"
                  },
                  {
                    "status": "affected",
                    "version": "22.03.02.20"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-10281",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T18:19:28.352564Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-23T18:20:52.773Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RX9",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "22.03.02.10"
                },
                {
                  "status": "affected",
                  "version": "22.03.02.20"
                }
              ]
            },
            {
              "product": "RX9 Pro",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "22.03.02.10"
                },
                {
                  "status": "affected",
                  "version": "22.03.02.20"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "GuoXB (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical has been found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. Affected is the function sub_42EEE0 of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Es wurde eine kritische Schwachstelle in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20 entdeckt. Hiervon betroffen ist die Funktion sub_42EEE0 der Datei /goform/SetStaticRouteCfg. Dank der Manipulation des Arguments list mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-23T14:00:24.603Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-281556 | Tenda RX9/RX9 Pro SetStaticRouteCfg sub_42EEE0 stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.281556"
            },
            {
              "name": "VDB-281556 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.281556"
            },
            {
              "name": "Submit #427065 | Tenda RX9 Router RX9 Pro Firmware V22.03.02.10\u3001RX9 Pro Firmware V22.03.02.20 Stack-based Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.427065"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gitee.com/GXB0_0/iot-vul/blob/master/Tenda/RX9/20/SetStaticRouteCfg.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-10-23T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-10-23T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-10-23T08:12:43.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda RX9/RX9 Pro SetStaticRouteCfg sub_42EEE0 stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-10281",
        "datePublished": "2024-10-23T14:00:24.603Z",
        "dateReserved": "2024-10-23T06:07:35.435Z",
        "dateUpdated": "2024-10-23T18:20:52.773Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-43886 (GCVE-0-2023-43886)

    Vulnerability from nvd – Published: 2023-11-07 00:00 – Updated: 2024-09-05 13:15
    VLAI
    Summary
    A buffer overflow in the HTTP server component of Tenda RX9 Pro v22.03.02.20 might allow an authenticated attacker to overwrite memory.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:52:11.901Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.rtlcopymemory.com/tenda-rx9-pro/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-43886",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-05T13:15:00.595016Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-05T13:15:21.900Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A buffer overflow in the HTTP server component of Tenda RX9 Pro v22.03.02.20 might allow an authenticated attacker to overwrite memory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-07T08:02:02.446Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://blog.rtlcopymemory.com/tenda-rx9-pro/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-43886",
        "datePublished": "2023-11-07T00:00:00.000Z",
        "dateReserved": "2023-09-25T00:00:00.000Z",
        "dateUpdated": "2024-09-05T13:15:21.900Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-43885 (GCVE-0-2023-43885)

    Vulnerability from nvd – Published: 2023-11-07 00:00 – Updated: 2024-09-05 13:17
    VLAI
    Summary
    Missing error handling in the HTTP server component of Tenda RX9 Pro Firmware V22.03.02.20 allows authenticated attackers to arbitrarily lock the device.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:52:11.409Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.rtlcopymemory.com/tenda-rx9-pro/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-43885",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-05T13:16:30.532648Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-05T13:17:13.925Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Missing error handling in the HTTP server component of Tenda RX9 Pro Firmware V22.03.02.20 allows authenticated attackers to arbitrarily lock the device."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-07T08:01:59.519Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://blog.rtlcopymemory.com/tenda-rx9-pro/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-43885",
        "datePublished": "2023-11-07T00:00:00.000Z",
        "dateReserved": "2023-09-25T00:00:00.000Z",
        "dateUpdated": "2024-09-05T13:17:13.925Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-38831 (GCVE-0-2022-38831)

    Vulnerability from nvd – Published: 2022-09-16 14:35 – Updated: 2024-08-03 11:02
    VLAI
    Summary
    Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/SetNetControlList
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T11:02:14.625Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/whiter6666/CVE/blob/main/Tenda_RX9_Pro/SetNetControlList.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/SetNetControlList"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-16T14:35:43.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/whiter6666/CVE/blob/main/Tenda_RX9_Pro/SetNetControlList.md"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2022-38831",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/SetNetControlList"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/whiter6666/CVE/blob/main/Tenda_RX9_Pro/SetNetControlList.md",
                  "refsource": "MISC",
                  "url": "https://github.com/whiter6666/CVE/blob/main/Tenda_RX9_Pro/SetNetControlList.md"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-38831",
        "datePublished": "2022-09-16T14:35:43.000Z",
        "dateReserved": "2022-08-29T00:00:00.000Z",
        "dateUpdated": "2024-08-03T11:02:14.625Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-38830 (GCVE-0-2022-38830)

    Vulnerability from nvd – Published: 2022-09-16 14:36 – Updated: 2024-08-03 11:02
    VLAI
    Summary
    Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/setIPv6Status.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T11:02:14.603Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/whiter6666/CVE/blob/main/Tenda_RX9_Pro/setIPv6Status.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/setIPv6Status."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-16T14:36:48.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/whiter6666/CVE/blob/main/Tenda_RX9_Pro/setIPv6Status.md"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2022-38830",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/setIPv6Status."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/whiter6666/CVE/blob/main/Tenda_RX9_Pro/setIPv6Status.md",
                  "refsource": "MISC",
                  "url": "https://github.com/whiter6666/CVE/blob/main/Tenda_RX9_Pro/setIPv6Status.md"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-38830",
        "datePublished": "2022-09-16T14:36:48.000Z",
        "dateReserved": "2022-08-29T00:00:00.000Z",
        "dateUpdated": "2024-08-03T11:02:14.603Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-38829 (GCVE-0-2022-38829)

    Vulnerability from nvd – Published: 2022-09-16 14:37 – Updated: 2024-08-03 11:02
    VLAI
    Summary
    Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/setMacFilterCfg.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T11:02:14.605Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/whiter6666/CVE/blob/main/Tenda_RX9_Pro/setMacFilterCfg.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/setMacFilterCfg."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-16T14:37:40.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/whiter6666/CVE/blob/main/Tenda_RX9_Pro/setMacFilterCfg.md"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2022-38829",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/setMacFilterCfg."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/whiter6666/CVE/blob/main/Tenda_RX9_Pro/setMacFilterCfg.md",
                  "refsource": "MISC",
                  "url": "https://github.com/whiter6666/CVE/blob/main/Tenda_RX9_Pro/setMacFilterCfg.md"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-38829",
        "datePublished": "2022-09-16T14:37:40.000Z",
        "dateReserved": "2022-08-29T00:00:00.000Z",
        "dateUpdated": "2024-08-03T11:02:14.605Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-10351 (GCVE-0-2024-10351)

    Vulnerability from cvelistv5 – Published: 2024-10-24 23:31 – Updated: 2024-10-25 20:50
    VLAI
    Title
    Tenda RX9 Pro POST Request setMacFilterCfg sub_424CE0 stack-based overflow
    Summary
    A vulnerability was found in Tenda RX9 Pro 22.03.02.20. It has been rated as critical. This issue affects the function sub_424CE0 of the file /goform/setMacFilterCfg of the component POST Request Handler. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.281699 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.281699 signaturepermissions-required
    https://vuldb.com/?submit.427706 third-party-advisory
    https://gitee.com/GXB0_0/iot-vul/blob/master/Tend… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda RX9 Pro Affected: 22.03.02.20
    Create a notification for this product.
    tenda rx9_pro_firmware Affected: 22.03.02.20
        cpe:2.3:o:tenda:rx9_pro_firmware:22.03.02.20:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    GuoXB (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:tenda:rx9_pro_firmware:22.03.02.20:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "rx9_pro_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "22.03.02.20"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-10351",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-25T20:00:12.566902Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T20:50:14.294Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "POST Request Handler"
              ],
              "product": "RX9 Pro",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "22.03.02.20"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "GuoXB (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda RX9 Pro 22.03.02.20. It has been rated as critical. This issue affects the function sub_424CE0 of the file /goform/setMacFilterCfg of the component POST Request Handler. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in Tenda RX9 Pro 22.03.02.20 ausgemacht. Sie wurde als kritisch eingestuft. Hierbei geht es um die Funktion sub_424CE0 der Datei /goform/setMacFilterCfg der Komponente POST Request Handler. Dank der Manipulation des Arguments deviceList mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-24T23:31:11.527Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-281699 | Tenda RX9 Pro POST Request setMacFilterCfg sub_424CE0 stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.281699"
            },
            {
              "name": "VDB-281699 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.281699"
            },
            {
              "name": "Submit #427706 | Tenda Rx9 Router RX9 Pro Firmware V22.03.02.20 Stack-based Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.427706"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gitee.com/GXB0_0/iot-vul/blob/master/Tenda/RX9/20/setMacFilterCfg.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-10-24T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-10-24T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-10-24T17:39:44.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda RX9 Pro POST Request setMacFilterCfg sub_424CE0 stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-10351",
        "datePublished": "2024-10-24T23:31:11.527Z",
        "dateReserved": "2024-10-24T15:34:29.365Z",
        "dateUpdated": "2024-10-25T20:50:14.294Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-10283 (GCVE-0-2024-10283)

    Vulnerability from cvelistv5 – Published: 2024-10-23 15:00 – Updated: 2024-10-23 17:33
    VLAI
    Title
    Tenda RX9/RX9 Pro SetNetControlList sub_4337EC stack-based overflow
    Summary
    A vulnerability, which was classified as critical, has been found in Tenda RX9 and RX9 Pro 22.03.02.20. Affected by this issue is the function sub_4337EC of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.281558 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.281558 signaturepermissions-required
    https://vuldb.com/?submit.427064 third-party-advisory
    https://gitee.com/GXB0_0/iot-vul/blob/master/Tend… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda RX9 Affected: 22.03.02.20
    Create a notification for this product.
    Tenda RX9 Pro Affected: 22.03.02.20
    Create a notification for this product.
    tenda rx9_pro Affected: 22.03.02.20
        cpe:2.3:h:tenda:rx9_pro:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda rx9 Affected: 22.03.02.20
        cpe:2.3:a:tenda:rx9:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    GuoXB (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:tenda:rx9_pro:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "rx9_pro",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "22.03.02.20"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:tenda:rx9:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "rx9",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "22.03.02.20"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-10283",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T17:30:46.351880Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-23T17:33:05.674Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RX9",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "22.03.02.20"
                }
              ]
            },
            {
              "product": "RX9 Pro",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "22.03.02.20"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "GuoXB (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as critical, has been found in Tenda RX9 and RX9 Pro 22.03.02.20. Affected by this issue is the function sub_4337EC of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Eine kritische Schwachstelle wurde in Tenda RX9 and RX9 Pro 22.03.02.20 entdeckt. Betroffen davon ist die Funktion sub_4337EC der Datei /goform/SetNetControlList. Mit der Manipulation des Arguments list mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-23T15:00:12.454Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-281558 | Tenda RX9/RX9 Pro SetNetControlList sub_4337EC stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.281558"
            },
            {
              "name": "VDB-281558 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.281558"
            },
            {
              "name": "Submit #427064 | Tenda RX9 Router RX9 Pro Firmware V22.03.02.20 Stack-based Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.427064"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gitee.com/GXB0_0/iot-vul/blob/master/Tenda/RX9/20/SetNetControlList.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-10-23T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-10-23T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-10-23T08:12:57.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda RX9/RX9 Pro SetNetControlList sub_4337EC stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-10283",
        "datePublished": "2024-10-23T15:00:12.454Z",
        "dateReserved": "2024-10-23T06:07:52.411Z",
        "dateUpdated": "2024-10-23T17:33:05.674Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-10282 (GCVE-0-2024-10282)

    Vulnerability from cvelistv5 – Published: 2024-10-23 14:31 – Updated: 2024-10-23 17:51
    VLAI
    Title
    Tenda RX9/RX9 Pro SetVirtualServerCfg sub_42EA38 stack-based overflow
    Summary
    A vulnerability classified as critical was found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. Affected by this vulnerability is the function sub_42EA38 of the file /goform/SetVirtualServerCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.281557 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.281557 signaturepermissions-required
    https://vuldb.com/?submit.427066 third-party-advisory
    https://gitee.com/GXB0_0/iot-vul/blob/master/Tend… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda RX9 Affected: 22.03.02.10
    Affected: 22.03.02.20
    Create a notification for this product.
    Tenda RX9 Pro Affected: 22.03.02.10
    Affected: 22.03.02.20
    Create a notification for this product.
    tenda rx9 Affected: 22.03.02.10
    Affected: 22.03.02.20
        cpe:2.3:a:tenda:rx9:*:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda rx9_pro Affected: 22.03.02.10
    Affected: 22.03.02.20
        cpe:2.3:h:tenda:rx9_pro:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    GuoXB (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:tenda:rx9:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "rx9",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "22.03.02.10"
                  },
                  {
                    "status": "affected",
                    "version": "22.03.02.20"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:rx9_pro:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "rx9_pro",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "22.03.02.10"
                  },
                  {
                    "status": "affected",
                    "version": "22.03.02.20"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-10282",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T17:50:18.481537Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-23T17:51:56.577Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RX9",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "22.03.02.10"
                },
                {
                  "status": "affected",
                  "version": "22.03.02.20"
                }
              ]
            },
            {
              "product": "RX9 Pro",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "22.03.02.10"
                },
                {
                  "status": "affected",
                  "version": "22.03.02.20"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "GuoXB (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical was found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. Affected by this vulnerability is the function sub_42EA38 of the file /goform/SetVirtualServerCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "In Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20 wurde eine kritische Schwachstelle entdeckt. Betroffen ist die Funktion sub_42EA38 der Datei /goform/SetVirtualServerCfg. Dank Manipulation des Arguments list mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-23T14:31:24.051Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-281557 | Tenda RX9/RX9 Pro SetVirtualServerCfg sub_42EA38 stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.281557"
            },
            {
              "name": "VDB-281557 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.281557"
            },
            {
              "name": "Submit #427066 | Tenda RX9 Router RX9 Pro Firmware V22.03.02.10\u3001RX9 Pro Firmware V22.03.02.20 Stack-based Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.427066"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gitee.com/GXB0_0/iot-vul/blob/master/Tenda/RX9/20/SetVirtualServerCfg.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-10-23T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-10-23T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-10-23T08:12:46.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda RX9/RX9 Pro SetVirtualServerCfg sub_42EA38 stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-10282",
        "datePublished": "2024-10-23T14:31:24.051Z",
        "dateReserved": "2024-10-23T06:07:37.708Z",
        "dateUpdated": "2024-10-23T17:51:56.577Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-10281 (GCVE-0-2024-10281)

    Vulnerability from cvelistv5 – Published: 2024-10-23 14:00 – Updated: 2024-10-23 18:20
    VLAI
    Title
    Tenda RX9/RX9 Pro SetStaticRouteCfg sub_42EEE0 stack-based overflow
    Summary
    A vulnerability classified as critical has been found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. Affected is the function sub_42EEE0 of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.281556 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.281556 signaturepermissions-required
    https://vuldb.com/?submit.427065 third-party-advisory
    https://gitee.com/GXB0_0/iot-vul/blob/master/Tend… exploit
    https://www.tenda.com.cn/ product
    Impacted products
    Vendor Product Version
    Tenda RX9 Affected: 22.03.02.10
    Affected: 22.03.02.20
    Create a notification for this product.
    Tenda RX9 Pro Affected: 22.03.02.10
    Affected: 22.03.02.20
    Create a notification for this product.
    tenda rx9 Affected: 22.03.02.10
    Affected: 22.03.02.20
        cpe:2.3:a:tenda:rx9:*:*:*:*:*:*:*:*
    Create a notification for this product.
    tenda rx9_pro Affected: 22.03.02.10
    Affected: 22.03.02.20
        cpe:2.3:h:tenda:rx9_pro:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    GuoXB (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:tenda:rx9:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "rx9",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "22.03.02.10"
                  },
                  {
                    "status": "affected",
                    "version": "22.03.02.20"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:tenda:rx9_pro:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "rx9_pro",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "22.03.02.10"
                  },
                  {
                    "status": "affected",
                    "version": "22.03.02.20"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-10281",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-23T18:19:28.352564Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-23T18:20:52.773Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RX9",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "22.03.02.10"
                },
                {
                  "status": "affected",
                  "version": "22.03.02.20"
                }
              ]
            },
            {
              "product": "RX9 Pro",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "22.03.02.10"
                },
                {
                  "status": "affected",
                  "version": "22.03.02.20"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "GuoXB (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical has been found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. Affected is the function sub_42EEE0 of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
            },
            {
              "lang": "de",
              "value": "Es wurde eine kritische Schwachstelle in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20 entdeckt. Hiervon betroffen ist die Funktion sub_42EEE0 der Datei /goform/SetStaticRouteCfg. Dank der Manipulation des Arguments list mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-23T14:00:24.603Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-281556 | Tenda RX9/RX9 Pro SetStaticRouteCfg sub_42EEE0 stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.281556"
            },
            {
              "name": "VDB-281556 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.281556"
            },
            {
              "name": "Submit #427065 | Tenda RX9 Router RX9 Pro Firmware V22.03.02.10\u3001RX9 Pro Firmware V22.03.02.20 Stack-based Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.427065"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gitee.com/GXB0_0/iot-vul/blob/master/Tenda/RX9/20/SetStaticRouteCfg.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.tenda.com.cn/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-10-23T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-10-23T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-10-23T08:12:43.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda RX9/RX9 Pro SetStaticRouteCfg sub_42EEE0 stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-10281",
        "datePublished": "2024-10-23T14:00:24.603Z",
        "dateReserved": "2024-10-23T06:07:35.435Z",
        "dateUpdated": "2024-10-23T18:20:52.773Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-43885 (GCVE-0-2023-43885)

    Vulnerability from cvelistv5 – Published: 2023-11-07 00:00 – Updated: 2024-09-05 13:17
    VLAI
    Summary
    Missing error handling in the HTTP server component of Tenda RX9 Pro Firmware V22.03.02.20 allows authenticated attackers to arbitrarily lock the device.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:52:11.409Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.rtlcopymemory.com/tenda-rx9-pro/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-43885",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-05T13:16:30.532648Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-05T13:17:13.925Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Missing error handling in the HTTP server component of Tenda RX9 Pro Firmware V22.03.02.20 allows authenticated attackers to arbitrarily lock the device."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-07T08:01:59.519Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://blog.rtlcopymemory.com/tenda-rx9-pro/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-43885",
        "datePublished": "2023-11-07T00:00:00.000Z",
        "dateReserved": "2023-09-25T00:00:00.000Z",
        "dateUpdated": "2024-09-05T13:17:13.925Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-43886 (GCVE-0-2023-43886)

    Vulnerability from cvelistv5 – Published: 2023-11-07 00:00 – Updated: 2024-09-05 13:15
    VLAI
    Summary
    A buffer overflow in the HTTP server component of Tenda RX9 Pro v22.03.02.20 might allow an authenticated attacker to overwrite memory.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:52:11.901Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.rtlcopymemory.com/tenda-rx9-pro/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-43886",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-05T13:15:00.595016Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-05T13:15:21.900Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A buffer overflow in the HTTP server component of Tenda RX9 Pro v22.03.02.20 might allow an authenticated attacker to overwrite memory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-07T08:02:02.446Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://blog.rtlcopymemory.com/tenda-rx9-pro/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-43886",
        "datePublished": "2023-11-07T00:00:00.000Z",
        "dateReserved": "2023-09-25T00:00:00.000Z",
        "dateUpdated": "2024-09-05T13:15:21.900Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-38829 (GCVE-0-2022-38829)

    Vulnerability from cvelistv5 – Published: 2022-09-16 14:37 – Updated: 2024-08-03 11:02
    VLAI
    Summary
    Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/setMacFilterCfg.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T11:02:14.605Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/whiter6666/CVE/blob/main/Tenda_RX9_Pro/setMacFilterCfg.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/setMacFilterCfg."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-16T14:37:40.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/whiter6666/CVE/blob/main/Tenda_RX9_Pro/setMacFilterCfg.md"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2022-38829",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/setMacFilterCfg."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/whiter6666/CVE/blob/main/Tenda_RX9_Pro/setMacFilterCfg.md",
                  "refsource": "MISC",
                  "url": "https://github.com/whiter6666/CVE/blob/main/Tenda_RX9_Pro/setMacFilterCfg.md"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-38829",
        "datePublished": "2022-09-16T14:37:40.000Z",
        "dateReserved": "2022-08-29T00:00:00.000Z",
        "dateUpdated": "2024-08-03T11:02:14.605Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-38830 (GCVE-0-2022-38830)

    Vulnerability from cvelistv5 – Published: 2022-09-16 14:36 – Updated: 2024-08-03 11:02
    VLAI
    Summary
    Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/setIPv6Status.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T11:02:14.603Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/whiter6666/CVE/blob/main/Tenda_RX9_Pro/setIPv6Status.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/setIPv6Status."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-16T14:36:48.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/whiter6666/CVE/blob/main/Tenda_RX9_Pro/setIPv6Status.md"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2022-38830",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/setIPv6Status."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/whiter6666/CVE/blob/main/Tenda_RX9_Pro/setIPv6Status.md",
                  "refsource": "MISC",
                  "url": "https://github.com/whiter6666/CVE/blob/main/Tenda_RX9_Pro/setIPv6Status.md"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-38830",
        "datePublished": "2022-09-16T14:36:48.000Z",
        "dateReserved": "2022-08-29T00:00:00.000Z",
        "dateUpdated": "2024-08-03T11:02:14.603Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-38831 (GCVE-0-2022-38831)

    Vulnerability from cvelistv5 – Published: 2022-09-16 14:35 – Updated: 2024-08-03 11:02
    VLAI
    Summary
    Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/SetNetControlList
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T11:02:14.625Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/whiter6666/CVE/blob/main/Tenda_RX9_Pro/SetNetControlList.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/SetNetControlList"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-16T14:35:43.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/whiter6666/CVE/blob/main/Tenda_RX9_Pro/SetNetControlList.md"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2022-38831",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/SetNetControlList"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/whiter6666/CVE/blob/main/Tenda_RX9_Pro/SetNetControlList.md",
                  "refsource": "MISC",
                  "url": "https://github.com/whiter6666/CVE/blob/main/Tenda_RX9_Pro/SetNetControlList.md"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-38831",
        "datePublished": "2022-09-16T14:35:43.000Z",
        "dateReserved": "2022-08-29T00:00:00.000Z",
        "dateUpdated": "2024-08-03T11:02:14.625Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }