VARIoT IoT vulnerabilities database

Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page parameter in the fromVirtualSer function. Shenzhen Tenda Technology Co.,Ltd. of w30e An out-of-bounds read vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda W30E is an enterprise-grade wireless router designed for SOHO, small and micro-enterprise offices, and small shops, supporting Wi-Fi 6 technology. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the password parameter in the formaddUserName function. Shenzhen Tenda Technology Co.,Ltd. of w30e A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda W30E is an enterprise-grade wireless router designed for SOHO, small and micro-enterprise offices, and small shops, supporting Wi-Fi 6 technology. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Tenda FH1203 V2.0.1.6 firmware has a command injection vulnerablility in formexeCommand function via the cmdinput parameter. Shenzhen Tenda Technology Co.,Ltd. of fh1203 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Tenda FH1203 is a dual-band wireless router released by China's Tenda Group, primarily used for home network coverage. This vulnerability stems from the cmdinput parameter of the formexeCommand method failing to properly filter special characters and commands when constructing commands. An attacker could exploit this vulnerability to execute arbitrary commands

Tenda FH1202 v1.2.0.14(408) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter. Shenzhen Tenda Technology Co.,Ltd. (DoS) It may be in a state. Tenda FH1202 is a dual-band wireless router launched by Tenda, supporting 2.4GHz and 5GHz bands, with a total transmission rate of 1200Mbps. No detailed vulnerability details are currently provided

Tenda FH1205 V2.0.0.7(775) firmware has a stack overflow vulnerability located via the adslPwd parameter of the formWanParameterSetting function. Shenzhen Tenda Technology Co.,Ltd. of fh1205 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. The Tenda FH1205 is a dual-band wireless router for home users. It supports the IEEE 802.11ac standard, offers wireless speeds up to 1200 Mbps, and operates in both the 2.4 GHz and 5 GHz frequency bands. This vulnerability stems from the adslPwd parameter in the formWanParameterSetting method failing to properly validate the length of input data. An attacker could exploit this vulnerability to cause a denial of service

Tenda F1203 V2.0.1.6 firmware has a stack overflow vulnerability located in the adslPwd parameter of the formWanParameterSetting function. Shenzhen Tenda Technology Co.,Ltd. of f1203 A stack-based buffer overflow vulnerability exists in the firmware.Service operation interruption (DoS) It may be in a state. in January 2015. The vulnerability is caused by the adslPwd parameter of the formWanParameterSetting method failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to cause a denial of service

Tenda F1203 V2.0.1.6 firmware has a stack overflow vulnerability located in the PPW parameter of the fromWizardHandle function. Shenzhen Tenda Technology Co.,Ltd. of f1203 A stack-based buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. in January 2015. The vulnerability is caused by the PPW parameter of the fromWizardHandle method failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Tenda FH1205 V2.0.0.7(775) firmware has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function. Shenzhen Tenda Technology Co.,Ltd. of fh1205 A stack-based buffer overflow vulnerability exists in the firmware.Information may be obtained and information may be tampered with. The Tenda FH1205 is a dual-band wireless router for home users. It supports the IEEE 802.11ac standard, offers wireless speeds up to 1200 Mbps, and operates in both the 2.4 GHz and 5 GHz frequency bands. This vulnerability stems from the PPW parameter in the fromWizardHandle method failing to properly validate the length of the input data. Detailed vulnerability details are currently unavailable

Tenda AC7V1.0 v15.03.06.44 firmware has a stack overflow vulnerability via the PPW parameter in the fromWizardHandle function. Shenzhen Tenda Technology Co.,Ltd. of AC7 An out-of-bounds read vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC7 is a dual-band router launched by Tenda Technology, focusing on signal coverage and high-speed transmission for large households. The vulnerability is caused by the PPW parameter of the fromWizardHandle method failing to correctly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Tenda AC7V1.0 v15.03.06.44 firmware contains a command injection vulnerablility in formexeCommand function via the cmdinput parameter. Shenzhen Tenda Technology Co.,Ltd. (DoS) It may be in a state. It utilizes the 802.11ac standard, supports dual-band concurrent transmission, and offers wireless speeds up to 1167Mbps. An attacker could exploit this vulnerability to execute arbitrary commands

A vulnerability, which was classified as critical, has been found in Tenda AC500 2.0.1.9(1307). Affected by this issue is the function fromDhcpListClient of the file /goform/DhcpListClient. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-261146 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of ac500 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC500 is a Gigabit port access controller from China's Tenda company. No detailed vulnerability details are provided at this time

A vulnerability classified as critical was found in Tenda AC500 2.0.1.9(1307). Affected by this vulnerability is the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261145 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of ac500 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC500 is a Gigabit port access controller from China's Tenda Company. Tenda AC500 version 2.0.1.9(1307) has a security vulnerability, which is caused by a buffer overflow in the cmdinput parameter of the formexeCommand method of the /goform/execCommand file. No detailed vulnerability details are currently available

A vulnerability classified as critical has been found in Tenda AC500 2.0.1.9(1307). Affected is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261144. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of ac500 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. No detailed vulnerability details are provided at present

A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been rated as critical. This issue affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261143. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. of ac500 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda AC500 is a Gigabit port access controller from China's Tenda Company. No detailed vulnerability details are provided at this time

A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been declared as critical. This vulnerability affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-261142 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. of ac500 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been classified as critical. This affects the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261141 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. of ac500 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A vulnerability was found in Tenda W30E 1.0.1.25(633). It has been classified as critical. Affected is the function fromRouteStatic of the file /goform/fromRouteStatic. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260916. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. of w30e An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability is caused by the parameter page of the fromRouteStatic function of /goform/fromRouteStatic failing to correctly verify the length of the input data. Remote attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service attack

A vulnerability was found in Tenda W30E 1.0.1.25(633) and classified as critical. This issue affects the function frmL7PlotForm of the file /goform/frmL7ProtForm. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260915. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of w30e An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The device provides wireless network connection and Internet access. In Tenda W30E 1.0.1.25(633) version, there is a stack buffer overflow vulnerability in the frmL7PlotForm function of the /goform/frmL7ProtForm file. The vulnerability is caused by improper processing of the incoming parameter page. A remote attacker can exploit this vulnerability to execute arbitrary code

A vulnerability has been found in Tenda W30E 1.0.1.25(633) and classified as critical. This vulnerability affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-260914 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of w30e The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda W30E is a wireless router device that provides Internet access, wireless coverage and other functions. In the 1.0.1.25(633) version of Tenda W30E, the formWriteFacMac function of the /goform/WriteFacMac file has a command injection vulnerability, which can be exploited by attackers to execute arbitrary commands

A vulnerability, which was classified as critical, was found in Tenda W30E 1.0.1.25(633). This affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260913 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Shenzhen Tenda Technology Co.,Ltd. of w30e An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda W30E is a wireless router developed by Tenda, mainly used to provide stable network connections for homes and small offices. There is a stack buffer overflow vulnerability in the formSetCfm function of the /goform/setcfm file in Tenda W30E 1.0.1.25(633) version. An attacker can exploit this vulnerability to cause a stack overflow by remotely manipulating the funcpara1 parameter