Search

Find a vulnerability

Search criteria

    62 vulnerabilities found for w15e_firmware by tenda

    CVE-2026-30140 (GCVE-0-2026-30140)

    Vulnerability from nvd – Published: 2026-03-09 00:00 – Updated: 2026-03-11 14:28
    VLAI
    Summary
    An incorrect access control vulnerability exists in Tenda W15E V02.03.01.26_cn. An unauthenticated attacker can access the /cgi-bin/DownloadCfg/RouterCfm.jpg endpoint to download the configuration file containing plaintext administrator credentials, leading to sensitive information disclosure and potential remote administrative access.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-284 - Improper Access Control
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-30140",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-11T14:25:36.407227Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-11T14:28:39.384Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An incorrect access control vulnerability exists in Tenda W15E V02.03.01.26_cn. An unauthenticated attacker can access the /cgi-bin/DownloadCfg/RouterCfm.jpg endpoint to download the configuration file containing plaintext administrator credentials, leading to sensitive information disclosure and potential remote administrative access."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-09T18:18:10.417Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/jhx-ui/CVE-Reports/blob/main/README.md#vulnerability-report-tenda-router-sensitive-information-disclosure"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2026-30140",
        "datePublished": "2026-03-09T00:00:00.000Z",
        "dateReserved": "2026-03-04T00:00:00.000Z",
        "dateUpdated": "2026-03-11T14:28:39.384Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-4127 (GCVE-0-2024-4127)

    Vulnerability from nvd – Published: 2024-04-24 19:31 – Updated: 2024-08-01 20:33
    VLAI
    Title
    Tenda W15E guestWifiRuleRefresh stack-based overflow
    Summary
    A vulnerability was found in Tenda W15E 15.11.0.14. It has been classified as critical. Affected is the function guestWifiRuleRefresh. The manipulation of the argument qosGuestDownstream leads to stack-based buffer overflow. It is possible to launch the attack remotely. VDB-261870 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.261870 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.261870 signaturepermissions-required
    https://vuldb.com/?submit.317832 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… related
    Impacted products
    Vendor Product Version
    Tenda W15E Affected: 15.11.0.14
    Create a notification for this product.
    tenda w15e Affected: 15.11.0.14
        cpe:2.3:h:tenda:w15e:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_mie (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:tenda:w15e:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "w15e",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.11.0.14"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4127",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-30T17:15:20.534508Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:53:38.517Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:33:52.421Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-261870 | Tenda W15E guestWifiRuleRefresh stack-based overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.261870"
              },
              {
                "name": "VDB-261870 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.261870"
              },
              {
                "name": "Submit #317832 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.317832"
              },
              {
                "tags": [
                  "related",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/guestWifiRuleRefresh.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "W15E",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "15.11.0.14"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_mie (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda W15E 15.11.0.14. It has been classified as critical. Affected is the function guestWifiRuleRefresh. The manipulation of the argument qosGuestDownstream leads to stack-based buffer overflow. It is possible to launch the attack remotely. VDB-261870 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Es wurde eine kritische Schwachstelle in Tenda W15E 15.11.0.14 ausgemacht. Es betrifft die Funktion guestWifiRuleRefresh. Durch Manipulation des Arguments qosGuestDownstream mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-24T19:31:06.560Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-261870 | Tenda W15E guestWifiRuleRefresh stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.261870"
            },
            {
              "name": "VDB-261870 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.261870"
            },
            {
              "name": "Submit #317832 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.317832"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/guestWifiRuleRefresh.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-04-24T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-04-24T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-04-24T10:25:03.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda W15E guestWifiRuleRefresh stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-4127",
        "datePublished": "2024-04-24T19:31:06.560Z",
        "dateReserved": "2024-04-24T08:19:31.277Z",
        "dateUpdated": "2024-08-01T20:33:52.421Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-4126 (GCVE-0-2024-4126)

    Vulnerability from nvd – Published: 2024-04-24 19:31 – Updated: 2024-08-01 20:33
    VLAI
    Title
    Tenda W15E SetSysTimeCfg formSetSysTime stack-based overflow
    Summary
    A vulnerability was found in Tenda W15E 15.11.0.14 and classified as critical. This issue affects the function formSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument manualTime leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261869 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.261869 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.261869 signaturepermissions-required
    https://vuldb.com/?submit.317831 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    Tenda W15E Affected: 15.11.0.14
    Create a notification for this product.
    tenda w15e_firmware Affected: 15.11.0.14
        cpe:2.3:o:tenda:w15e_firmware:15.11.0.14:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_mie (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:tenda:w15e_firmware:15.11.0.14:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "w15e_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.11.0.14"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4126",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-30T16:19:23.773429Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:53:16.645Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:33:52.364Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-261869 | Tenda W15E SetSysTimeCfg formSetSysTime stack-based overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.261869"
              },
              {
                "name": "VDB-261869 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.261869"
              },
              {
                "name": "Submit #317831 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.317831"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formSetSysTime.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "W15E",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "15.11.0.14"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_mie (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda W15E 15.11.0.14 and classified as critical. This issue affects the function formSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument manualTime leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261869 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Eine kritische Schwachstelle wurde in Tenda W15E 15.11.0.14 gefunden. Hierbei geht es um die Funktion formSetSysTime der Datei /goform/SetSysTimeCfg. Durch die Manipulation des Arguments manualTime mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-24T19:31:04.982Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-261869 | Tenda W15E SetSysTimeCfg formSetSysTime stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.261869"
            },
            {
              "name": "VDB-261869 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.261869"
            },
            {
              "name": "Submit #317831 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.317831"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formSetSysTime.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-04-24T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-04-24T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-04-24T10:25:02.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda W15E SetSysTimeCfg formSetSysTime stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-4126",
        "datePublished": "2024-04-24T19:31:04.982Z",
        "dateReserved": "2024-04-24T08:19:28.404Z",
        "dateUpdated": "2024-08-01T20:33:52.364Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-4125 (GCVE-0-2024-4125)

    Vulnerability from nvd – Published: 2024-04-24 19:00 – Updated: 2024-09-03 19:19
    VLAI
    Title
    Tenda W15E setStaticRoute formSetStaticRoute stack-based overflow
    Summary
    A vulnerability has been found in Tenda W15E 15.11.0.14 and classified as critical. This vulnerability affects the function formSetStaticRoute of the file /goform/setStaticRoute. The manipulation of the argument staticRouteIndex leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261868. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.261868 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.261868 signaturepermissions-required
    https://vuldb.com/?submit.317830 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    Tenda W15E Affected: 15.11.0.14
    Create a notification for this product.
    tenda w15e_firmware Affected: 15.11.0.14
        cpe:2.3:o:tenda:w15e_firmware:15.11.0.14:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_mie (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:33:52.367Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-261868 | Tenda W15E setStaticRoute formSetStaticRoute stack-based overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.261868"
              },
              {
                "name": "VDB-261868 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.261868"
              },
              {
                "name": "Submit #317830 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.317830"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formSetStaticRoute.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:tenda:w15e_firmware:15.11.0.14:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "w15e_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.11.0.14"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4125",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-07T16:22:30.607375Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-03T19:19:55.056Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "W15E",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "15.11.0.14"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_mie (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in Tenda W15E 15.11.0.14 and classified as critical. This vulnerability affects the function formSetStaticRoute of the file /goform/setStaticRoute. The manipulation of the argument staticRouteIndex leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261868. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In Tenda W15E 15.11.0.14 wurde eine kritische Schwachstelle gefunden. Dabei geht es um die Funktion formSetStaticRoute der Datei /goform/setStaticRoute. Mit der Manipulation des Arguments staticRouteIndex mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-24T19:00:05.576Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-261868 | Tenda W15E setStaticRoute formSetStaticRoute stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.261868"
            },
            {
              "name": "VDB-261868 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.261868"
            },
            {
              "name": "Submit #317830 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.317830"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formSetStaticRoute.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-04-24T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-04-24T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-04-24T10:24:59.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda W15E setStaticRoute formSetStaticRoute stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-4125",
        "datePublished": "2024-04-24T19:00:05.576Z",
        "dateReserved": "2024-04-24T08:19:25.474Z",
        "dateUpdated": "2024-09-03T19:19:55.056Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-4124 (GCVE-0-2024-4124)

    Vulnerability from nvd – Published: 2024-04-24 18:31 – Updated: 2024-08-01 20:33
    VLAI
    Title
    Tenda W15E SetRemoteWebManage formSetRemoteWebManage stack-based overflow
    Summary
    A vulnerability, which was classified as critical, was found in Tenda W15E 15.11.0.14. This affects the function formSetRemoteWebManage of the file /goform/SetRemoteWebManage. The manipulation of the argument remoteIP leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261867. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.261867 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.261867 signaturepermissions-required
    https://vuldb.com/?submit.317829 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    Tenda W15E Affected: 15.11.0.14
    Create a notification for this product.
    tenda w15e Affected: 15.11.0.14
        cpe:2.3:a:tenda:w15e:15.11.0.14:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_mie (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:tenda:w15e:15.11.0.14:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "w15e",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.11.0.14"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4124",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-09T16:00:13.187226Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:56:10.405Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:33:52.518Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-261867 | Tenda W15E SetRemoteWebManage formSetRemoteWebManage stack-based overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.261867"
              },
              {
                "name": "VDB-261867 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.261867"
              },
              {
                "name": "Submit #317829 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.317829"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formSetRemoteWebManage.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "W15E",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "15.11.0.14"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_mie (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as critical, was found in Tenda W15E 15.11.0.14. This affects the function formSetRemoteWebManage of the file /goform/SetRemoteWebManage. The manipulation of the argument remoteIP leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261867. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Es wurde eine kritische Schwachstelle in Tenda W15E 15.11.0.14 gefunden. Es geht dabei um die Funktion formSetRemoteWebManage der Datei /goform/SetRemoteWebManage. Dank Manipulation des Arguments remoteIP mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-24T18:31:06.901Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-261867 | Tenda W15E SetRemoteWebManage formSetRemoteWebManage stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.261867"
            },
            {
              "name": "VDB-261867 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.261867"
            },
            {
              "name": "Submit #317829 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.317829"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formSetRemoteWebManage.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-04-24T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-04-24T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-04-24T10:24:58.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda W15E SetRemoteWebManage formSetRemoteWebManage stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-4124",
        "datePublished": "2024-04-24T18:31:06.901Z",
        "dateReserved": "2024-04-24T08:19:22.592Z",
        "dateUpdated": "2024-08-01T20:33:52.518Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-4123 (GCVE-0-2024-4123)

    Vulnerability from nvd – Published: 2024-04-24 18:31 – Updated: 2024-08-01 20:33
    VLAI
    Title
    Tenda W15E SetPortMapping formSetPortMapping stack-based overflow
    Summary
    A vulnerability, which was classified as critical, has been found in Tenda W15E 15.11.0.14. Affected by this issue is the function formSetPortMapping of the file /goform/SetPortMapping. The manipulation of the argument portMappingServer/portMappingProtocol/portMappingWan/porMappingtInternal/portMappingExternal leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-261866 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.261866 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.261866 signaturepermissions-required
    https://vuldb.com/?submit.317828 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    Tenda W15E Affected: 15.11.0.14
    Create a notification for this product.
    Credits
    wxhwxhwxh_mie (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4123",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-29T18:27:25.556651Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:55:36.175Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:33:52.416Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-261866 | Tenda W15E SetPortMapping formSetPortMapping stack-based overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.261866"
              },
              {
                "name": "VDB-261866 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.261866"
              },
              {
                "name": "Submit #317828 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.317828"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formSetPortMapping.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "W15E",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "15.11.0.14"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_mie (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as critical, has been found in Tenda W15E 15.11.0.14. Affected by this issue is the function formSetPortMapping of the file /goform/SetPortMapping. The manipulation of the argument portMappingServer/portMappingProtocol/portMappingWan/porMappingtInternal/portMappingExternal leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-261866 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Eine kritische Schwachstelle wurde in Tenda W15E 15.11.0.14 entdeckt. Es geht hierbei um die Funktion formSetPortMapping der Datei /goform/SetPortMapping. Dank der Manipulation des Arguments portMappingServer/portMappingProtocol/portMappingWan/porMappingtInternal/portMappingExternal mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-24T18:31:05.431Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-261866 | Tenda W15E SetPortMapping formSetPortMapping stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.261866"
            },
            {
              "name": "VDB-261866 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.261866"
            },
            {
              "name": "Submit #317828 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.317828"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formSetPortMapping.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-04-24T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-04-24T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-04-24T10:24:57.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda W15E SetPortMapping formSetPortMapping stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-4123",
        "datePublished": "2024-04-24T18:31:05.431Z",
        "dateReserved": "2024-04-24T08:19:19.690Z",
        "dateUpdated": "2024-08-01T20:33:52.416Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-4122 (GCVE-0-2024-4122)

    Vulnerability from nvd – Published: 2024-04-24 18:00 – Updated: 2024-08-01 20:33
    VLAI
    Title
    Tenda W15E setDebugCfg formSetDebugCfg stack-based overflow
    Summary
    A vulnerability classified as critical was found in Tenda W15E 15.11.0.14. Affected by this vulnerability is the function formSetDebugCfg of the file /goform/setDebugCfg. The manipulation of the argument enable/level/module leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261865 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.261865 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.261865 signaturepermissions-required
    https://vuldb.com/?submit.317827 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    Tenda W15E Affected: 15.11.0.14
    Create a notification for this product.
    tenda w15e Affected: -
        cpe:2.3:h:tenda:w15e:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_mie (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:tenda:w15e:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "w15e",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "-"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4122",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-25T18:09:06.576874Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:54:59.902Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:33:52.409Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-261865 | Tenda W15E setDebugCfg formSetDebugCfg stack-based overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.261865"
              },
              {
                "name": "VDB-261865 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.261865"
              },
              {
                "name": "Submit #317827 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.317827"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formSetDebugCfg.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "W15E",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "15.11.0.14"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_mie (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical was found in Tenda W15E 15.11.0.14. Affected by this vulnerability is the function formSetDebugCfg of the file /goform/setDebugCfg. The manipulation of the argument enable/level/module leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261865 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In Tenda W15E 15.11.0.14 wurde eine kritische Schwachstelle entdeckt. Es geht um die Funktion formSetDebugCfg der Datei /goform/setDebugCfg. Durch Beeinflussen des Arguments enable/level/module mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-24T18:00:08.424Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-261865 | Tenda W15E setDebugCfg formSetDebugCfg stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.261865"
            },
            {
              "name": "VDB-261865 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.261865"
            },
            {
              "name": "Submit #317827 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.317827"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formSetDebugCfg.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-04-24T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-04-24T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-04-24T10:24:55.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda W15E setDebugCfg formSetDebugCfg stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-4122",
        "datePublished": "2024-04-24T18:00:08.424Z",
        "dateReserved": "2024-04-24T08:19:16.994Z",
        "dateUpdated": "2024-08-01T20:33:52.409Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-4121 (GCVE-0-2024-4121)

    Vulnerability from nvd – Published: 2024-04-24 18:00 – Updated: 2024-08-01 20:33
    VLAI
    Title
    Tenda W15E formQOSRuleDel stack-based overflow
    Summary
    A vulnerability classified as critical has been found in Tenda W15E 15.11.0.14. Affected is the function formQOSRuleDel. The manipulation of the argument qosIndex leads to stack-based buffer overflow. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-261864. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.261864 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.261864 signaturepermissions-required
    https://vuldb.com/?submit.317826 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… related
    Impacted products
    Vendor Product Version
    Tenda W15E Affected: 15.11.0.14
    Create a notification for this product.
    tenda w15e_firmware Affected: 15.11.0.14
        cpe:2.3:o:tenda:w15e_firmware:15.11.0.14:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_mie (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:tenda:w15e_firmware:15.11.0.14:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "w15e_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.11.0.14"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4121",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-30T15:08:58.999891Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:54:46.614Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:33:52.570Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-261864 | Tenda W15E formQOSRuleDel stack-based overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.261864"
              },
              {
                "name": "VDB-261864 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.261864"
              },
              {
                "name": "Submit #317826 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.317826"
              },
              {
                "tags": [
                  "related",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formQOSRuleDel.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "W15E",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "15.11.0.14"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_mie (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical has been found in Tenda W15E 15.11.0.14. Affected is the function formQOSRuleDel. The manipulation of the argument qosIndex leads to stack-based buffer overflow. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-261864. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Es wurde eine kritische Schwachstelle in Tenda W15E 15.11.0.14 entdeckt. Betroffen hiervon ist die Funktion formQOSRuleDel. Durch das Beeinflussen des Arguments qosIndex mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-24T18:00:06.618Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-261864 | Tenda W15E formQOSRuleDel stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.261864"
            },
            {
              "name": "VDB-261864 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.261864"
            },
            {
              "name": "Submit #317826 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.317826"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formQOSRuleDel.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-04-24T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-04-24T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-04-24T10:24:53.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda W15E formQOSRuleDel stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-4121",
        "datePublished": "2024-04-24T18:00:06.618Z",
        "dateReserved": "2024-04-24T08:19:14.033Z",
        "dateUpdated": "2024-08-01T20:33:52.570Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-4120 (GCVE-0-2024-4120)

    Vulnerability from nvd – Published: 2024-04-24 17:31 – Updated: 2024-08-01 20:33
    VLAI
    Title
    Tenda W15E modifyIpMacBind formIPMacBindModify stack-based overflow
    Summary
    A vulnerability was found in Tenda W15E 15.11.0.14. It has been rated as critical. This issue affects the function formIPMacBindModify of the file /goform/modifyIpMacBind. The manipulation of the argument IPMacBindRuleId/IPMacBindRuleIp/IPMacBindRuleMac/IPMacBindRuleRemark leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261863. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.261863 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.261863 signaturepermissions-required
    https://vuldb.com/?submit.317825 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    Tenda W15E Affected: 15.11.0.14
    Create a notification for this product.
    tenda w15e Affected: 15.11.0.14
        cpe:2.3:h:tenda:w15e:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_mie (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:tenda:w15e:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "w15e",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.11.0.14"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4120",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-25T16:46:10.912613Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:53:58.385Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:33:52.505Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-261863 | Tenda W15E modifyIpMacBind formIPMacBindModify stack-based overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.261863"
              },
              {
                "name": "VDB-261863 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.261863"
              },
              {
                "name": "Submit #317825 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.317825"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formIPMacBindModify.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "W15E",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "15.11.0.14"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_mie (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda W15E 15.11.0.14. It has been rated as critical. This issue affects the function formIPMacBindModify of the file /goform/modifyIpMacBind. The manipulation of the argument IPMacBindRuleId/IPMacBindRuleIp/IPMacBindRuleMac/IPMacBindRuleRemark leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261863. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in Tenda W15E 15.11.0.14 ausgemacht. Sie wurde als kritisch eingestuft. Betroffen davon ist die Funktion formIPMacBindModify der Datei /goform/modifyIpMacBind. Durch Manipulieren des Arguments IPMacBindRuleId/IPMacBindRuleIp/IPMacBindRuleMac/IPMacBindRuleRemark mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-24T17:31:05.162Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-261863 | Tenda W15E modifyIpMacBind formIPMacBindModify stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.261863"
            },
            {
              "name": "VDB-261863 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.261863"
            },
            {
              "name": "Submit #317825 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.317825"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formIPMacBindModify.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-04-24T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-04-24T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-04-24T10:24:52.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda W15E modifyIpMacBind formIPMacBindModify stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-4120",
        "datePublished": "2024-04-24T17:31:05.162Z",
        "dateReserved": "2024-04-24T08:19:10.839Z",
        "dateUpdated": "2024-08-01T20:33:52.505Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-4119 (GCVE-0-2024-4119)

    Vulnerability from nvd – Published: 2024-04-24 17:00 – Updated: 2024-08-01 20:33
    VLAI
    Title
    Tenda W15E delIpMacBind formIPMacBindDel stack-based overflow
    Summary
    A vulnerability was found in Tenda W15E 15.11.0.14. It has been declared as critical. This vulnerability affects the function formIPMacBindDel of the file /goform/delIpMacBind. The manipulation of the argument IPMacBindIndex leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-261862 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.261862 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.261862 signaturepermissions-required
    https://vuldb.com/?submit.317824 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    Tenda W15E Affected: 15.11.0.14
    Create a notification for this product.
    tenda w15e Affected: 15.11.0.14
        cpe:2.3:a:tenda:w15e:15.11.0.14:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_mie (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:tenda:w15e:15.11.0.14:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "w15e",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.11.0.14"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4119",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-09T16:02:07.050226Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:55:40.492Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:33:52.420Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-261862 | Tenda W15E delIpMacBind formIPMacBindDel stack-based overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.261862"
              },
              {
                "name": "VDB-261862 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.261862"
              },
              {
                "name": "Submit #317824 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.317824"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formIPMacBindDel.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "W15E",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "15.11.0.14"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_mie (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda W15E 15.11.0.14. It has been declared as critical. This vulnerability affects the function formIPMacBindDel of the file /goform/delIpMacBind. The manipulation of the argument IPMacBindIndex leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-261862 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In Tenda W15E 15.11.0.14 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Betroffen ist die Funktion formIPMacBindDel der Datei /goform/delIpMacBind. Durch das Manipulieren des Arguments IPMacBindIndex mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-24T17:00:05.059Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-261862 | Tenda W15E delIpMacBind formIPMacBindDel stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.261862"
            },
            {
              "name": "VDB-261862 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.261862"
            },
            {
              "name": "Submit #317824 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.317824"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formIPMacBindDel.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-04-24T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-04-24T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-04-24T10:24:51.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda W15E delIpMacBind formIPMacBindDel stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-4119",
        "datePublished": "2024-04-24T17:00:05.059Z",
        "dateReserved": "2024-04-24T08:19:07.763Z",
        "dateUpdated": "2024-08-01T20:33:52.420Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-4118 (GCVE-0-2024-4118)

    Vulnerability from nvd – Published: 2024-04-24 16:31 – Updated: 2024-08-01 20:33
    VLAI
    Title
    Tenda W15E addIpMacBind formIPMacBindAdd stack-based overflow
    Summary
    A vulnerability was found in Tenda W15E 15.11.0.14. It has been classified as critical. This affects the function formIPMacBindAdd of the file /goform/addIpMacBind. The manipulation of the argument IPMacBindRule leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261861 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.261861 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.261861 signaturepermissions-required
    https://vuldb.com/?submit.317823 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    Tenda W15E Affected: 15.11.0.14
    Create a notification for this product.
    tenda w15e_firmware Affected: 15.11.0.14
        cpe:2.3:o:tenda:w15e_firmware:15.11.0.14:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_mie (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:tenda:w15e_firmware:15.11.0.14:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "w15e_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.11.0.14"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4118",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-30T19:39:38.857222Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:54:54.700Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:33:52.765Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-261861 | Tenda W15E addIpMacBind formIPMacBindAdd stack-based overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.261861"
              },
              {
                "name": "VDB-261861 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.261861"
              },
              {
                "name": "Submit #317823 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.317823"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formIPMacBindAdd.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "W15E",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "15.11.0.14"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_mie (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda W15E 15.11.0.14. It has been classified as critical. This affects the function formIPMacBindAdd of the file /goform/addIpMacBind. The manipulation of the argument IPMacBindRule leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261861 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in Tenda W15E 15.11.0.14 ausgemacht. Sie wurde als kritisch eingestuft. Hiervon betroffen ist die Funktion formIPMacBindAdd der Datei /goform/addIpMacBind. Mittels Manipulieren des Arguments IPMacBindRule mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-24T16:31:04.948Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-261861 | Tenda W15E addIpMacBind formIPMacBindAdd stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.261861"
            },
            {
              "name": "VDB-261861 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.261861"
            },
            {
              "name": "Submit #317823 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.317823"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formIPMacBindAdd.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-04-24T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-04-24T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-04-24T10:24:49.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda W15E addIpMacBind formIPMacBindAdd stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-4118",
        "datePublished": "2024-04-24T16:31:04.948Z",
        "dateReserved": "2024-04-24T08:19:04.626Z",
        "dateUpdated": "2024-08-01T20:33:52.765Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-4117 (GCVE-0-2024-4117)

    Vulnerability from nvd – Published: 2024-04-24 16:00 – Updated: 2024-08-01 20:33
    VLAI
    Title
    Tenda W15E DelPortMapping formDelPortMapping stack-based overflow
    Summary
    A vulnerability was found in Tenda W15E 15.11.0.14 and classified as critical. Affected by this issue is the function formDelPortMapping of the file /goform/DelPortMapping. The manipulation of the argument portMappingIndex leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261860. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.261860 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.261860 signaturepermissions-required
    https://vuldb.com/?submit.317822 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    Tenda W15E Affected: 15.11.0.14
    Create a notification for this product.
    Credits
    wxhwxhwxh_mie (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4117",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-29T18:29:38.163596Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:54:28.292Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:33:52.356Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-261860 | Tenda W15E DelPortMapping formDelPortMapping stack-based overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.261860"
              },
              {
                "name": "VDB-261860 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.261860"
              },
              {
                "name": "Submit #317822 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.317822"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formDelPortMapping.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "W15E",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "15.11.0.14"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_mie (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda W15E 15.11.0.14 and classified as critical. Affected by this issue is the function formDelPortMapping of the file /goform/DelPortMapping. The manipulation of the argument portMappingIndex leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261860. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in Tenda W15E 15.11.0.14 gefunden. Sie wurde als kritisch eingestuft. Davon betroffen ist die Funktion formDelPortMapping der Datei /goform/DelPortMapping. Mittels dem Manipulieren des Arguments portMappingIndex mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-24T16:00:06.374Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-261860 | Tenda W15E DelPortMapping formDelPortMapping stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.261860"
            },
            {
              "name": "VDB-261860 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.261860"
            },
            {
              "name": "Submit #317822 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.317822"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formDelPortMapping.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-04-24T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-04-24T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-04-24T10:24:47.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda W15E DelPortMapping formDelPortMapping stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-4117",
        "datePublished": "2024-04-24T16:00:06.374Z",
        "dateReserved": "2024-04-24T08:19:01.960Z",
        "dateUpdated": "2024-08-01T20:33:52.356Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-4116 (GCVE-0-2024-4116)

    Vulnerability from nvd – Published: 2024-04-24 16:00 – Updated: 2024-08-01 20:33
    VLAI
    Title
    Tenda W15E DelDhcpRule formDelDhcpRule stack-based overflow
    Summary
    A vulnerability has been found in Tenda W15E 15.11.0.14 and classified as critical. Affected by this vulnerability is the function formDelDhcpRule of the file /goform/DelDhcpRule. The manipulation of the argument delDhcpIndex leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261859. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.261859 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.261859 signaturepermissions-required
    https://vuldb.com/?submit.317819 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    Tenda W15E Affected: 15.11.0.14
    Create a notification for this product.
    tenda w15e Affected: 15.11.0.14
        cpe:2.3:h:tenda:w15e:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_tutu (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:tenda:w15e:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "w15e",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.11.0.14"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4116",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-17T13:31:11.940050Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-17T13:32:48.261Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:33:52.131Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-261859 | Tenda W15E DelDhcpRule formDelDhcpRule stack-based overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.261859"
              },
              {
                "name": "VDB-261859 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.261859"
              },
              {
                "name": "Submit #317819 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.317819"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formDelDhcpRule.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "W15E",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "15.11.0.14"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_tutu (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in Tenda W15E 15.11.0.14 and classified as critical. Affected by this vulnerability is the function formDelDhcpRule of the file /goform/DelDhcpRule. The manipulation of the argument delDhcpIndex leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261859. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In Tenda W15E 15.11.0.14 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Hierbei betrifft es die Funktion formDelDhcpRule der Datei /goform/DelDhcpRule. Durch Manipulation des Arguments delDhcpIndex mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-24T16:00:04.851Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-261859 | Tenda W15E DelDhcpRule formDelDhcpRule stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.261859"
            },
            {
              "name": "VDB-261859 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.261859"
            },
            {
              "name": "Submit #317819 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.317819"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formDelDhcpRule.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-04-24T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-04-24T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-04-24T10:24:46.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda W15E DelDhcpRule formDelDhcpRule stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-4116",
        "datePublished": "2024-04-24T16:00:04.851Z",
        "dateReserved": "2024-04-24T08:18:59.156Z",
        "dateUpdated": "2024-08-01T20:33:52.131Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-4115 (GCVE-0-2024-4115)

    Vulnerability from nvd – Published: 2024-04-24 15:31 – Updated: 2024-08-01 20:33
    VLAI
    Title
    Tenda W15E AddDnsForward formAddDnsForward stack-based overflow
    Summary
    A vulnerability, which was classified as critical, was found in Tenda W15E 15.11.0.14. Affected is the function formAddDnsForward of the file /goform/AddDnsForward. The manipulation of the argument DnsForwardRule leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-261858 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.261858 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.261858 signaturepermissions-required
    https://vuldb.com/?submit.317818 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    Tenda W15E Affected: 15.11.0.14
    Create a notification for this product.
    Credits
    wxhwxhwxh_tutu (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4115",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-26T18:33:54.746492Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:55:26.417Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:33:52.396Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-261858 | Tenda W15E AddDnsForward formAddDnsForward stack-based overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.261858"
              },
              {
                "name": "VDB-261858 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.261858"
              },
              {
                "name": "Submit #317818 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.317818"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formAddDnsForward.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "W15E",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "15.11.0.14"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_tutu (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as critical, was found in Tenda W15E 15.11.0.14. Affected is the function formAddDnsForward of the file /goform/AddDnsForward. The manipulation of the argument DnsForwardRule leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-261858 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in Tenda W15E 15.11.0.14 gefunden. Sie wurde als kritisch eingestuft. Dabei betrifft es die Funktion formAddDnsForward der Datei /goform/AddDnsForward. Durch die Manipulation des Arguments DnsForwardRule mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-24T15:31:05.160Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-261858 | Tenda W15E AddDnsForward formAddDnsForward stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.261858"
            },
            {
              "name": "VDB-261858 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.261858"
            },
            {
              "name": "Submit #317818 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.317818"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formAddDnsForward.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-04-24T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-04-24T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-04-24T10:24:44.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda W15E AddDnsForward formAddDnsForward stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-4115",
        "datePublished": "2024-04-24T15:31:05.160Z",
        "dateReserved": "2024-04-24T08:18:56.429Z",
        "dateUpdated": "2024-08-01T20:33:52.396Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-27065 (GCVE-0-2023-27065)

    Vulnerability from nvd – Published: 2023-03-13 00:00 – Updated: 2025-02-27 20:38
    VLAI
    Summary
    Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the picName parameter in the formDelWewifiPi function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T12:01:32.170Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/didi-zhiyuan/vuln/blob/main/iot/Tenda/W15EV1/formDelWewifiPic.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-27065",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-27T20:37:36.696438Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-27T20:38:24.581Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the picName parameter in the formDelWewifiPi function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-13T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/didi-zhiyuan/vuln/blob/main/iot/Tenda/W15EV1/formDelWewifiPic.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-27065",
        "datePublished": "2023-03-13T00:00:00.000Z",
        "dateReserved": "2023-02-27T00:00:00.000Z",
        "dateUpdated": "2025-02-27T20:38:24.581Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-27064 (GCVE-0-2023-27064)

    Vulnerability from nvd – Published: 2023-03-13 00:00 – Updated: 2025-02-27 20:42
    VLAI
    Summary
    Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the index parameter in the formDelDnsForward function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T12:01:32.375Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/didi-zhiyuan/vuln/blob/main/iot/Tenda/W15EV1/formDelDnsForward.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-27064",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-27T20:41:35.412519Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-27T20:42:45.670Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the index parameter in the formDelDnsForward function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-13T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/didi-zhiyuan/vuln/blob/main/iot/Tenda/W15EV1/formDelDnsForward.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-27064",
        "datePublished": "2023-03-13T00:00:00.000Z",
        "dateReserved": "2023-02-27T00:00:00.000Z",
        "dateUpdated": "2025-02-27T20:42:45.670Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-30140 (GCVE-0-2026-30140)

    Vulnerability from cvelistv5 – Published: 2026-03-09 00:00 – Updated: 2026-03-11 14:28
    VLAI
    Summary
    An incorrect access control vulnerability exists in Tenda W15E V02.03.01.26_cn. An unauthenticated attacker can access the /cgi-bin/DownloadCfg/RouterCfm.jpg endpoint to download the configuration file containing plaintext administrator credentials, leading to sensitive information disclosure and potential remote administrative access.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-284 - Improper Access Control
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-30140",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-11T14:25:36.407227Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-11T14:28:39.384Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An incorrect access control vulnerability exists in Tenda W15E V02.03.01.26_cn. An unauthenticated attacker can access the /cgi-bin/DownloadCfg/RouterCfm.jpg endpoint to download the configuration file containing plaintext administrator credentials, leading to sensitive information disclosure and potential remote administrative access."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-09T18:18:10.417Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/jhx-ui/CVE-Reports/blob/main/README.md#vulnerability-report-tenda-router-sensitive-information-disclosure"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2026-30140",
        "datePublished": "2026-03-09T00:00:00.000Z",
        "dateReserved": "2026-03-04T00:00:00.000Z",
        "dateUpdated": "2026-03-11T14:28:39.384Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-4127 (GCVE-0-2024-4127)

    Vulnerability from cvelistv5 – Published: 2024-04-24 19:31 – Updated: 2024-08-01 20:33
    VLAI
    Title
    Tenda W15E guestWifiRuleRefresh stack-based overflow
    Summary
    A vulnerability was found in Tenda W15E 15.11.0.14. It has been classified as critical. Affected is the function guestWifiRuleRefresh. The manipulation of the argument qosGuestDownstream leads to stack-based buffer overflow. It is possible to launch the attack remotely. VDB-261870 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.261870 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.261870 signaturepermissions-required
    https://vuldb.com/?submit.317832 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… related
    Impacted products
    Vendor Product Version
    Tenda W15E Affected: 15.11.0.14
    Create a notification for this product.
    tenda w15e Affected: 15.11.0.14
        cpe:2.3:h:tenda:w15e:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_mie (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:tenda:w15e:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "w15e",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.11.0.14"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4127",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-30T17:15:20.534508Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:53:38.517Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:33:52.421Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-261870 | Tenda W15E guestWifiRuleRefresh stack-based overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.261870"
              },
              {
                "name": "VDB-261870 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.261870"
              },
              {
                "name": "Submit #317832 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.317832"
              },
              {
                "tags": [
                  "related",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/guestWifiRuleRefresh.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "W15E",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "15.11.0.14"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_mie (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda W15E 15.11.0.14. It has been classified as critical. Affected is the function guestWifiRuleRefresh. The manipulation of the argument qosGuestDownstream leads to stack-based buffer overflow. It is possible to launch the attack remotely. VDB-261870 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Es wurde eine kritische Schwachstelle in Tenda W15E 15.11.0.14 ausgemacht. Es betrifft die Funktion guestWifiRuleRefresh. Durch Manipulation des Arguments qosGuestDownstream mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-24T19:31:06.560Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-261870 | Tenda W15E guestWifiRuleRefresh stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.261870"
            },
            {
              "name": "VDB-261870 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.261870"
            },
            {
              "name": "Submit #317832 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.317832"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/guestWifiRuleRefresh.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-04-24T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-04-24T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-04-24T10:25:03.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda W15E guestWifiRuleRefresh stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-4127",
        "datePublished": "2024-04-24T19:31:06.560Z",
        "dateReserved": "2024-04-24T08:19:31.277Z",
        "dateUpdated": "2024-08-01T20:33:52.421Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-4126 (GCVE-0-2024-4126)

    Vulnerability from cvelistv5 – Published: 2024-04-24 19:31 – Updated: 2024-08-01 20:33
    VLAI
    Title
    Tenda W15E SetSysTimeCfg formSetSysTime stack-based overflow
    Summary
    A vulnerability was found in Tenda W15E 15.11.0.14 and classified as critical. This issue affects the function formSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument manualTime leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261869 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.261869 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.261869 signaturepermissions-required
    https://vuldb.com/?submit.317831 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    Tenda W15E Affected: 15.11.0.14
    Create a notification for this product.
    tenda w15e_firmware Affected: 15.11.0.14
        cpe:2.3:o:tenda:w15e_firmware:15.11.0.14:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_mie (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:tenda:w15e_firmware:15.11.0.14:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "w15e_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.11.0.14"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4126",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-30T16:19:23.773429Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:53:16.645Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:33:52.364Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-261869 | Tenda W15E SetSysTimeCfg formSetSysTime stack-based overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.261869"
              },
              {
                "name": "VDB-261869 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.261869"
              },
              {
                "name": "Submit #317831 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.317831"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formSetSysTime.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "W15E",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "15.11.0.14"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_mie (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda W15E 15.11.0.14 and classified as critical. This issue affects the function formSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument manualTime leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261869 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Eine kritische Schwachstelle wurde in Tenda W15E 15.11.0.14 gefunden. Hierbei geht es um die Funktion formSetSysTime der Datei /goform/SetSysTimeCfg. Durch die Manipulation des Arguments manualTime mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-24T19:31:04.982Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-261869 | Tenda W15E SetSysTimeCfg formSetSysTime stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.261869"
            },
            {
              "name": "VDB-261869 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.261869"
            },
            {
              "name": "Submit #317831 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.317831"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formSetSysTime.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-04-24T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-04-24T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-04-24T10:25:02.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda W15E SetSysTimeCfg formSetSysTime stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-4126",
        "datePublished": "2024-04-24T19:31:04.982Z",
        "dateReserved": "2024-04-24T08:19:28.404Z",
        "dateUpdated": "2024-08-01T20:33:52.364Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-4125 (GCVE-0-2024-4125)

    Vulnerability from cvelistv5 – Published: 2024-04-24 19:00 – Updated: 2024-09-03 19:19
    VLAI
    Title
    Tenda W15E setStaticRoute formSetStaticRoute stack-based overflow
    Summary
    A vulnerability has been found in Tenda W15E 15.11.0.14 and classified as critical. This vulnerability affects the function formSetStaticRoute of the file /goform/setStaticRoute. The manipulation of the argument staticRouteIndex leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261868. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.261868 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.261868 signaturepermissions-required
    https://vuldb.com/?submit.317830 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    Tenda W15E Affected: 15.11.0.14
    Create a notification for this product.
    tenda w15e_firmware Affected: 15.11.0.14
        cpe:2.3:o:tenda:w15e_firmware:15.11.0.14:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_mie (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:33:52.367Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-261868 | Tenda W15E setStaticRoute formSetStaticRoute stack-based overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.261868"
              },
              {
                "name": "VDB-261868 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.261868"
              },
              {
                "name": "Submit #317830 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.317830"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formSetStaticRoute.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:tenda:w15e_firmware:15.11.0.14:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "w15e_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.11.0.14"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4125",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-07T16:22:30.607375Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-03T19:19:55.056Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "W15E",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "15.11.0.14"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_mie (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in Tenda W15E 15.11.0.14 and classified as critical. This vulnerability affects the function formSetStaticRoute of the file /goform/setStaticRoute. The manipulation of the argument staticRouteIndex leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261868. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In Tenda W15E 15.11.0.14 wurde eine kritische Schwachstelle gefunden. Dabei geht es um die Funktion formSetStaticRoute der Datei /goform/setStaticRoute. Mit der Manipulation des Arguments staticRouteIndex mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-24T19:00:05.576Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-261868 | Tenda W15E setStaticRoute formSetStaticRoute stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.261868"
            },
            {
              "name": "VDB-261868 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.261868"
            },
            {
              "name": "Submit #317830 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.317830"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formSetStaticRoute.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-04-24T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-04-24T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-04-24T10:24:59.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda W15E setStaticRoute formSetStaticRoute stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-4125",
        "datePublished": "2024-04-24T19:00:05.576Z",
        "dateReserved": "2024-04-24T08:19:25.474Z",
        "dateUpdated": "2024-09-03T19:19:55.056Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-4124 (GCVE-0-2024-4124)

    Vulnerability from cvelistv5 – Published: 2024-04-24 18:31 – Updated: 2024-08-01 20:33
    VLAI
    Title
    Tenda W15E SetRemoteWebManage formSetRemoteWebManage stack-based overflow
    Summary
    A vulnerability, which was classified as critical, was found in Tenda W15E 15.11.0.14. This affects the function formSetRemoteWebManage of the file /goform/SetRemoteWebManage. The manipulation of the argument remoteIP leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261867. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.261867 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.261867 signaturepermissions-required
    https://vuldb.com/?submit.317829 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    Tenda W15E Affected: 15.11.0.14
    Create a notification for this product.
    tenda w15e Affected: 15.11.0.14
        cpe:2.3:a:tenda:w15e:15.11.0.14:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_mie (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:tenda:w15e:15.11.0.14:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "w15e",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.11.0.14"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4124",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-09T16:00:13.187226Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:56:10.405Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:33:52.518Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-261867 | Tenda W15E SetRemoteWebManage formSetRemoteWebManage stack-based overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.261867"
              },
              {
                "name": "VDB-261867 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.261867"
              },
              {
                "name": "Submit #317829 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.317829"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formSetRemoteWebManage.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "W15E",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "15.11.0.14"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_mie (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as critical, was found in Tenda W15E 15.11.0.14. This affects the function formSetRemoteWebManage of the file /goform/SetRemoteWebManage. The manipulation of the argument remoteIP leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261867. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Es wurde eine kritische Schwachstelle in Tenda W15E 15.11.0.14 gefunden. Es geht dabei um die Funktion formSetRemoteWebManage der Datei /goform/SetRemoteWebManage. Dank Manipulation des Arguments remoteIP mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-24T18:31:06.901Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-261867 | Tenda W15E SetRemoteWebManage formSetRemoteWebManage stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.261867"
            },
            {
              "name": "VDB-261867 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.261867"
            },
            {
              "name": "Submit #317829 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.317829"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formSetRemoteWebManage.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-04-24T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-04-24T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-04-24T10:24:58.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda W15E SetRemoteWebManage formSetRemoteWebManage stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-4124",
        "datePublished": "2024-04-24T18:31:06.901Z",
        "dateReserved": "2024-04-24T08:19:22.592Z",
        "dateUpdated": "2024-08-01T20:33:52.518Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-4123 (GCVE-0-2024-4123)

    Vulnerability from cvelistv5 – Published: 2024-04-24 18:31 – Updated: 2024-08-01 20:33
    VLAI
    Title
    Tenda W15E SetPortMapping formSetPortMapping stack-based overflow
    Summary
    A vulnerability, which was classified as critical, has been found in Tenda W15E 15.11.0.14. Affected by this issue is the function formSetPortMapping of the file /goform/SetPortMapping. The manipulation of the argument portMappingServer/portMappingProtocol/portMappingWan/porMappingtInternal/portMappingExternal leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-261866 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.261866 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.261866 signaturepermissions-required
    https://vuldb.com/?submit.317828 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    Tenda W15E Affected: 15.11.0.14
    Create a notification for this product.
    Credits
    wxhwxhwxh_mie (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4123",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-29T18:27:25.556651Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:55:36.175Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:33:52.416Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-261866 | Tenda W15E SetPortMapping formSetPortMapping stack-based overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.261866"
              },
              {
                "name": "VDB-261866 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.261866"
              },
              {
                "name": "Submit #317828 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.317828"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formSetPortMapping.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "W15E",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "15.11.0.14"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_mie (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as critical, has been found in Tenda W15E 15.11.0.14. Affected by this issue is the function formSetPortMapping of the file /goform/SetPortMapping. The manipulation of the argument portMappingServer/portMappingProtocol/portMappingWan/porMappingtInternal/portMappingExternal leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-261866 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Eine kritische Schwachstelle wurde in Tenda W15E 15.11.0.14 entdeckt. Es geht hierbei um die Funktion formSetPortMapping der Datei /goform/SetPortMapping. Dank der Manipulation des Arguments portMappingServer/portMappingProtocol/portMappingWan/porMappingtInternal/portMappingExternal mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-24T18:31:05.431Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-261866 | Tenda W15E SetPortMapping formSetPortMapping stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.261866"
            },
            {
              "name": "VDB-261866 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.261866"
            },
            {
              "name": "Submit #317828 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.317828"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formSetPortMapping.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-04-24T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-04-24T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-04-24T10:24:57.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda W15E SetPortMapping formSetPortMapping stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-4123",
        "datePublished": "2024-04-24T18:31:05.431Z",
        "dateReserved": "2024-04-24T08:19:19.690Z",
        "dateUpdated": "2024-08-01T20:33:52.416Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-4122 (GCVE-0-2024-4122)

    Vulnerability from cvelistv5 – Published: 2024-04-24 18:00 – Updated: 2024-08-01 20:33
    VLAI
    Title
    Tenda W15E setDebugCfg formSetDebugCfg stack-based overflow
    Summary
    A vulnerability classified as critical was found in Tenda W15E 15.11.0.14. Affected by this vulnerability is the function formSetDebugCfg of the file /goform/setDebugCfg. The manipulation of the argument enable/level/module leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261865 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.261865 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.261865 signaturepermissions-required
    https://vuldb.com/?submit.317827 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    Tenda W15E Affected: 15.11.0.14
    Create a notification for this product.
    tenda w15e Affected: -
        cpe:2.3:h:tenda:w15e:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_mie (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:tenda:w15e:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "w15e",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "-"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4122",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-25T18:09:06.576874Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:54:59.902Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:33:52.409Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-261865 | Tenda W15E setDebugCfg formSetDebugCfg stack-based overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.261865"
              },
              {
                "name": "VDB-261865 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.261865"
              },
              {
                "name": "Submit #317827 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.317827"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formSetDebugCfg.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "W15E",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "15.11.0.14"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_mie (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical was found in Tenda W15E 15.11.0.14. Affected by this vulnerability is the function formSetDebugCfg of the file /goform/setDebugCfg. The manipulation of the argument enable/level/module leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261865 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In Tenda W15E 15.11.0.14 wurde eine kritische Schwachstelle entdeckt. Es geht um die Funktion formSetDebugCfg der Datei /goform/setDebugCfg. Durch Beeinflussen des Arguments enable/level/module mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-24T18:00:08.424Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-261865 | Tenda W15E setDebugCfg formSetDebugCfg stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.261865"
            },
            {
              "name": "VDB-261865 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.261865"
            },
            {
              "name": "Submit #317827 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.317827"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formSetDebugCfg.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-04-24T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-04-24T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-04-24T10:24:55.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda W15E setDebugCfg formSetDebugCfg stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-4122",
        "datePublished": "2024-04-24T18:00:08.424Z",
        "dateReserved": "2024-04-24T08:19:16.994Z",
        "dateUpdated": "2024-08-01T20:33:52.409Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-4121 (GCVE-0-2024-4121)

    Vulnerability from cvelistv5 – Published: 2024-04-24 18:00 – Updated: 2024-08-01 20:33
    VLAI
    Title
    Tenda W15E formQOSRuleDel stack-based overflow
    Summary
    A vulnerability classified as critical has been found in Tenda W15E 15.11.0.14. Affected is the function formQOSRuleDel. The manipulation of the argument qosIndex leads to stack-based buffer overflow. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-261864. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.261864 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.261864 signaturepermissions-required
    https://vuldb.com/?submit.317826 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… related
    Impacted products
    Vendor Product Version
    Tenda W15E Affected: 15.11.0.14
    Create a notification for this product.
    tenda w15e_firmware Affected: 15.11.0.14
        cpe:2.3:o:tenda:w15e_firmware:15.11.0.14:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_mie (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:tenda:w15e_firmware:15.11.0.14:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "w15e_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.11.0.14"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4121",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-30T15:08:58.999891Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:54:46.614Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:33:52.570Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-261864 | Tenda W15E formQOSRuleDel stack-based overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.261864"
              },
              {
                "name": "VDB-261864 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.261864"
              },
              {
                "name": "Submit #317826 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.317826"
              },
              {
                "tags": [
                  "related",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formQOSRuleDel.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "W15E",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "15.11.0.14"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_mie (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical has been found in Tenda W15E 15.11.0.14. Affected is the function formQOSRuleDel. The manipulation of the argument qosIndex leads to stack-based buffer overflow. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-261864. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Es wurde eine kritische Schwachstelle in Tenda W15E 15.11.0.14 entdeckt. Betroffen hiervon ist die Funktion formQOSRuleDel. Durch das Beeinflussen des Arguments qosIndex mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-24T18:00:06.618Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-261864 | Tenda W15E formQOSRuleDel stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.261864"
            },
            {
              "name": "VDB-261864 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.261864"
            },
            {
              "name": "Submit #317826 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.317826"
            },
            {
              "tags": [
                "related"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formQOSRuleDel.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-04-24T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-04-24T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-04-24T10:24:53.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda W15E formQOSRuleDel stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-4121",
        "datePublished": "2024-04-24T18:00:06.618Z",
        "dateReserved": "2024-04-24T08:19:14.033Z",
        "dateUpdated": "2024-08-01T20:33:52.570Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-4120 (GCVE-0-2024-4120)

    Vulnerability from cvelistv5 – Published: 2024-04-24 17:31 – Updated: 2024-08-01 20:33
    VLAI
    Title
    Tenda W15E modifyIpMacBind formIPMacBindModify stack-based overflow
    Summary
    A vulnerability was found in Tenda W15E 15.11.0.14. It has been rated as critical. This issue affects the function formIPMacBindModify of the file /goform/modifyIpMacBind. The manipulation of the argument IPMacBindRuleId/IPMacBindRuleIp/IPMacBindRuleMac/IPMacBindRuleRemark leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261863. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.261863 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.261863 signaturepermissions-required
    https://vuldb.com/?submit.317825 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    Tenda W15E Affected: 15.11.0.14
    Create a notification for this product.
    tenda w15e Affected: 15.11.0.14
        cpe:2.3:h:tenda:w15e:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_mie (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:tenda:w15e:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "w15e",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.11.0.14"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4120",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-25T16:46:10.912613Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:53:58.385Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:33:52.505Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-261863 | Tenda W15E modifyIpMacBind formIPMacBindModify stack-based overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.261863"
              },
              {
                "name": "VDB-261863 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.261863"
              },
              {
                "name": "Submit #317825 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.317825"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formIPMacBindModify.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "W15E",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "15.11.0.14"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_mie (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda W15E 15.11.0.14. It has been rated as critical. This issue affects the function formIPMacBindModify of the file /goform/modifyIpMacBind. The manipulation of the argument IPMacBindRuleId/IPMacBindRuleIp/IPMacBindRuleMac/IPMacBindRuleRemark leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261863. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in Tenda W15E 15.11.0.14 ausgemacht. Sie wurde als kritisch eingestuft. Betroffen davon ist die Funktion formIPMacBindModify der Datei /goform/modifyIpMacBind. Durch Manipulieren des Arguments IPMacBindRuleId/IPMacBindRuleIp/IPMacBindRuleMac/IPMacBindRuleRemark mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-24T17:31:05.162Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-261863 | Tenda W15E modifyIpMacBind formIPMacBindModify stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.261863"
            },
            {
              "name": "VDB-261863 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.261863"
            },
            {
              "name": "Submit #317825 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.317825"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formIPMacBindModify.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-04-24T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-04-24T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-04-24T10:24:52.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda W15E modifyIpMacBind formIPMacBindModify stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-4120",
        "datePublished": "2024-04-24T17:31:05.162Z",
        "dateReserved": "2024-04-24T08:19:10.839Z",
        "dateUpdated": "2024-08-01T20:33:52.505Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-4119 (GCVE-0-2024-4119)

    Vulnerability from cvelistv5 – Published: 2024-04-24 17:00 – Updated: 2024-08-01 20:33
    VLAI
    Title
    Tenda W15E delIpMacBind formIPMacBindDel stack-based overflow
    Summary
    A vulnerability was found in Tenda W15E 15.11.0.14. It has been declared as critical. This vulnerability affects the function formIPMacBindDel of the file /goform/delIpMacBind. The manipulation of the argument IPMacBindIndex leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-261862 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.261862 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.261862 signaturepermissions-required
    https://vuldb.com/?submit.317824 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    Tenda W15E Affected: 15.11.0.14
    Create a notification for this product.
    tenda w15e Affected: 15.11.0.14
        cpe:2.3:a:tenda:w15e:15.11.0.14:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_mie (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:tenda:w15e:15.11.0.14:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "w15e",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.11.0.14"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4119",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-09T16:02:07.050226Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:55:40.492Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:33:52.420Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-261862 | Tenda W15E delIpMacBind formIPMacBindDel stack-based overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.261862"
              },
              {
                "name": "VDB-261862 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.261862"
              },
              {
                "name": "Submit #317824 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.317824"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formIPMacBindDel.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "W15E",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "15.11.0.14"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_mie (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda W15E 15.11.0.14. It has been declared as critical. This vulnerability affects the function formIPMacBindDel of the file /goform/delIpMacBind. The manipulation of the argument IPMacBindIndex leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-261862 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In Tenda W15E 15.11.0.14 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Betroffen ist die Funktion formIPMacBindDel der Datei /goform/delIpMacBind. Durch das Manipulieren des Arguments IPMacBindIndex mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-24T17:00:05.059Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-261862 | Tenda W15E delIpMacBind formIPMacBindDel stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.261862"
            },
            {
              "name": "VDB-261862 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.261862"
            },
            {
              "name": "Submit #317824 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.317824"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formIPMacBindDel.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-04-24T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-04-24T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-04-24T10:24:51.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda W15E delIpMacBind formIPMacBindDel stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-4119",
        "datePublished": "2024-04-24T17:00:05.059Z",
        "dateReserved": "2024-04-24T08:19:07.763Z",
        "dateUpdated": "2024-08-01T20:33:52.420Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-4118 (GCVE-0-2024-4118)

    Vulnerability from cvelistv5 – Published: 2024-04-24 16:31 – Updated: 2024-08-01 20:33
    VLAI
    Title
    Tenda W15E addIpMacBind formIPMacBindAdd stack-based overflow
    Summary
    A vulnerability was found in Tenda W15E 15.11.0.14. It has been classified as critical. This affects the function formIPMacBindAdd of the file /goform/addIpMacBind. The manipulation of the argument IPMacBindRule leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261861 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.261861 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.261861 signaturepermissions-required
    https://vuldb.com/?submit.317823 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    Tenda W15E Affected: 15.11.0.14
    Create a notification for this product.
    tenda w15e_firmware Affected: 15.11.0.14
        cpe:2.3:o:tenda:w15e_firmware:15.11.0.14:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_mie (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:tenda:w15e_firmware:15.11.0.14:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "w15e_firmware",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.11.0.14"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4118",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-30T19:39:38.857222Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:54:54.700Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:33:52.765Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-261861 | Tenda W15E addIpMacBind formIPMacBindAdd stack-based overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.261861"
              },
              {
                "name": "VDB-261861 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.261861"
              },
              {
                "name": "Submit #317823 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.317823"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formIPMacBindAdd.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "W15E",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "15.11.0.14"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_mie (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda W15E 15.11.0.14. It has been classified as critical. This affects the function formIPMacBindAdd of the file /goform/addIpMacBind. The manipulation of the argument IPMacBindRule leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261861 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in Tenda W15E 15.11.0.14 ausgemacht. Sie wurde als kritisch eingestuft. Hiervon betroffen ist die Funktion formIPMacBindAdd der Datei /goform/addIpMacBind. Mittels Manipulieren des Arguments IPMacBindRule mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-24T16:31:04.948Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-261861 | Tenda W15E addIpMacBind formIPMacBindAdd stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.261861"
            },
            {
              "name": "VDB-261861 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.261861"
            },
            {
              "name": "Submit #317823 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.317823"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formIPMacBindAdd.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-04-24T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-04-24T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-04-24T10:24:49.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda W15E addIpMacBind formIPMacBindAdd stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-4118",
        "datePublished": "2024-04-24T16:31:04.948Z",
        "dateReserved": "2024-04-24T08:19:04.626Z",
        "dateUpdated": "2024-08-01T20:33:52.765Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-4117 (GCVE-0-2024-4117)

    Vulnerability from cvelistv5 – Published: 2024-04-24 16:00 – Updated: 2024-08-01 20:33
    VLAI
    Title
    Tenda W15E DelPortMapping formDelPortMapping stack-based overflow
    Summary
    A vulnerability was found in Tenda W15E 15.11.0.14 and classified as critical. Affected by this issue is the function formDelPortMapping of the file /goform/DelPortMapping. The manipulation of the argument portMappingIndex leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261860. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.261860 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.261860 signaturepermissions-required
    https://vuldb.com/?submit.317822 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    Tenda W15E Affected: 15.11.0.14
    Create a notification for this product.
    Credits
    wxhwxhwxh_mie (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4117",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-29T18:29:38.163596Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:54:28.292Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:33:52.356Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-261860 | Tenda W15E DelPortMapping formDelPortMapping stack-based overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.261860"
              },
              {
                "name": "VDB-261860 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.261860"
              },
              {
                "name": "Submit #317822 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.317822"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formDelPortMapping.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "W15E",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "15.11.0.14"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_mie (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Tenda W15E 15.11.0.14 and classified as critical. Affected by this issue is the function formDelPortMapping of the file /goform/DelPortMapping. The manipulation of the argument portMappingIndex leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261860. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in Tenda W15E 15.11.0.14 gefunden. Sie wurde als kritisch eingestuft. Davon betroffen ist die Funktion formDelPortMapping der Datei /goform/DelPortMapping. Mittels dem Manipulieren des Arguments portMappingIndex mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-24T16:00:06.374Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-261860 | Tenda W15E DelPortMapping formDelPortMapping stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.261860"
            },
            {
              "name": "VDB-261860 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.261860"
            },
            {
              "name": "Submit #317822 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.317822"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formDelPortMapping.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-04-24T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-04-24T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-04-24T10:24:47.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda W15E DelPortMapping formDelPortMapping stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-4117",
        "datePublished": "2024-04-24T16:00:06.374Z",
        "dateReserved": "2024-04-24T08:19:01.960Z",
        "dateUpdated": "2024-08-01T20:33:52.356Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-4116 (GCVE-0-2024-4116)

    Vulnerability from cvelistv5 – Published: 2024-04-24 16:00 – Updated: 2024-08-01 20:33
    VLAI
    Title
    Tenda W15E DelDhcpRule formDelDhcpRule stack-based overflow
    Summary
    A vulnerability has been found in Tenda W15E 15.11.0.14 and classified as critical. Affected by this vulnerability is the function formDelDhcpRule of the file /goform/DelDhcpRule. The manipulation of the argument delDhcpIndex leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261859. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.261859 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.261859 signaturepermissions-required
    https://vuldb.com/?submit.317819 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    Tenda W15E Affected: 15.11.0.14
    Create a notification for this product.
    tenda w15e Affected: 15.11.0.14
        cpe:2.3:h:tenda:w15e:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wxhwxhwxh_tutu (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:tenda:w15e:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "w15e",
                "vendor": "tenda",
                "versions": [
                  {
                    "status": "affected",
                    "version": "15.11.0.14"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4116",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-17T13:31:11.940050Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-17T13:32:48.261Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:33:52.131Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-261859 | Tenda W15E DelDhcpRule formDelDhcpRule stack-based overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.261859"
              },
              {
                "name": "VDB-261859 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.261859"
              },
              {
                "name": "Submit #317819 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.317819"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formDelDhcpRule.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "W15E",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "15.11.0.14"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_tutu (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in Tenda W15E 15.11.0.14 and classified as critical. Affected by this vulnerability is the function formDelDhcpRule of the file /goform/DelDhcpRule. The manipulation of the argument delDhcpIndex leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261859. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In Tenda W15E 15.11.0.14 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Hierbei betrifft es die Funktion formDelDhcpRule der Datei /goform/DelDhcpRule. Durch Manipulation des Arguments delDhcpIndex mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-24T16:00:04.851Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-261859 | Tenda W15E DelDhcpRule formDelDhcpRule stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.261859"
            },
            {
              "name": "VDB-261859 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.261859"
            },
            {
              "name": "Submit #317819 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.317819"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formDelDhcpRule.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-04-24T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-04-24T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-04-24T10:24:46.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda W15E DelDhcpRule formDelDhcpRule stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-4116",
        "datePublished": "2024-04-24T16:00:04.851Z",
        "dateReserved": "2024-04-24T08:18:59.156Z",
        "dateUpdated": "2024-08-01T20:33:52.131Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-4115 (GCVE-0-2024-4115)

    Vulnerability from cvelistv5 – Published: 2024-04-24 15:31 – Updated: 2024-08-01 20:33
    VLAI
    Title
    Tenda W15E AddDnsForward formAddDnsForward stack-based overflow
    Summary
    A vulnerability, which was classified as critical, was found in Tenda W15E 15.11.0.14. Affected is the function formAddDnsForward of the file /goform/AddDnsForward. The manipulation of the argument DnsForwardRule leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-261858 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.261858 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.261858 signaturepermissions-required
    https://vuldb.com/?submit.317818 third-party-advisory
    https://github.com/abcdefg-png/IoT-vulnerable/blo… exploit
    Impacted products
    Vendor Product Version
    Tenda W15E Affected: 15.11.0.14
    Create a notification for this product.
    Credits
    wxhwxhwxh_tutu (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4115",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-26T18:33:54.746492Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:55:26.417Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:33:52.396Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-261858 | Tenda W15E AddDnsForward formAddDnsForward stack-based overflow",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.261858"
              },
              {
                "name": "VDB-261858 | CTI Indicators (IOB, IOC, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.261858"
              },
              {
                "name": "Submit #317818 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?submit.317818"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formAddDnsForward.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "W15E",
              "vendor": "Tenda",
              "versions": [
                {
                  "status": "affected",
                  "version": "15.11.0.14"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wxhwxhwxh_tutu (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability, which was classified as critical, was found in Tenda W15E 15.11.0.14. Affected is the function formAddDnsForward of the file /goform/AddDnsForward. The manipulation of the argument DnsForwardRule leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-261858 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Es wurde eine Schwachstelle in Tenda W15E 15.11.0.14 gefunden. Sie wurde als kritisch eingestuft. Dabei betrifft es die Funktion formAddDnsForward der Datei /goform/AddDnsForward. Durch die Manipulation des Arguments DnsForwardRule mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-24T15:31:05.160Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-261858 | Tenda W15E AddDnsForward formAddDnsForward stack-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.261858"
            },
            {
              "name": "VDB-261858 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.261858"
            },
            {
              "name": "Submit #317818 | Tenda W15EV1.0 V15.11.0.14 Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.317818"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formAddDnsForward.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-04-24T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-04-24T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-04-24T10:24:44.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tenda W15E AddDnsForward formAddDnsForward stack-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-4115",
        "datePublished": "2024-04-24T15:31:05.160Z",
        "dateReserved": "2024-04-24T08:18:56.429Z",
        "dateUpdated": "2024-08-01T20:33:52.396Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }