Search criteria
84 vulnerabilities found for g3_firmware by tendacn
FKIE_CVE-2024-50854
Vulnerability from fkie_nvd - Published: 2024-11-13 15:15 - Updated: 2025-03-14 17:15
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Tenda G3 v3.0 v15.11.0.20 was discovered to contain a stack overflow via the formSetPortMapping function.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/zp9080/Tenda/blob/main/Tenda-G3v3.0%20V15.11.0.20-formSetPortMapping/overview.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | g3_firmware | 15.11.0.20 | |
| tendacn | g3 | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:g3_firmware:15.11.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "6227E635-0924-479C-8CED-9B225CB4D4A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:g3:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C36969E-B1AD-4022-A9E3-55AE48FBCDD5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda G3 v3.0 v15.11.0.20 was discovered to contain a stack overflow via the formSetPortMapping function."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Tenda G3 v3.0 v15.11.0.20 conten\u00eda un desbordamiento de pila a trav\u00e9s de la funci\u00f3n formSetPortMapping."
}
],
"id": "CVE-2024-50854",
"lastModified": "2025-03-14T17:15:48.197",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-11-13T15:15:09.010",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/zp9080/Tenda/blob/main/Tenda-G3v3.0%20V15.11.0.20-formSetPortMapping/overview.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-50853
Vulnerability from fkie_nvd - Published: 2024-11-13 15:15 - Updated: 2024-11-21 17:15
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetDebugCfg function.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/zp9080/Tenda/blob/main/Tenda-G3v3.0%20V15.11.0.20-formSetDebugCfg/overview.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | g3_firmware | 15.11.0.20 | |
| tendacn | g3 | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:g3_firmware:15.11.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "6227E635-0924-479C-8CED-9B225CB4D4A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:g3:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C36969E-B1AD-4022-A9E3-55AE48FBCDD5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetDebugCfg function."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Tenda G3 v3.0 v15.11.0.20 conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos a trav\u00e9s de la funci\u00f3n formSetDebugCfg. "
}
],
"id": "CVE-2024-50853",
"lastModified": "2024-11-21T17:15:21.783",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-11-13T15:15:08.953",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/zp9080/Tenda/blob/main/Tenda-G3v3.0%20V15.11.0.20-formSetDebugCfg/overview.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-50852
Vulnerability from fkie_nvd - Published: 2024-11-13 15:15 - Updated: 2024-11-21 17:15
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetUSBPartitionUmount function.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/zp9080/Tenda/blob/main/Tenda-G3v3.0%20V15.11.0.20-formSetUSBPartitionUmount/overview.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | g3_firmware | 15.11.0.20 | |
| tendacn | g3 | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:g3_firmware:15.11.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "6227E635-0924-479C-8CED-9B225CB4D4A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:g3:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C36969E-B1AD-4022-A9E3-55AE48FBCDD5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetUSBPartitionUmount function."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Tenda G3 v3.0 v15.11.0.20 conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos a trav\u00e9s de la funci\u00f3n formSetUSBPartitionUmount."
}
],
"id": "CVE-2024-50852",
"lastModified": "2024-11-21T17:15:21.473",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-11-13T15:15:08.897",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/zp9080/Tenda/blob/main/Tenda-G3v3.0%20V15.11.0.20-formSetUSBPartitionUmount/overview.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-46628
Vulnerability from fkie_nvd - Published: 2024-09-26 20:15 - Updated: 2024-10-04 17:18
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Tenda G3 Router firmware v15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/Question-h/vuln/blob/master/Remote%20Code%20Execution%20Vulnerability%20in%20Tenda%20G3%20Router.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | g3_firmware | 15.03.05.05 | |
| tendacn | g3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:g3_firmware:15.03.05.05:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6CEC5F-A6BF-4CF3-8507-4E58D673C67C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A5CDD3E-C5D2-44DF-B330-065CF8ECC29B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda G3 Router firmware v15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que el firmware v15.03.05.05 del enrutador Tenda G3 contiene una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE) a trav\u00e9s del par\u00e1metro usbPartitionName en la funci\u00f3n formSetUSBPartitionUmount."
}
],
"id": "CVE-2024-46628",
"lastModified": "2024-10-04T17:18:31.663",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-09-26T20:15:06.857",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Question-h/vuln/blob/master/Remote%20Code%20Execution%20Vulnerability%20in%20Tenda%20G3%20Router.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-8224
Vulnerability from fkie_nvd - Published: 2024-08-27 23:15 - Updated: 2024-12-13 15:15
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability, which was classified as critical, has been found in Tenda G3 15.11.0.20. This issue affects the function formSetDebugCfg of the file /goform/setDebugCfg. The manipulation of the argument enable/level/module leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
| URL | Tags | ||
|---|---|---|---|
| cna@vuldb.com | https://github.com/abcdefg-png/AHU-IoT-vulnerable/blob/main/Tenda/G3V3.0/formSetDebugCfg.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.275933 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.275933 | VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.393999 | VDB Entry | |
| cna@vuldb.com | https://www.tenda.com.cn/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | g3_firmware | 15.11.0.20 | |
| tendacn | g3 | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:g3_firmware:15.11.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "6227E635-0924-479C-8CED-9B225CB4D4A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:g3:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C36969E-B1AD-4022-A9E3-55AE48FBCDD5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Tenda G3 15.11.0.20. This issue affects the function formSetDebugCfg of the file /goform/setDebugCfg. The manipulation of the argument enable/level/module leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Tenda G3 15.11.0.20 y clasificada como cr\u00edtica. Este problema afecta a la funci\u00f3n formSetDebugCfg del archivo /goform/setDebugCfg. La manipulaci\u00f3n del argumento enable/level/module conduce a un desbordamiento del b\u00fafer basado en pila. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"id": "CVE-2024-8224",
"lastModified": "2024-12-13T15:15:38.053",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2024-08-27T23:15:03.920",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/abcdefg-png/AHU-IoT-vulnerable/blob/main/Tenda/G3V3.0/formSetDebugCfg.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.275933"
},
{
"source": "cna@vuldb.com",
"tags": [
"VDB Entry"
],
"url": "https://vuldb.com/?id.275933"
},
{
"source": "cna@vuldb.com",
"tags": [
"VDB Entry"
],
"url": "https://vuldb.com/?submit.393999"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.tenda.com.cn/"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-24171
Vulnerability from fkie_nvd - Published: 2022-02-04 02:15 - Updated: 2024-11-21 06:49
Severity ?
Summary
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetPppoeServer. This vulnerability allows attackers to execute arbitrary commands via the pppoeServerIP, pppoeServerStartIP, and pppoeServerEndIP parameters.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_35/35.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_35/35.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | g1_firmware | 15.11.0.17\(9502\)_cn | |
| tendacn | g1 | - | |
| tendacn | g3_firmware | 15.11.0.17\(9502\)_cn | |
| tendacn | g3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:g1_firmware:15.11.0.17\\(9502\\)_cn:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F4A805-B82C-4815-9999-E2D971E082E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:g1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6839E6D3-4F3E-40FB-828E-D25088E85A21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:g3_firmware:15.11.0.17\\(9502\\)_cn:*:*:*:*:*:*:*",
"matchCriteriaId": "67707336-51C8-428B-B4E2-084302C5806D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A5CDD3E-C5D2-44DF-B330-065CF8ECC29B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetPppoeServer. This vulnerability allows attackers to execute arbitrary commands via the pppoeServerIP, pppoeServerStartIP, and pppoeServerEndIP parameters."
},
{
"lang": "es",
"value": "Se ha detectado que los routers Tenda G1 y G3 versi\u00f3n v15.11.0.17(9502)_CN, contienen una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n formSetPppoeServer. Esta vulnerabilidad permite a atacantes ejecutar comandos arbitrarios por medio de los par\u00e1metros pppoeServerIP, pppoeServerStartIP y pppoeServerEndIP"
}
],
"id": "CVE-2022-24171",
"lastModified": "2024-11-21T06:49:57.750",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-04T02:15:11.167",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_35/35.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_35/35.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-24168
Vulnerability from fkie_nvd - Published: 2022-02-04 02:15 - Updated: 2024-11-21 06:49
Severity ?
Summary
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetIpGroup. This vulnerability allows attackers to execute arbitrary commands via the IPGroupStartIP and IPGroupEndIP parameters.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_37/37.md | Broken Link, Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_37/37.md | Broken Link, Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | g1_firmware | 15.11.0.17\(9502\)_cn | |
| tendacn | g1 | - | |
| tendacn | g3_firmware | 15.11.0.17\(9502\)_cn | |
| tendacn | g3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:g1_firmware:15.11.0.17\\(9502\\)_cn:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F4A805-B82C-4815-9999-E2D971E082E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:g1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6839E6D3-4F3E-40FB-828E-D25088E85A21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:g3_firmware:15.11.0.17\\(9502\\)_cn:*:*:*:*:*:*:*",
"matchCriteriaId": "67707336-51C8-428B-B4E2-084302C5806D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A5CDD3E-C5D2-44DF-B330-065CF8ECC29B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetIpGroup. This vulnerability allows attackers to execute arbitrary commands via the IPGroupStartIP and IPGroupEndIP parameters."
},
{
"lang": "es",
"value": "Se ha detectado que los routers Tenda G1 y G3 versi\u00f3n v15.11.0.17(9502)_CN, contienen una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n formSetIpGroup. Esta vulnerabilidad permite a atacantes ejecutar comandos arbitrarios por medio de los par\u00e1metros IPGroupStartIP e IPGroupEndIP"
}
],
"id": "CVE-2022-24168",
"lastModified": "2024-11-21T06:49:57.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-04T02:15:11.020",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_37/37.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_37/37.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-24172
Vulnerability from fkie_nvd - Published: 2022-02-04 02:15 - Updated: 2024-11-21 06:49
Severity ?
Summary
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formAddDhcpBindRule. This vulnerability allows attackers to cause a Denial of Service (DoS) via the addDhcpRules parameter.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_43/43.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_43/43.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | g1_firmware | 15.11.0.17\(9502\)_cn | |
| tendacn | g1 | - | |
| tendacn | g3_firmware | 15.11.0.17\(9502\)_cn | |
| tendacn | g3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:g1_firmware:15.11.0.17\\(9502\\)_cn:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F4A805-B82C-4815-9999-E2D971E082E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:g1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6839E6D3-4F3E-40FB-828E-D25088E85A21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:g3_firmware:15.11.0.17\\(9502\\)_cn:*:*:*:*:*:*:*",
"matchCriteriaId": "67707336-51C8-428B-B4E2-084302C5806D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A5CDD3E-C5D2-44DF-B330-065CF8ECC29B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formAddDhcpBindRule. This vulnerability allows attackers to cause a Denial of Service (DoS) via the addDhcpRules parameter."
},
{
"lang": "es",
"value": "Se ha detectado que los routers Tenda G1 y G3 versi\u00f3n v15.11.0.17(9502)_CN, contienen un desbordamiento de pila en la funci\u00f3n formAddDhcpBindRule. Esta vulnerabilidad permite a atacantes causar una denegaci\u00f3n de servicio (DoS) por medio del par\u00e1metro addDhcpRules"
}
],
"id": "CVE-2022-24172",
"lastModified": "2024-11-21T06:49:57.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-04T02:15:11.213",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_43/43.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_43/43.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-24169
Vulnerability from fkie_nvd - Published: 2022-02-04 02:15 - Updated: 2024-11-21 06:49
Severity ?
Summary
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formIPMacBindAdd. This vulnerability allows attackers to cause a Denial of Service (DoS) via the IPMacBindRule parameter.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_41/41.md | Broken Link, Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_41/41.md | Broken Link, Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | g1_firmware | 15.11.0.17\(9502\)_cn | |
| tendacn | g1 | - | |
| tendacn | g3_firmware | 15.11.0.17\(9502\)_cn | |
| tendacn | g3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:g1_firmware:15.11.0.17\\(9502\\)_cn:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F4A805-B82C-4815-9999-E2D971E082E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:g1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6839E6D3-4F3E-40FB-828E-D25088E85A21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:g3_firmware:15.11.0.17\\(9502\\)_cn:*:*:*:*:*:*:*",
"matchCriteriaId": "67707336-51C8-428B-B4E2-084302C5806D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A5CDD3E-C5D2-44DF-B330-065CF8ECC29B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formIPMacBindAdd. This vulnerability allows attackers to cause a Denial of Service (DoS) via the IPMacBindRule parameter."
},
{
"lang": "es",
"value": "Se ha detectado que los routers Tenda G1 y G3 versi\u00f3n v15.11.0.17(9502)_CN, contienen un desbordamiento de pila en la funci\u00f3n formIPMacBindAdd. Esta vulnerabilidad permite a atacantes causar una denegaci\u00f3n de servicio (DoS) por medio del par\u00e1metro IPMacBindRule"
}
],
"id": "CVE-2022-24169",
"lastModified": "2024-11-21T06:49:57.473",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-04T02:15:11.070",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_41/41.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_41/41.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-24170
Vulnerability from fkie_nvd - Published: 2022-02-04 02:15 - Updated: 2024-11-21 06:49
Severity ?
Summary
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetIpSecTunnel. This vulnerability allows attackers to execute arbitrary commands via the IPsecLocalNet and IPsecRemoteNet parameters.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_36/36.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_36/36.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | g1_firmware | 15.11.0.17\(9502\)_cn | |
| tendacn | g1 | - | |
| tendacn | g3_firmware | 15.11.0.17\(9502\)_cn | |
| tendacn | g3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:g1_firmware:15.11.0.17\\(9502\\)_cn:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F4A805-B82C-4815-9999-E2D971E082E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:g1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6839E6D3-4F3E-40FB-828E-D25088E85A21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:g3_firmware:15.11.0.17\\(9502\\)_cn:*:*:*:*:*:*:*",
"matchCriteriaId": "67707336-51C8-428B-B4E2-084302C5806D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A5CDD3E-C5D2-44DF-B330-065CF8ECC29B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetIpSecTunnel. This vulnerability allows attackers to execute arbitrary commands via the IPsecLocalNet and IPsecRemoteNet parameters."
},
{
"lang": "es",
"value": "Se ha detectado que los routers Tenda G1 y G3 versi\u00f3n v15.11.0.17(9502)_CN, contienen una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n formSetIpSecTunnel. Esta vulnerabilidad permite a atacantes ejecutar comandos arbitrarios por medio de los par\u00e1metros IPsecLocalNet e IPsecRemoteNet"
}
],
"id": "CVE-2022-24170",
"lastModified": "2024-11-21T06:49:57.613",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-04T02:15:11.117",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_36/36.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_36/36.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-24164
Vulnerability from fkie_nvd - Published: 2022-02-04 02:15 - Updated: 2024-11-21 06:49
Severity ?
Summary
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetVirtualSer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the DnsHijackRule parameter.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_40/40.md | Broken Link, Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_40/40.md | Broken Link, Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | g1_firmware | 15.11.0.17\(9502\)_cn | |
| tendacn | g1 | - | |
| tendacn | g3_firmware | 15.11.0.17\(9502\)_cn | |
| tendacn | g3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:g1_firmware:15.11.0.17\\(9502\\)_cn:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F4A805-B82C-4815-9999-E2D971E082E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:g1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6839E6D3-4F3E-40FB-828E-D25088E85A21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:g3_firmware:15.11.0.17\\(9502\\)_cn:*:*:*:*:*:*:*",
"matchCriteriaId": "67707336-51C8-428B-B4E2-084302C5806D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A5CDD3E-C5D2-44DF-B330-065CF8ECC29B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetVirtualSer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the DnsHijackRule parameter."
},
{
"lang": "es",
"value": "Se ha detectado que los routers Tenda G1 y G3 versi\u00f3n v15.11.0.17(9502)_CN, contienen un desbordamiento de pila en la funci\u00f3n formSetVirtualSer. Esta vulnerabilidad permite a atacantes causar una denegaci\u00f3n de servicio (DoS) por medio del par\u00e1metro DnsHijackRule"
}
],
"id": "CVE-2022-24164",
"lastModified": "2024-11-21T06:49:56.760",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-04T02:15:10.830",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_40/40.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_40/40.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-24167
Vulnerability from fkie_nvd - Published: 2022-02-04 02:15 - Updated: 2024-11-21 06:49
Severity ?
Summary
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetDMZ. This vulnerability allows attackers to execute arbitrary commands via the dmzHost1 parameter.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_39/39.md | Broken Link, Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_39/39.md | Broken Link, Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | g1_firmware | 15.11.0.17\(9502\)_cn | |
| tendacn | g1 | - | |
| tendacn | g3_firmware | 15.11.0.17\(9502\)_cn | |
| tendacn | g3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:g1_firmware:15.11.0.17\\(9502\\)_cn:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F4A805-B82C-4815-9999-E2D971E082E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:g1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6839E6D3-4F3E-40FB-828E-D25088E85A21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:g3_firmware:15.11.0.17\\(9502\\)_cn:*:*:*:*:*:*:*",
"matchCriteriaId": "67707336-51C8-428B-B4E2-084302C5806D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A5CDD3E-C5D2-44DF-B330-065CF8ECC29B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetDMZ. This vulnerability allows attackers to execute arbitrary commands via the dmzHost1 parameter."
},
{
"lang": "es",
"value": "Se ha detectado que los routers Tenda G1 y G3 versi\u00f3n v15.11.0.17(9502)_CN, contienen una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n formSetDMZ. Esta vulnerabilidad permite a atacantes ejecutar comandos arbitrarios por medio del par\u00e1metro dmzHost1"
}
],
"id": "CVE-2022-24167",
"lastModified": "2024-11-21T06:49:57.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-04T02:15:10.977",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_39/39.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_39/39.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-24165
Vulnerability from fkie_nvd - Published: 2022-02-04 02:15 - Updated: 2024-11-21 06:49
Severity ?
Summary
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetQvlanList. This vulnerability allows attackers to execute arbitrary commands via the qvlanIP parameter.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_38/38.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_38/38.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | g1_firmware | 15.11.0.17\(9502\)_cn | |
| tendacn | g1 | - | |
| tendacn | g3_firmware | 15.11.0.17\(9502\)_cn | |
| tendacn | g3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:g1_firmware:15.11.0.17\\(9502\\)_cn:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F4A805-B82C-4815-9999-E2D971E082E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:g1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6839E6D3-4F3E-40FB-828E-D25088E85A21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:g3_firmware:15.11.0.17\\(9502\\)_cn:*:*:*:*:*:*:*",
"matchCriteriaId": "67707336-51C8-428B-B4E2-084302C5806D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A5CDD3E-C5D2-44DF-B330-065CF8ECC29B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetQvlanList. This vulnerability allows attackers to execute arbitrary commands via the qvlanIP parameter."
},
{
"lang": "es",
"value": "Se ha detectado que los routers Tenda G1 y G3 versi\u00f3n v15.11.0.17(9502)_CN, contienen una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n formSetQvlanList. Esta vulnerabilidad permite a atacantes ejecutar comandos arbitrarios por medio del par\u00e1metro qvlanIP"
}
],
"id": "CVE-2022-24165",
"lastModified": "2024-11-21T06:49:56.907",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-04T02:15:10.877",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_38/38.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_38/38.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-24166
Vulnerability from fkie_nvd - Published: 2022-02-04 02:15 - Updated: 2024-11-21 06:49
Severity ?
Summary
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the manualTime parameter.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_42/42.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_42/42.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | g1_firmware | 15.11.0.17\(9502\)_cn | |
| tendacn | g1 | - | |
| tendacn | g3_firmware | 15.11.0.17\(9502\)_cn | |
| tendacn | g3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:g1_firmware:15.11.0.17\\(9502\\)_cn:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F4A805-B82C-4815-9999-E2D971E082E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:g1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6839E6D3-4F3E-40FB-828E-D25088E85A21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:g3_firmware:15.11.0.17\\(9502\\)_cn:*:*:*:*:*:*:*",
"matchCriteriaId": "67707336-51C8-428B-B4E2-084302C5806D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A5CDD3E-C5D2-44DF-B330-065CF8ECC29B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the manualTime parameter."
},
{
"lang": "es",
"value": "Se ha detectado que los routers Tenda G1 y G3 versi\u00f3n v15.11.0.17(9502)_CN, contienen un desbordamiento de pila en la funci\u00f3n formSetSysTime. Esta vulnerabilidad permite a atacantes causar una denegaci\u00f3n de servicio (DoS) por medio del par\u00e1metro manualTime"
}
],
"id": "CVE-2022-24166",
"lastModified": "2024-11-21T06:49:57.067",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-04T02:15:10.927",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_42/42.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_42/42.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-45997
Vulnerability from fkie_nvd - Published: 2022-02-04 02:15 - Updated: 2024-11-21 06:33
Severity ?
Summary
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetPortMapping. This vulnerability allows attackers to cause a Denial of Service (DoS) via the portMappingServer, portMappingProtocol, portMappingWan, porMappingtInternal, and portMappingExternal parameters.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_11/11.md | Broken Link, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_11/11.md | Broken Link, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | g1_firmware | 15.11.0.17\(9502\)_cn | |
| tendacn | g1 | - | |
| tendacn | g3_firmware | 15.11.0.17\(9502\)_cn | |
| tendacn | g3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:g1_firmware:15.11.0.17\\(9502\\)_cn:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F4A805-B82C-4815-9999-E2D971E082E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:g1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6839E6D3-4F3E-40FB-828E-D25088E85A21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:g3_firmware:15.11.0.17\\(9502\\)_cn:*:*:*:*:*:*:*",
"matchCriteriaId": "67707336-51C8-428B-B4E2-084302C5806D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A5CDD3E-C5D2-44DF-B330-065CF8ECC29B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetPortMapping. This vulnerability allows attackers to cause a Denial of Service (DoS) via the portMappingServer, portMappingProtocol, portMappingWan, porMappingtInternal, and portMappingExternal parameters."
},
{
"lang": "es",
"value": "Se ha detectado que los routers Tenda G1 y G3 versi\u00f3n v15.11.0.17(9502)_CN, contienen un desbordamiento de pila en la funci\u00f3n formSetPortMapping. Esta vulnerabilidad permite a atacantes causar una denegaci\u00f3n de servicio (DoS) por medio de los par\u00e1metros portMappingServer, portMappingProtocol, portMappingWan, porMappingtInternal y portMappingExternal"
}
],
"id": "CVE-2021-45997",
"lastModified": "2024-11-21T06:33:27.493",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-04T02:15:09.037",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_11/11.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_11/11.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-45994
Vulnerability from fkie_nvd - Published: 2022-02-04 02:15 - Updated: 2024-11-21 06:33
Severity ?
Summary
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formDelDhcpRule. This vulnerability allows attackers to cause a Denial of Service (DoS) via the delDhcpIndex parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | g1_firmware | 15.11.0.17\(9502\)_cn | |
| tendacn | g1 | - | |
| tendacn | g3_firmware | 15.11.0.17\(9502\)_cn | |
| tendacn | g3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:g1_firmware:15.11.0.17\\(9502\\)_cn:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F4A805-B82C-4815-9999-E2D971E082E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:g1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6839E6D3-4F3E-40FB-828E-D25088E85A21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:g3_firmware:15.11.0.17\\(9502\\)_cn:*:*:*:*:*:*:*",
"matchCriteriaId": "67707336-51C8-428B-B4E2-084302C5806D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A5CDD3E-C5D2-44DF-B330-065CF8ECC29B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formDelDhcpRule. This vulnerability allows attackers to cause a Denial of Service (DoS) via the delDhcpIndex parameter."
},
{
"lang": "es",
"value": "Se ha detectado que los routers Tenda G1 y G3 versi\u00f3n v15.11.0.17(9502)_CN, contienen un desbordamiento de pila en la funci\u00f3n formDelDhcpRule. Esta vulnerabilidad permite a atacantes causar una denegaci\u00f3n de servicio (DoS) por medio del par\u00e1metro delDhcpIndex"
}
],
"id": "CVE-2021-45994",
"lastModified": "2024-11-21T06:33:27.037",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-04T02:15:08.897",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_12/12.md"
},
{
"source": "nvd@nist.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218934"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_12/12.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-45991
Vulnerability from fkie_nvd - Published: 2022-02-04 02:15 - Updated: 2024-11-21 06:33
Severity ?
Summary
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formAddVpnUsers. This vulnerability allows attackers to cause a Denial of Service (DoS) via the vpnUsers parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | g1_firmware | 15.11.0.17\(9502\)_cn | |
| tendacn | g1 | - | |
| tendacn | g3_firmware | 15.11.0.17\(9502\)_cn | |
| tendacn | g3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:g1_firmware:15.11.0.17\\(9502\\)_cn:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F4A805-B82C-4815-9999-E2D971E082E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:g1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6839E6D3-4F3E-40FB-828E-D25088E85A21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:g3_firmware:15.11.0.17\\(9502\\)_cn:*:*:*:*:*:*:*",
"matchCriteriaId": "67707336-51C8-428B-B4E2-084302C5806D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A5CDD3E-C5D2-44DF-B330-065CF8ECC29B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formAddVpnUsers. This vulnerability allows attackers to cause a Denial of Service (DoS) via the vpnUsers parameter."
},
{
"lang": "es",
"value": "Se ha detectado que los routers Tenda G1 y G3 versi\u00f3n v15.11.0.17(9502)_CN, contienen un desbordamiento de pila en la funci\u00f3n formAddVpnUsers. Esta vulnerabilidad permite a atacantes causar una denegaci\u00f3n de servicio (DoS) por medio del par\u00e1metro vpnUsers"
}
],
"id": "CVE-2021-45991",
"lastModified": "2024-11-21T06:33:26.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-04T02:15:08.763",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_6/6.md"
},
{
"source": "nvd@nist.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218954"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_6/6.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-45986
Vulnerability from fkie_nvd - Published: 2022-02-04 02:15 - Updated: 2024-11-21 06:33
Severity ?
Summary
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetUSBShareInfo. This vulnerability allows attackers to execute arbitrary commands via the usbOrdinaryUserName parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | g1_firmware | 15.11.0.17\(9502\)_cn | |
| tendacn | g1 | - | |
| tendacn | g3_firmware | 15.11.0.17\(9502\)_cn | |
| tendacn | g3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:g1_firmware:15.11.0.17\\(9502\\)_cn:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F4A805-B82C-4815-9999-E2D971E082E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:g1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6839E6D3-4F3E-40FB-828E-D25088E85A21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:g3_firmware:15.11.0.17\\(9502\\)_cn:*:*:*:*:*:*:*",
"matchCriteriaId": "67707336-51C8-428B-B4E2-084302C5806D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A5CDD3E-C5D2-44DF-B330-065CF8ECC29B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetUSBShareInfo. This vulnerability allows attackers to execute arbitrary commands via the usbOrdinaryUserName parameter."
},
{
"lang": "es",
"value": "Se ha detectado que los routers Tenda G1 y G3 versi\u00f3n v15.11.0.17(9502)_CN, contienen una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n formSetUSBShareInfo. Esta vulnerabilidad permite a atacantes ejecutar comandos arbitrarios por medio del par\u00e1metro usbOrdinaryUserName"
}
],
"id": "CVE-2021-45986",
"lastModified": "2024-11-21T06:33:25.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-04T02:15:08.533",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_2/2.md"
},
{
"source": "nvd@nist.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218962"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_2/2.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-45990
Vulnerability from fkie_nvd - Published: 2022-02-04 02:15 - Updated: 2024-11-21 06:33
Severity ?
Summary
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function uploadPicture. This vulnerability allows attackers to execute arbitrary commands via the pic_name parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | g1_firmware | 15.11.0.17\(9502\)_cn | |
| tendacn | g1 | - | |
| tendacn | g3_firmware | 15.11.0.17\(9502\)_cn | |
| tendacn | g3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:g1_firmware:15.11.0.17\\(9502\\)_cn:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F4A805-B82C-4815-9999-E2D971E082E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:g1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6839E6D3-4F3E-40FB-828E-D25088E85A21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:g3_firmware:15.11.0.17\\(9502\\)_cn:*:*:*:*:*:*:*",
"matchCriteriaId": "67707336-51C8-428B-B4E2-084302C5806D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A5CDD3E-C5D2-44DF-B330-065CF8ECC29B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function uploadPicture. This vulnerability allows attackers to execute arbitrary commands via the pic_name parameter."
},
{
"lang": "es",
"value": "Se ha detectado que los routers Tenda G1 y G3 versi\u00f3n v15.11.0.17(9502)_CN, contienen una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n uploadPicture. Esta vulnerabilidad permite a atacantes ejecutar comandos arbitrarios por medio del par\u00e1metro pic_name"
}
],
"id": "CVE-2021-45990",
"lastModified": "2024-11-21T06:33:26.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-04T02:15:08.720",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_1/1.md"
},
{
"source": "nvd@nist.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/cve/CVE-2021-45990"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_1/1.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-45989
Vulnerability from fkie_nvd - Published: 2022-02-04 02:15 - Updated: 2024-11-21 06:33
Severity ?
Summary
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function guestWifiRuleRefresh. This vulnerability allows attackers to cause a Denial of Service (DoS) via the qosGuestUpstream and qosGuestDownstream parameters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tendacn | g1_firmware | 15.11.0.17\(9502\)_cn | |
| tendacn | g1 | - | |
| tendacn | g3_firmware | 15.11.0.17\(9502\)_cn | |
| tendacn | g3 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:g1_firmware:15.11.0.17\\(9502\\)_cn:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F4A805-B82C-4815-9999-E2D971E082E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:g1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6839E6D3-4F3E-40FB-828E-D25088E85A21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tendacn:g3_firmware:15.11.0.17\\(9502\\)_cn:*:*:*:*:*:*:*",
"matchCriteriaId": "67707336-51C8-428B-B4E2-084302C5806D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tendacn:g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A5CDD3E-C5D2-44DF-B330-065CF8ECC29B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function guestWifiRuleRefresh. This vulnerability allows attackers to cause a Denial of Service (DoS) via the qosGuestUpstream and qosGuestDownstream parameters."
},
{
"lang": "es",
"value": "Se ha detectado que los routers Tenda G1 y G3 versi\u00f3n v15.11.0.17(9502)_CN, contienen un desbordamiento de pila en la funci\u00f3n guestWifiRuleRefresh. Esta vulnerabilidad permite a atacantes causar una denegaci\u00f3n de servicio (DoS) por medio de los par\u00e1metros qosGuestUpstream y qosGuestDownstream"
}
],
"id": "CVE-2021-45989",
"lastModified": "2024-11-21T06:33:26.323",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-04T02:15:08.677",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_4/4.md"
},
{
"source": "nvd@nist.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://github.com/pjqwudi/my_vuln/blob/main/Tenda/vuln_4/4.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-50852 (GCVE-0-2024-50852)
Vulnerability from cvelistv5 – Published: 2024-11-13 00:00 – Updated: 2024-11-21 16:42
VLAI?
Summary
Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetUSBPartitionUmount function.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:tenda:g3:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "g3",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "v3.0_v15.11.0.20"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-50852",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T17:11:28.898463Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T16:42:35.758Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetUSBPartitionUmount function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T14:58:52.791572",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/zp9080/Tenda/blob/main/Tenda-G3v3.0%20V15.11.0.20-formSetUSBPartitionUmount/overview.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-50852",
"datePublished": "2024-11-13T00:00:00",
"dateReserved": "2024-10-28T00:00:00",
"dateUpdated": "2024-11-21T16:42:35.758Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-50853 (GCVE-0-2024-50853)
Vulnerability from cvelistv5 – Published: 2024-11-13 00:00 – Updated: 2024-11-21 16:42
VLAI?
Summary
Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetDebugCfg function.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:tenda:g3:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "g3",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "v3.0_v15.11.0.20"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-50853",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T17:07:26.297450Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T16:42:03.474Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetDebugCfg function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T14:58:53.154857",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/zp9080/Tenda/blob/main/Tenda-G3v3.0%20V15.11.0.20-formSetDebugCfg/overview.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-50853",
"datePublished": "2024-11-13T00:00:00",
"dateReserved": "2024-10-28T00:00:00",
"dateUpdated": "2024-11-21T16:42:03.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-50854 (GCVE-0-2024-50854)
Vulnerability from cvelistv5 – Published: 2024-11-13 00:00 – Updated: 2025-03-14 17:03
VLAI?
Summary
Tenda G3 v3.0 v15.11.0.20 was discovered to contain a stack overflow via the formSetPortMapping function.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:tenda:g3:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "g3",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "v15.11.0.20"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-50854",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T15:54:24.859664Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T17:03:32.853Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda G3 v3.0 v15.11.0.20 was discovered to contain a stack overflow via the formSetPortMapping function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T14:58:53.610Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/zp9080/Tenda/blob/main/Tenda-G3v3.0%20V15.11.0.20-formSetPortMapping/overview.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-50854",
"datePublished": "2024-11-13T00:00:00.000Z",
"dateReserved": "2024-10-28T00:00:00.000Z",
"dateUpdated": "2025-03-14T17:03:32.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-46628 (GCVE-0-2024-46628)
Vulnerability from cvelistv5 – Published: 2024-09-26 00:00 – Updated: 2024-09-26 20:23
VLAI?
Summary
Tenda G3 Router firmware v15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function.
Severity ?
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:g3_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "g3_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "15.03.05.05"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-46628",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T20:21:52.193970Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T20:23:59.058Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda G3 Router firmware v15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T20:11:59.099297",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Question-h/vuln/blob/master/Remote%20Code%20Execution%20Vulnerability%20in%20Tenda%20G3%20Router.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-46628",
"datePublished": "2024-09-26T00:00:00",
"dateReserved": "2024-09-11T00:00:00",
"dateUpdated": "2024-09-26T20:23:59.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8224 (GCVE-0-2024-8224)
Vulnerability from cvelistv5 – Published: 2024-08-27 23:00 – Updated: 2024-08-28 15:18
VLAI?
Title
Tenda G3 setDebugCfg formSetDebugCfg stack-based overflow
Summary
A vulnerability, which was classified as critical, has been found in Tenda G3 15.11.0.20. This issue affects the function formSetDebugCfg of the file /goform/setDebugCfg. The manipulation of the argument enable/level/module leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Credits
wxhwxhwxh_tutu (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:g3_firmware:15.11.0.20:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "g3_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "15.11.0.20"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8224",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T15:17:51.613655Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T15:18:02.331Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "G3",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "15.11.0.20"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "wxhwxhwxh_tutu (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Tenda G3 15.11.0.20. This issue affects the function formSetDebugCfg of the file /goform/setDebugCfg. The manipulation of the argument enable/level/module leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Tenda G3 15.11.0.20 entdeckt. Sie wurde als kritisch eingestuft. Betroffen davon ist die Funktion formSetDebugCfg der Datei /goform/setDebugCfg. Durch das Beeinflussen des Arguments enable/level/module mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-27T23:00:07.675Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-275933 | Tenda G3 setDebugCfg formSetDebugCfg stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.275933"
},
{
"name": "VDB-275933 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.275933"
},
{
"name": "Submit #393999 | Tenda G3V3.0 V15.11.0.20 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.393999"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/abcdefg-png/AHU-IoT-vulnerable/blob/main/Tenda/G3V3.0/formSetDebugCfg.md"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-08-27T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-08-27T15:17:27.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda G3 setDebugCfg formSetDebugCfg stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-8224",
"datePublished": "2024-08-27T23:00:07.675Z",
"dateReserved": "2024-08-27T13:11:58.086Z",
"dateUpdated": "2024-08-28T15:18:02.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-50852 (GCVE-0-2024-50852)
Vulnerability from nvd – Published: 2024-11-13 00:00 – Updated: 2024-11-21 16:42
VLAI?
Summary
Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetUSBPartitionUmount function.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:tenda:g3:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "g3",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "v3.0_v15.11.0.20"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-50852",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T17:11:28.898463Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T16:42:35.758Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetUSBPartitionUmount function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T14:58:52.791572",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/zp9080/Tenda/blob/main/Tenda-G3v3.0%20V15.11.0.20-formSetUSBPartitionUmount/overview.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-50852",
"datePublished": "2024-11-13T00:00:00",
"dateReserved": "2024-10-28T00:00:00",
"dateUpdated": "2024-11-21T16:42:35.758Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-50853 (GCVE-0-2024-50853)
Vulnerability from nvd – Published: 2024-11-13 00:00 – Updated: 2024-11-21 16:42
VLAI?
Summary
Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetDebugCfg function.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:tenda:g3:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "g3",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "v3.0_v15.11.0.20"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-50853",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T17:07:26.297450Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T16:42:03.474Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetDebugCfg function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T14:58:53.154857",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/zp9080/Tenda/blob/main/Tenda-G3v3.0%20V15.11.0.20-formSetDebugCfg/overview.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-50853",
"datePublished": "2024-11-13T00:00:00",
"dateReserved": "2024-10-28T00:00:00",
"dateUpdated": "2024-11-21T16:42:03.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-50854 (GCVE-0-2024-50854)
Vulnerability from nvd – Published: 2024-11-13 00:00 – Updated: 2025-03-14 17:03
VLAI?
Summary
Tenda G3 v3.0 v15.11.0.20 was discovered to contain a stack overflow via the formSetPortMapping function.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:tenda:g3:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "g3",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "v15.11.0.20"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-50854",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T15:54:24.859664Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T17:03:32.853Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda G3 v3.0 v15.11.0.20 was discovered to contain a stack overflow via the formSetPortMapping function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T14:58:53.610Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/zp9080/Tenda/blob/main/Tenda-G3v3.0%20V15.11.0.20-formSetPortMapping/overview.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-50854",
"datePublished": "2024-11-13T00:00:00.000Z",
"dateReserved": "2024-10-28T00:00:00.000Z",
"dateUpdated": "2025-03-14T17:03:32.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-46628 (GCVE-0-2024-46628)
Vulnerability from nvd – Published: 2024-09-26 00:00 – Updated: 2024-09-26 20:23
VLAI?
Summary
Tenda G3 Router firmware v15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function.
Severity ?
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:g3_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "g3_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "15.03.05.05"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-46628",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T20:21:52.193970Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T20:23:59.058Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tenda G3 Router firmware v15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T20:11:59.099297",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Question-h/vuln/blob/master/Remote%20Code%20Execution%20Vulnerability%20in%20Tenda%20G3%20Router.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-46628",
"datePublished": "2024-09-26T00:00:00",
"dateReserved": "2024-09-11T00:00:00",
"dateUpdated": "2024-09-26T20:23:59.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8224 (GCVE-0-2024-8224)
Vulnerability from nvd – Published: 2024-08-27 23:00 – Updated: 2024-08-28 15:18
VLAI?
Title
Tenda G3 setDebugCfg formSetDebugCfg stack-based overflow
Summary
A vulnerability, which was classified as critical, has been found in Tenda G3 15.11.0.20. This issue affects the function formSetDebugCfg of the file /goform/setDebugCfg. The manipulation of the argument enable/level/module leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Credits
wxhwxhwxh_tutu (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:g3_firmware:15.11.0.20:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "g3_firmware",
"vendor": "tenda",
"versions": [
{
"status": "affected",
"version": "15.11.0.20"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8224",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T15:17:51.613655Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T15:18:02.331Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "G3",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "15.11.0.20"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "wxhwxhwxh_tutu (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Tenda G3 15.11.0.20. This issue affects the function formSetDebugCfg of the file /goform/setDebugCfg. The manipulation of the argument enable/level/module leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Tenda G3 15.11.0.20 entdeckt. Sie wurde als kritisch eingestuft. Betroffen davon ist die Funktion formSetDebugCfg der Datei /goform/setDebugCfg. Durch das Beeinflussen des Arguments enable/level/module mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-27T23:00:07.675Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-275933 | Tenda G3 setDebugCfg formSetDebugCfg stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.275933"
},
{
"name": "VDB-275933 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.275933"
},
{
"name": "Submit #393999 | Tenda G3V3.0 V15.11.0.20 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.393999"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/abcdefg-png/AHU-IoT-vulnerable/blob/main/Tenda/G3V3.0/formSetDebugCfg.md"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-08-27T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-08-27T15:17:27.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda G3 setDebugCfg formSetDebugCfg stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-8224",
"datePublished": "2024-08-27T23:00:07.675Z",
"dateReserved": "2024-08-27T13:11:58.086Z",
"dateUpdated": "2024-08-28T15:18:02.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}