VARIoT IoT vulnerabilities database
| VAR-202203-1223 | CVE-2022-25460 | Stack Overflow Vulnerability in Tenda AC6 SetPptpServerCfg Function |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the endip parameter in the SetPptpServerCfg function. The Tenda AC6 is a wireless router from the Chinese company Tenda
| VAR-202203-1221 | CVE-2022-25455 | Stack Overflow Vulnerability in Tenda AC6 SetIpMacBind Function |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in the SetIpMacBind function. The Tenda AC6 is a wireless router from the Chinese company Tenda
| VAR-202203-1222 | CVE-2022-25458 | Tenda AC6 Stack Overflow Vulnerability (CNVD-2022-23522) |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the cmdinput parameter in the exeCommand function. Tenda AC6 is a wireless router.
A stack overflow vulnerability exists in Tenda AC6, which could allow an attacker to corrupt memory or cause a denial of service
| VAR-202203-1211 | CVE-2022-25429 | Tenda AC9 saveparentcontrolinfo function buffer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC9 v15.03.2.21 was discovered to contain a buffer overflow via the time parameter in the saveparentcontrolinfo function. The Tenda AC9 is a wireless router from the Chinese company Tenda
| VAR-202203-0588 | CVE-2022-25438 | Tenda AC9 Command Injection Vulnerability (CNVD-2022-26241) |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the SetIPTVCfg function. The Tenda AC9 is a wireless router from the Chinese company Tenda. The vulnerability stems from the fact that the dosystemcmd parameter in the sub_a3550 function fails to properly filter the special elements that construct the code segment
| VAR-202203-0598 | CVE-2022-25457 | Tenda AC6 Stack Overflow Vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the ntpserver parameter in the SetSysTimeCfg function. Tenda AC6 is a wireless router.
Tenda AC6 has a security vulnerability that could allow an attacker to corrupt memory or cause a denial of service
| VAR-202203-1209 | CVE-2022-25427 | Tenda AC9 openSchedWifi function stack overflow vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the schedendtime parameter in the openSchedWifi function. The Tenda AC9 is a wireless router from the Chinese company Tenda
| VAR-202203-0587 | CVE-2022-25435 | Tenda AC9 Buffer Overflow Vulnerability (CNVD-2022-26244) |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetStaticRoutecfg function. The Tenda AC9 is a wireless router from the Chinese company Tenda.
There is a buffer overflow vulnerability in Tenda AC9 15.03.2.21. The vulnerability arises from the fact that when the list parameter in the SetStaticRoutecfg function performs operations on memory, the data boundary is not properly verified. An attacker can exploit this vulnerability to execute arbitrary commands
| VAR-202203-0593 | CVE-2022-25449 | Tenda AC6 Buffer Overflow Vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the deviceId parameter in the saveParentControlInfo function. The Tenda AC6 is a wireless router from the Chinese company Tenda.
A buffer overflow vulnerability exists in Tenda AC6. The vulnerability arises from the fact that the deviceId parameter in the saveParentControlInfo function does not properly verify the data boundary when performing operations on memory. An attacker can exploit this vulnerability to execute arbitrary commands
| VAR-202203-0591 | CVE-2022-25446 | Tenda AC6 openSchedWifi function stack overflow vulnerability (CNVD-2022-23519) |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the schedstarttime parameter in the openSchedWifi function. Tenda AC6 is a wireless router.
Tenda AC6 v15.03.05.09_multi has a buffer overflow vulnerability, which can be exploited by attackers to cause arbitrary command execution
| VAR-202203-0592 | CVE-2022-25447 | Tenda AC6 openSchedWifi function stack overflow vulnerability (CNVD-2022-23520) |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the schedendtime parameter in the openSchedWifi function. Tenda AC6 is a wireless router
| VAR-202203-1212 | CVE-2022-25431 | Tenda AC9 Formsetqosband Function Stack Overflow Vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC9 v15.03.2.21 was discovered to contain multiple stack overflows via the NPTR, V12, V10 and V11 parameter in the Formsetqosband function. The Tenda AC9 is a wireless router from the Chinese company Tenda.
A stack overflow vulnerability exists in the Tenda AC9 Formsetqosband function, which can be exploited by an attacker to cause arbitrary command execution
| VAR-202203-1216 | CVE-2022-25440 | Tenda AC9 Buffer Overflow Vulnerability (CNVD-2022-26243) |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the ntpserver parameter in the SetSysTimeCfg function. The Tenda AC9 is a wireless router from the Chinese company Tenda.
A buffer overflow vulnerability exists in Tenda AC9 version 15.03.2.21. The vulnerability arises from the fact that when the ntpserver parameter in the SetSysTimeCfg function performs operations on memory, the data boundary is not properly verified. An attacker can exploit this vulnerability to cause arbitrary command execution
| VAR-202203-1236 | CVE-2022-24655 | NETGEAR EX6100v1 Stack Overflow Vulnerability |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
A stack overflow vulnerability exists in the upnpd service in Netgear EX6100v1 201.0.2.28, CAX80 2.1.2.6, and DC112A 1.0.0.62, which may lead to the execution of arbitrary code without authentication. NETGEAR EX6100v1 is a WiFi range extender from Netgear, USA. An attacker could exploit this vulnerability to execute arbitrary code
| VAR-202203-0597 | CVE-2022-25456 | Tenda AC6 WifiBasicSet function stack overflow vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the security_5g parameter in the WifiBasicSet function. The Tenda AC6 is a wireless router from the Chinese company Tenda
| VAR-202203-0594 | CVE-2022-25451 | Tenda AC6 setstaticroutecfg function stack overflow vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC6 V15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in the setstaticroutecfg function. The Tenda AC6 is a wireless router from the Chinese company Tenda
| VAR-202203-1214 | CVE-2022-25437 | Tenda AC9 Buffer Overflow Vulnerability (CNVD-2022-26242) |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetVirtualServerCfg function. The Tenda AC9 is a wireless router from the Chinese company Tenda.
There is a buffer overflow vulnerability in Tenda AC9 version 15.03.2.21. The vulnerability arises from the fact that when the list parameter in the SetVirtualServerCfg function performs operations on memory, the data boundary is not properly verified. An attacker can exploit this vulnerability to cause arbitrary command execution
| VAR-202203-0595 | CVE-2022-25452 | Stack Overflow Vulnerability in Tenda AC6 saveParentControlInfo Function (CNVD-2022-24437) |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the URLs parameter in the saveParentControlInfo function. The Tenda AC6 is a wireless router from the Chinese company Tenda
| VAR-202203-0590 | CVE-2022-25441 | Tenda AC9 Command Injection Vulnerability (CNVD-2022-26245) |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the vlanid parameter in the SetIPTVCfg function. The Tenda AC9 is a wireless router from the Chinese company Tenda. The vulnerability stems from the fact that the vlanid parameter in the SetIPTVCfg function fails to properly filter the special elements that construct the code segment
| VAR-202203-0589 | CVE-2022-25439 | Tenda AC9 Buffer Overflow Vulnerability (CNVD-2022-26246) |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetIpMacBind function. The Tenda AC9 is a wireless router from the Chinese company Tenda.
There is a buffer overflow vulnerability in Tenda AC9 15.03.2.21. The vulnerability arises from the fact that when the list parameter in the SetIpMacBind function performs operations on memory, the data boundary is not properly verified. An attacker can exploit this vulnerability to cause arbitrary command execution