Search criteria
32 vulnerabilities found for ax9_firmware by tenda
CVE-2025-14636 (GCVE-0-2025-14636)
Vulnerability from nvd – Published: 2025-12-13 19:02 – Updated: 2025-12-15 21:44
VLAI?
Title
Tenda AX9 httpd image_check weak hash
Summary
A security flaw has been discovered in Tenda AX9 22.03.01.46. This affects the function image_check of the component httpd. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high complexity level is associated with this attack. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be exploited.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Credits
IOT_Res (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14636",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T21:44:39.098825Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T21:44:49.245Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"httpd"
],
"product": "AX9",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "22.03.01.46"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "IOT_Res (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in Tenda AX9 22.03.01.46. This affects the function image_check of the component httpd. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high complexity level is associated with this attack. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be exploited."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-328",
"description": "Use of Weak Hash",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-13T19:02:08.025Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-336361 | Tenda AX9 httpd image_check weak hash",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.336361"
},
{
"name": "VDB-336361 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.336361"
},
{
"name": "Submit #707213 | Tenda AX9 V22.03.01.46 CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.707213"
},
{
"tags": [
"exploit",
"patch"
],
"url": "https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Tenda/AX9_Inte.md"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-12-13T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-12-13T03:00:43.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AX9 httpd image_check weak hash"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-14636",
"datePublished": "2025-12-13T19:02:08.025Z",
"dateReserved": "2025-12-13T01:55:39.525Z",
"dateUpdated": "2025-12-15T21:44:49.245Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-39963 (GCVE-0-2024-39963)
Vulnerability from nvd – Published: 2024-07-19 00:00 – Updated: 2024-08-02 04:33
VLAI?
Summary
AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX9 V22.03.01.46 and AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX12 V1.0 V22.03.01.46 were discovered to contain an authenticated remote command execution (RCE) vulnerability via the macFilterType parameter at /goform/setMacFilterCfg.
Severity ?
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:ax9_firmware:22.03.01.46:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ax9_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "22.03.01.46"
}
]
},
{
"cpes": [
"cpe:2.3:o:tenda:ax12_firmware:22.03.01.46:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ax12_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "22.03.01.46"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-39963",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-26T14:45:48.820129Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T14:48:21.387Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:33:11.517Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gist.github.com/Swind1er/c8e4369c7fdfd750c8ad01a276105c57"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX9 V22.03.01.46 and AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX12 V1.0 V22.03.01.46 were discovered to contain an authenticated remote command execution (RCE) vulnerability via the macFilterType parameter at /goform/setMacFilterCfg."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T14:25:40.907079",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gist.github.com/Swind1er/c8e4369c7fdfd750c8ad01a276105c57"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-39963",
"datePublished": "2024-07-19T00:00:00",
"dateReserved": "2024-07-05T00:00:00",
"dateUpdated": "2024-08-02T04:33:11.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47422 (GCVE-0-2023-47422)
Vulnerability from nvd – Published: 2024-02-20 00:00 – Updated: 2024-08-26 15:26
VLAI?
Summary
An access control issue in /usr/sbin/httpd in Tenda TX9 V1 V22.03.02.54, Tenda AX3 V3 V16.03.12.11, Tenda AX9 V1 V22.03.01.46, and Tenda AX12 V1 V22.03.01.46 allows attackers to bypass authentication on any endpoint via a crafted URL.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:09:37.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/xiaobye-ctf/My-CVE/tree/main/Tenda/CVE-2023-47422"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:tx9_v1_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tx9_v1_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "22.03.02.54"
}
]
},
{
"cpes": [
"cpe:2.3:o:tenda:ax3_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ax3_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "16.03.12.11"
}
]
},
{
"cpes": [
"cpe:2.3:o:tenda:ax9_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ax9_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "22.03.01.46"
}
]
},
{
"cpes": [
"cpe:2.3:o:tenda:ax12_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ax12_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "22.03.01.46"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-47422",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-26T15:20:22.545183Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T15:26:43.471Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An access control issue in /usr/sbin/httpd in Tenda TX9 V1 V22.03.02.54, Tenda AX3 V3 V16.03.12.11, Tenda AX9 V1 V22.03.01.46, and Tenda AX12 V1 V22.03.01.46 allows attackers to bypass authentication on any endpoint via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-20T21:56:36.355977",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/xiaobye-ctf/My-CVE/tree/main/Tenda/CVE-2023-47422"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-47422",
"datePublished": "2024-02-20T00:00:00",
"dateReserved": "2023-11-06T00:00:00",
"dateUpdated": "2024-08-26T15:26:43.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49435 (GCVE-0-2023-49435)
Vulnerability from nvd – Published: 2023-12-07 00:00 – Updated: 2024-08-02 21:53
VLAI?
Summary
Tenda AX9 V22.03.01.46 is vulnerable to command injection.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:53:45.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetNetControlList-3.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AX9 V22.03.01.46 is vulnerable to command injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-07T15:29:45.902726",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetNetControlList-3.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-49435",
"datePublished": "2023-12-07T00:00:00",
"dateReserved": "2023-11-27T00:00:00",
"dateUpdated": "2024-08-02T21:53:45.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49430 (GCVE-0-2023-49430)
Vulnerability from nvd – Published: 2023-12-07 00:00 – Updated: 2024-08-02 21:53
VLAI?
Summary
Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetStaticRouteCfg.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:53:45.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetStaticRouteCfg.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the \u0027list\u0027 parameter at /goform/SetStaticRouteCfg."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-07T15:33:48.262946",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetStaticRouteCfg.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-49430",
"datePublished": "2023-12-07T00:00:00",
"dateReserved": "2023-11-27T00:00:00",
"dateUpdated": "2024-08-02T21:53:45.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49429 (GCVE-0-2023-49429)
Vulnerability from nvd – Published: 2023-12-07 00:00 – Updated: 2024-08-28 17:19
VLAI?
Summary
Tenda AX9 V22.03.01.46 was discovered to contain a SQL command injection vulnerability in the 'setDeviceInfo' feature through the 'mac' parameter at /goform/setModules.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:53:45.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/setDeviceInfo.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:ax9_firmware:22.03.01.46:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ax9_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "22.03.01.46"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-49429",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T17:18:22.479778Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T17:19:42.942Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AX9 V22.03.01.46 was discovered to contain a SQL command injection vulnerability in the \u0027setDeviceInfo\u0027 feature through the \u0027mac\u0027 parameter at /goform/setModules."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-07T15:32:22.949451",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/setDeviceInfo.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-49429",
"datePublished": "2023-12-07T00:00:00",
"dateReserved": "2023-11-27T00:00:00",
"dateUpdated": "2024-08-28T17:19:42.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49432 (GCVE-0-2023-49432)
Vulnerability from nvd – Published: 2023-12-07 00:00 – Updated: 2024-11-26 15:35
VLAI?
Summary
Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'deviceList' parameter at /goform/setMacFilterCfg.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:53:45.422Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/setMacFilterCfg.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-49432",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T15:35:27.874149Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T15:35:40.607Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the \u0027deviceList\u0027 parameter at /goform/setMacFilterCfg."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-07T16:03:49.671124",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/setMacFilterCfg.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-49432",
"datePublished": "2023-12-07T00:00:00",
"dateReserved": "2023-11-27T00:00:00",
"dateUpdated": "2024-11-26T15:35:40.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49436 (GCVE-0-2023-49436)
Vulnerability from nvd – Published: 2023-12-07 00:00 – Updated: 2024-08-02 21:53
VLAI?
Summary
Tenda AX9 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:53:45.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetNetControlList-2.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AX9 V22.03.01.46 has been discovered to contain a command injection vulnerability in the \u0027list\u0027 parameter at /goform/SetNetControlList."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-07T15:27:39.276335",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetNetControlList-2.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-49436",
"datePublished": "2023-12-07T00:00:00",
"dateReserved": "2023-11-27T00:00:00",
"dateUpdated": "2024-08-02T21:53:45.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49431 (GCVE-0-2023-49431)
Vulnerability from nvd – Published: 2023-12-07 00:00 – Updated: 2024-08-02 21:53
VLAI?
Summary
Tenda AX9 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac' parameter at /goform/SetOnlineDevName.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:53:45.428Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetOnlineDevName.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AX9 V22.03.01.46 has been discovered to contain a command injection vulnerability in the \u0027mac\u0027 parameter at /goform/SetOnlineDevName."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-07T16:02:45.878831",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetOnlineDevName.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-49431",
"datePublished": "2023-12-07T00:00:00",
"dateReserved": "2023-11-27T00:00:00",
"dateUpdated": "2024-08-02T21:53:45.428Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49434 (GCVE-0-2023-49434)
Vulnerability from nvd – Published: 2023-12-07 00:00 – Updated: 2024-08-02 21:53
VLAI?
Summary
Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetNetControlList.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:53:45.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetNetControlList.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the \u0027list\u0027 parameter at /goform/SetNetControlList."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-07T16:05:57.032144",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetNetControlList.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-49434",
"datePublished": "2023-12-07T00:00:00",
"dateReserved": "2023-11-27T00:00:00",
"dateUpdated": "2024-08-02T21:53:45.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-14636 (GCVE-0-2025-14636)
Vulnerability from cvelistv5 – Published: 2025-12-13 19:02 – Updated: 2025-12-15 21:44
VLAI?
Title
Tenda AX9 httpd image_check weak hash
Summary
A security flaw has been discovered in Tenda AX9 22.03.01.46. This affects the function image_check of the component httpd. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high complexity level is associated with this attack. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be exploited.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Credits
IOT_Res (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14636",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T21:44:39.098825Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T21:44:49.245Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"httpd"
],
"product": "AX9",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "22.03.01.46"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "IOT_Res (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in Tenda AX9 22.03.01.46. This affects the function image_check of the component httpd. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high complexity level is associated with this attack. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be exploited."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-328",
"description": "Use of Weak Hash",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-13T19:02:08.025Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-336361 | Tenda AX9 httpd image_check weak hash",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.336361"
},
{
"name": "VDB-336361 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.336361"
},
{
"name": "Submit #707213 | Tenda AX9 V22.03.01.46 CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.707213"
},
{
"tags": [
"exploit",
"patch"
],
"url": "https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Tenda/AX9_Inte.md"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-12-13T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-12-13T03:00:43.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AX9 httpd image_check weak hash"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-14636",
"datePublished": "2025-12-13T19:02:08.025Z",
"dateReserved": "2025-12-13T01:55:39.525Z",
"dateUpdated": "2025-12-15T21:44:49.245Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-39963 (GCVE-0-2024-39963)
Vulnerability from cvelistv5 – Published: 2024-07-19 00:00 – Updated: 2024-08-02 04:33
VLAI?
Summary
AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX9 V22.03.01.46 and AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX12 V1.0 V22.03.01.46 were discovered to contain an authenticated remote command execution (RCE) vulnerability via the macFilterType parameter at /goform/setMacFilterCfg.
Severity ?
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:ax9_firmware:22.03.01.46:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ax9_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "22.03.01.46"
}
]
},
{
"cpes": [
"cpe:2.3:o:tenda:ax12_firmware:22.03.01.46:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ax12_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "22.03.01.46"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-39963",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-26T14:45:48.820129Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T14:48:21.387Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:33:11.517Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gist.github.com/Swind1er/c8e4369c7fdfd750c8ad01a276105c57"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX9 V22.03.01.46 and AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX12 V1.0 V22.03.01.46 were discovered to contain an authenticated remote command execution (RCE) vulnerability via the macFilterType parameter at /goform/setMacFilterCfg."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T14:25:40.907079",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gist.github.com/Swind1er/c8e4369c7fdfd750c8ad01a276105c57"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-39963",
"datePublished": "2024-07-19T00:00:00",
"dateReserved": "2024-07-05T00:00:00",
"dateUpdated": "2024-08-02T04:33:11.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47422 (GCVE-0-2023-47422)
Vulnerability from cvelistv5 – Published: 2024-02-20 00:00 – Updated: 2024-08-26 15:26
VLAI?
Summary
An access control issue in /usr/sbin/httpd in Tenda TX9 V1 V22.03.02.54, Tenda AX3 V3 V16.03.12.11, Tenda AX9 V1 V22.03.01.46, and Tenda AX12 V1 V22.03.01.46 allows attackers to bypass authentication on any endpoint via a crafted URL.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:09:37.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/xiaobye-ctf/My-CVE/tree/main/Tenda/CVE-2023-47422"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:tx9_v1_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tx9_v1_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "22.03.02.54"
}
]
},
{
"cpes": [
"cpe:2.3:o:tenda:ax3_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ax3_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "16.03.12.11"
}
]
},
{
"cpes": [
"cpe:2.3:o:tenda:ax9_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ax9_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "22.03.01.46"
}
]
},
{
"cpes": [
"cpe:2.3:o:tenda:ax12_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ax12_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "22.03.01.46"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-47422",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-26T15:20:22.545183Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T15:26:43.471Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An access control issue in /usr/sbin/httpd in Tenda TX9 V1 V22.03.02.54, Tenda AX3 V3 V16.03.12.11, Tenda AX9 V1 V22.03.01.46, and Tenda AX12 V1 V22.03.01.46 allows attackers to bypass authentication on any endpoint via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-20T21:56:36.355977",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/xiaobye-ctf/My-CVE/tree/main/Tenda/CVE-2023-47422"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-47422",
"datePublished": "2024-02-20T00:00:00",
"dateReserved": "2023-11-06T00:00:00",
"dateUpdated": "2024-08-26T15:26:43.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49435 (GCVE-0-2023-49435)
Vulnerability from cvelistv5 – Published: 2023-12-07 00:00 – Updated: 2024-08-02 21:53
VLAI?
Summary
Tenda AX9 V22.03.01.46 is vulnerable to command injection.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:53:45.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetNetControlList-3.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AX9 V22.03.01.46 is vulnerable to command injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-07T15:29:45.902726",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetNetControlList-3.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-49435",
"datePublished": "2023-12-07T00:00:00",
"dateReserved": "2023-11-27T00:00:00",
"dateUpdated": "2024-08-02T21:53:45.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49430 (GCVE-0-2023-49430)
Vulnerability from cvelistv5 – Published: 2023-12-07 00:00 – Updated: 2024-08-02 21:53
VLAI?
Summary
Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetStaticRouteCfg.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:53:45.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetStaticRouteCfg.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the \u0027list\u0027 parameter at /goform/SetStaticRouteCfg."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-07T15:33:48.262946",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetStaticRouteCfg.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-49430",
"datePublished": "2023-12-07T00:00:00",
"dateReserved": "2023-11-27T00:00:00",
"dateUpdated": "2024-08-02T21:53:45.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49429 (GCVE-0-2023-49429)
Vulnerability from cvelistv5 – Published: 2023-12-07 00:00 – Updated: 2024-08-28 17:19
VLAI?
Summary
Tenda AX9 V22.03.01.46 was discovered to contain a SQL command injection vulnerability in the 'setDeviceInfo' feature through the 'mac' parameter at /goform/setModules.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:53:45.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/setDeviceInfo.md"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:ax9_firmware:22.03.01.46:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ax9_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "22.03.01.46"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-49429",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T17:18:22.479778Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T17:19:42.942Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AX9 V22.03.01.46 was discovered to contain a SQL command injection vulnerability in the \u0027setDeviceInfo\u0027 feature through the \u0027mac\u0027 parameter at /goform/setModules."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-07T15:32:22.949451",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/setDeviceInfo.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-49429",
"datePublished": "2023-12-07T00:00:00",
"dateReserved": "2023-11-27T00:00:00",
"dateUpdated": "2024-08-28T17:19:42.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49432 (GCVE-0-2023-49432)
Vulnerability from cvelistv5 – Published: 2023-12-07 00:00 – Updated: 2024-11-26 15:35
VLAI?
Summary
Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'deviceList' parameter at /goform/setMacFilterCfg.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:53:45.422Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/setMacFilterCfg.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-49432",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T15:35:27.874149Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T15:35:40.607Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the \u0027deviceList\u0027 parameter at /goform/setMacFilterCfg."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-07T16:03:49.671124",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/setMacFilterCfg.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-49432",
"datePublished": "2023-12-07T00:00:00",
"dateReserved": "2023-11-27T00:00:00",
"dateUpdated": "2024-11-26T15:35:40.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49436 (GCVE-0-2023-49436)
Vulnerability from cvelistv5 – Published: 2023-12-07 00:00 – Updated: 2024-08-02 21:53
VLAI?
Summary
Tenda AX9 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:53:45.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetNetControlList-2.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AX9 V22.03.01.46 has been discovered to contain a command injection vulnerability in the \u0027list\u0027 parameter at /goform/SetNetControlList."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-07T15:27:39.276335",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetNetControlList-2.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-49436",
"datePublished": "2023-12-07T00:00:00",
"dateReserved": "2023-11-27T00:00:00",
"dateUpdated": "2024-08-02T21:53:45.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49431 (GCVE-0-2023-49431)
Vulnerability from cvelistv5 – Published: 2023-12-07 00:00 – Updated: 2024-08-02 21:53
VLAI?
Summary
Tenda AX9 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac' parameter at /goform/SetOnlineDevName.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:53:45.428Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetOnlineDevName.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AX9 V22.03.01.46 has been discovered to contain a command injection vulnerability in the \u0027mac\u0027 parameter at /goform/SetOnlineDevName."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-07T16:02:45.878831",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetOnlineDevName.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-49431",
"datePublished": "2023-12-07T00:00:00",
"dateReserved": "2023-11-27T00:00:00",
"dateUpdated": "2024-08-02T21:53:45.428Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49434 (GCVE-0-2023-49434)
Vulnerability from cvelistv5 – Published: 2023-12-07 00:00 – Updated: 2024-08-02 21:53
VLAI?
Summary
Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetNetControlList.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:53:45.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetNetControlList.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the \u0027list\u0027 parameter at /goform/SetNetControlList."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-07T16:05:57.032144",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetNetControlList.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-49434",
"datePublished": "2023-12-07T00:00:00",
"dateReserved": "2023-11-27T00:00:00",
"dateUpdated": "2024-08-02T21:53:45.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2024-39963
Vulnerability from fkie_nvd - Published: 2024-07-19 15:15 - Updated: 2025-06-04 17:02
Severity ?
Summary
AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX9 V22.03.01.46 and AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX12 V1.0 V22.03.01.46 were discovered to contain an authenticated remote command execution (RCE) vulnerability via the macFilterType parameter at /goform/setMacFilterCfg.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://gist.github.com/Swind1er/c8e4369c7fdfd750c8ad01a276105c57 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gist.github.com/Swind1er/c8e4369c7fdfd750c8ad01a276105c57 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | ax9_firmware | 22.03.01.46 | |
| tenda | ax9 | - | |
| tenda | ax12_firmware | 22.03.01.46 | |
| tenda | ax12 | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ax9_firmware:22.03.01.46:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE7BDA5-B565-4E85-B253-880733FFC0B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ax9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7542BB3-674B-4684-A3C6-91F9A0FBDD93",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ax12_firmware:22.03.01.46:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC5CA19-0A08-462F-A948-9D2338076B61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ax12:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "19AB5CD4-69C7-4619-8A1B-34B70D738D34",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX9 V22.03.01.46 and AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX12 V1.0 V22.03.01.46 were discovered to contain an authenticated remote command execution (RCE) vulnerability via the macFilterType parameter at /goform/setMacFilterCfg."
},
{
"lang": "es",
"value": " Se descubri\u00f3 que el enrutador AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX9 V22.03.01.46 y AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX12 V1.0 V22.03.01.46 conten\u00edan una vulnerabilidad de ejecuci\u00f3n remota de comandos (RCE) autenticada a trav\u00e9s de el par\u00e1metro macFilterType en /goform/setMacFilterCfg."
}
],
"id": "CVE-2024-39963",
"lastModified": "2025-06-04T17:02:19.887",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-07-19T15:15:10.383",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.github.com/Swind1er/c8e4369c7fdfd750c8ad01a276105c57"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.github.com/Swind1er/c8e4369c7fdfd750c8ad01a276105c57"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-47422
Vulnerability from fkie_nvd - Published: 2024-02-20 22:15 - Updated: 2025-04-25 20:26
Severity ?
Summary
An access control issue in /usr/sbin/httpd in Tenda TX9 V1 V22.03.02.54, Tenda AX3 V3 V16.03.12.11, Tenda AX9 V1 V22.03.01.46, and Tenda AX12 V1 V22.03.01.46 allows attackers to bypass authentication on any endpoint via a crafted URL.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/xiaobye-ctf/My-CVE/tree/main/Tenda/CVE-2023-47422 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/xiaobye-ctf/My-CVE/tree/main/Tenda/CVE-2023-47422 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | tx9_firmware | 22.03.02.54 | |
| tenda | tx9 | v1 | |
| tenda | ax3_firmware | 16.03.12.11 | |
| tenda | ax3 | v3 | |
| tenda | ax9_firmware | 22.03.01.46 | |
| tenda | ax9 | v1 | |
| tenda | ax12_firmware | 22.03.01.46 | |
| tenda | ax12 | v1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:tx9_firmware:22.03.02.54:*:*:*:*:*:*:*",
"matchCriteriaId": "AF21C5BF-D279-46E3-897A-7011D925D4DD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:tx9:v1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7FFEBA8-324D-468A-80EA-AF28FEAD1D84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ax3_firmware:16.03.12.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9FFD11D4-8E44-4156-9D8E-7094E36A2152",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ax3:v3:*:*:*:*:*:*:*",
"matchCriteriaId": "F50EB3C5-E567-4C22-B27C-7A4D4668D4D6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ax9_firmware:22.03.01.46:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE7BDA5-B565-4E85-B253-880733FFC0B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ax9:v1:*:*:*:*:*:*:*",
"matchCriteriaId": "5FB86854-79CB-4945-BD06-AD636434E113",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ax12_firmware:22.03.01.46:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC5CA19-0A08-462F-A948-9D2338076B61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ax12:v1:*:*:*:*:*:*:*",
"matchCriteriaId": "B00A9747-635F-4882-981D-752E2C6F9788",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An access control issue in /usr/sbin/httpd in Tenda TX9 V1 V22.03.02.54, Tenda AX3 V3 V16.03.12.11, Tenda AX9 V1 V22.03.01.46, and Tenda AX12 V1 V22.03.01.46 allows attackers to bypass authentication on any endpoint via a crafted URL."
},
{
"lang": "es",
"value": "Un problema de control de acceso en /usr/sbin/httpd en Tenda TX9 V1 V22.03.02.54, Tenda AX3 V3 V16.03.12.11, Tenda AX9 V1 V22.03.01.46 y Tenda AX12 V1 V22.03.01.46 permite a los atacantes para omitir la autenticaci\u00f3n en cualquier endpoint a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2023-47422",
"lastModified": "2025-04-25T20:26:01.170",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-02-20T22:15:08.143",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/xiaobye-ctf/My-CVE/tree/main/Tenda/CVE-2023-47422"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/xiaobye-ctf/My-CVE/tree/main/Tenda/CVE-2023-47422"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-49431
Vulnerability from fkie_nvd - Published: 2023-12-07 16:15 - Updated: 2024-11-21 08:33
Severity ?
Summary
Tenda AX9 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac' parameter at /goform/SetOnlineDevName.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetOnlineDevName.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetOnlineDevName.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | ax9_firmware | 22.03.01.46 | |
| tenda | ax9 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ax9_firmware:22.03.01.46:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE7BDA5-B565-4E85-B253-880733FFC0B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ax9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7542BB3-674B-4684-A3C6-91F9A0FBDD93",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda AX9 V22.03.01.46 has been discovered to contain a command injection vulnerability in the \u0027mac\u0027 parameter at /goform/SetOnlineDevName."
},
{
"lang": "es",
"value": "Se ha descubierto que Tenda AX9 V22.03.01.46 contiene una vulnerabilidad de inyecci\u00f3n de comandos en el par\u00e1metro \u0027mac\u0027 en /goform/SetOnlineDevName."
}
],
"id": "CVE-2023-49431",
"lastModified": "2024-11-21T08:33:23.620",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-07T16:15:07.303",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetOnlineDevName.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetOnlineDevName.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-49432
Vulnerability from fkie_nvd - Published: 2023-12-07 16:15 - Updated: 2024-11-21 08:33
Severity ?
Summary
Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'deviceList' parameter at /goform/setMacFilterCfg.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/ef4tless/vuln/blob/master/iot/AX9/setMacFilterCfg.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/ef4tless/vuln/blob/master/iot/AX9/setMacFilterCfg.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | ax9_firmware | 22.03.01.46 | |
| tenda | ax9 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ax9_firmware:22.03.01.46:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE7BDA5-B565-4E85-B253-880733FFC0B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ax9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7542BB3-674B-4684-A3C6-91F9A0FBDD93",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the \u0027deviceList\u0027 parameter at /goform/setMacFilterCfg."
},
{
"lang": "es",
"value": "Se ha descubierto que Tenda AX9 V22.03.01.46 contiene una vulnerabilidad de desbordamiento de pila en el par\u00e1metro \u0027deviceList\u0027 en /goform/setMacFilterCfg."
}
],
"id": "CVE-2023-49432",
"lastModified": "2024-11-21T08:33:23.770",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-07T16:15:07.353",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/setMacFilterCfg.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/setMacFilterCfg.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-49430
Vulnerability from fkie_nvd - Published: 2023-12-07 16:15 - Updated: 2024-11-21 08:33
Severity ?
Summary
Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetStaticRouteCfg.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetStaticRouteCfg.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetStaticRouteCfg.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | ax9_firmware | 22.03.01.46 | |
| tenda | ax9 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ax9_firmware:22.03.01.46:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE7BDA5-B565-4E85-B253-880733FFC0B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ax9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7542BB3-674B-4684-A3C6-91F9A0FBDD93",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the \u0027list\u0027 parameter at /goform/SetStaticRouteCfg."
},
{
"lang": "es",
"value": "Se ha descubierto que Tenda AX9 V22.03.01.46 contiene una vulnerabilidad de desbordamiento de pila en el par\u00e1metro \u0027lista\u0027 en /goform/SetStaticRouteCfg."
}
],
"id": "CVE-2023-49430",
"lastModified": "2024-11-21T08:33:23.480",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-07T16:15:07.260",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetStaticRouteCfg.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetStaticRouteCfg.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-49433
Vulnerability from fkie_nvd - Published: 2023-12-07 16:15 - Updated: 2024-11-21 08:33
Severity ?
Summary
Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetVirtualServerCfg.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetVirtualServerCfg.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetVirtualServerCfg.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | ax9_firmware | 22.03.01.46 | |
| tenda | ax9 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ax9_firmware:22.03.01.46:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE7BDA5-B565-4E85-B253-880733FFC0B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ax9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7542BB3-674B-4684-A3C6-91F9A0FBDD93",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the \u0027list\u0027 parameter at /goform/SetVirtualServerCfg."
},
{
"lang": "es",
"value": "Se ha descubierto que Tenda AX9 V22.03.01.46 contiene una vulnerabilidad de desbordamiento de pila en el par\u00e1metro \u0027lista\u0027 en /goform/SetVirtualServerCfg."
}
],
"id": "CVE-2023-49433",
"lastModified": "2024-11-21T08:33:23.913",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-07T16:15:07.400",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetVirtualServerCfg.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetVirtualServerCfg.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-49436
Vulnerability from fkie_nvd - Published: 2023-12-07 16:15 - Updated: 2024-11-21 08:33
Severity ?
Summary
Tenda AX9 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetNetControlList-2.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetNetControlList-2.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | ax9_firmware | 22.03.01.46 | |
| tenda | ax9 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ax9_firmware:22.03.01.46:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE7BDA5-B565-4E85-B253-880733FFC0B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ax9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7542BB3-674B-4684-A3C6-91F9A0FBDD93",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda AX9 V22.03.01.46 has been discovered to contain a command injection vulnerability in the \u0027list\u0027 parameter at /goform/SetNetControlList."
},
{
"lang": "es",
"value": "Se ha descubierto que Tenda AX9 V22.03.01.46 contiene una vulnerabilidad de inyecci\u00f3n de comandos en el par\u00e1metro \u0027lista\u0027 en /goform/SetNetControlList."
}
],
"id": "CVE-2023-49436",
"lastModified": "2024-11-21T08:33:24.340",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-07T16:15:07.540",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetNetControlList-2.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetNetControlList-2.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-49429
Vulnerability from fkie_nvd - Published: 2023-12-07 16:15 - Updated: 2024-11-21 08:33
Severity ?
Summary
Tenda AX9 V22.03.01.46 was discovered to contain a SQL command injection vulnerability in the 'setDeviceInfo' feature through the 'mac' parameter at /goform/setModules.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/ef4tless/vuln/blob/master/iot/AX9/setDeviceInfo.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/ef4tless/vuln/blob/master/iot/AX9/setDeviceInfo.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | ax9_firmware | 22.03.01.46 | |
| tenda | ax9 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ax9_firmware:22.03.01.46:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE7BDA5-B565-4E85-B253-880733FFC0B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ax9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7542BB3-674B-4684-A3C6-91F9A0FBDD93",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda AX9 V22.03.01.46 was discovered to contain a SQL command injection vulnerability in the \u0027setDeviceInfo\u0027 feature through the \u0027mac\u0027 parameter at /goform/setModules."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Tenda AX9 V22.03.01.46 contiene una vulnerabilidad de inyecci\u00f3n de comandos SQL en la funci\u00f3n \u0027setDeviceInfo\u0027 a trav\u00e9s del par\u00e1metro \u0027mac\u0027 en /goform/setModules."
}
],
"id": "CVE-2023-49429",
"lastModified": "2024-11-21T08:33:23.327",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-07T16:15:07.203",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/setDeviceInfo.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/setDeviceInfo.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-49434
Vulnerability from fkie_nvd - Published: 2023-12-07 16:15 - Updated: 2024-11-21 08:33
Severity ?
Summary
Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetNetControlList.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetNetControlList.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetNetControlList.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | ax9_firmware | 22.03.01.46 | |
| tenda | ax9 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ax9_firmware:22.03.01.46:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE7BDA5-B565-4E85-B253-880733FFC0B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ax9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7542BB3-674B-4684-A3C6-91F9A0FBDD93",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the \u0027list\u0027 parameter at /goform/SetNetControlList."
},
{
"lang": "es",
"value": "Se ha descubierto que Tenda AX9 V22.03.01.46 contiene una vulnerabilidad de desbordamiento de pila en el par\u00e1metro \u0027lista\u0027 en /goform/SetNetControlList."
}
],
"id": "CVE-2023-49434",
"lastModified": "2024-11-21T08:33:24.060",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-07T16:15:07.447",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetNetControlList.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetNetControlList.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-49435
Vulnerability from fkie_nvd - Published: 2023-12-07 16:15 - Updated: 2024-11-21 08:33
Severity ?
Summary
Tenda AX9 V22.03.01.46 is vulnerable to command injection.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetNetControlList-3.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetNetControlList-3.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tenda | ax9_firmware | 22.03.01.46 | |
| tenda | ax9 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tenda:ax9_firmware:22.03.01.46:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE7BDA5-B565-4E85-B253-880733FFC0B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tenda:ax9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7542BB3-674B-4684-A3C6-91F9A0FBDD93",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda AX9 V22.03.01.46 is vulnerable to command injection."
},
{
"lang": "es",
"value": "Tenda AX9 V22.03.01.46 es vulnerable a la inyecci\u00f3n de comandos."
}
],
"id": "CVE-2023-49435",
"lastModified": "2024-11-21T08:33:24.193",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-07T16:15:07.493",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetNetControlList-3.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX9/SetNetControlList-3.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}