Ac7 Firmware

ac7_firmware

Vendor: Tenda • 68 CVEs

CVEs (68)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-2891 1Tenda 1Ac7 Firmware Jan 22, 2025 Mar 26, 2024 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 A vulnerability, which was classified as critical, was found in Tenda AC7 15.03.06.44. Affected is the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack...Show more A vulnerability, which was classified as critical, was found in Tenda AC7 15.03.06.44. Affected is the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257934 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2023-41562 1Tenda 3Ac5 Firmware Ac7 FirmwareAc9 Firmware Nov 21, 2024 Aug 30, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter time at url /goform/PowerSaveSet.
CVE-2023-41559 1Tenda 3Ac5 Firmware Ac7 FirmwareAc9 Firmware Nov 21, 2024 Aug 30, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter page at url /goform/NatStaticSetting.
CVE-2023-41558 1Tenda 1Ac7 Firmware Nov 21, 2024 Aug 30, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Tenda AC7 V1.0 V15.03.06.44 was discovered to contain a stack overflow via parameter timeZone at url /goform/SetSysTimeCfg.
CVE-2023-41557 1Tenda 2Ac5 Firmware Ac7 Firmware Nov 21, 2024 Aug 30, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Tenda AC7 V1.0 V15.03.06.44 and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter entrys and mitInterface at url /goform/addressNat.
CVE-2023-41556 1Tenda 3Ac5 Firmware Ac7 FirmwareAc9 Firmware Nov 21, 2024 Aug 30, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter list at url /goform/SetIpMacBind.
CVE-2023-41555 1Tenda 1Ac7 Firmware Nov 21, 2024 Aug 30, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Tenda AC7 V1.0 V15.03.06.44 was discovered to contain a stack overflow via parameter security_5g at url /goform/WifiBasicSet.
CVE-2023-41552 1Tenda 2Ac7 Firmware Ac9 Firmware Nov 21, 2024 Aug 30, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Tenda AC7 V1.0 V15.03.06.44 and Tenda AC9 V3.0 V15.03.06.42_multi were discovered to contain a stack overflow via parameter ssid at url /goform/fast_setting_wifi_set.
CVE-2023-38937 1Tenda 7Ac10 Firmware Ac1206 FirmwareAc5 Firmware+4 more Nov 21, 2024 Aug 7, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, AC9 V3.0 V15.03.06.42_multi and AC10 v4.0 V16.03.10.13 were discovered to conta...Show more Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, AC9 V3.0 V15.03.06.42_multi and AC10 v4.0 V16.03.10.13 were discovered to contain a stack overflow via the list parameter in the formSetVirtualSer function.Show less
CVE-2023-38936 1Tenda 9Ac10 Firmware Ac1206 FirmwareAc5 Firmware+6 more Nov 21, 2024 Aug 7, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6, AC9 V3.0 V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a s...Show more Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6, AC9 V3.0 V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function.Show less
CVE-2023-38933 1Tenda 9Ac10 Firmware Ac1206 FirmwareAc5 Firmware+6 more Nov 21, 2024 Aug 7, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6 and AC9 V3.0 V15.03.06.42_multi, and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the dev...Show more Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6 and AC9 V3.0 V15.03.06.42_multi, and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function.Show less
CVE-2023-38931 1Tenda 8Ac10 Firmware Ac1206 FirmwareAc5 Firmware+5 more Nov 21, 2024 Aug 7, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and FH1203 V2.0.1.6 were discovered to c...Show more Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and FH1203 V2.0.1.6 were discovered to contain a stack overflow via the list parameter in the setaccount function.Show less
CVE-2023-38930 1Tenda 5Ac5 Firmware Ac7 FirmwareAc9 Firmware+2 more Nov 21, 2024 Aug 7, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Tenda AC7 V1.0,V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0,V15.03.06.28, AC9 V3.0,V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter func...Show more Tenda AC7 V1.0,V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0,V15.03.06.28, AC9 V3.0,V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function.Show less
CVE-2023-37717 1Tenda 7Ac10 Firmware Ac1206 FirmwareAc5 Firmware+4 more Nov 21, 2024 Jul 14, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromDhcpListClient.
CVE-2023-37716 1Tenda 7Ac10 Firmware Ac1206 FirmwareAc5 Firmware+4 more Nov 21, 2024 Jul 14, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromNatStaticSetting.
CVE-2023-37714 1Tenda 4Ac7 Firmware F1202 FirmwareFh1202 Firmware+1 more Nov 21, 2024 Jul 14, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromRouteStatic.
CVE-2018-14559 1Tenda 3Ac10 Firmware Ac7 FirmwareAc9 Firmware Nov 21, 2024 Apr 25, 2019 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A buffe...Show more An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A buffer overflow vulnerability exists in the router's web server (httpd). When processing the list parameters for a post request, the value is directly written with sprintf to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow.Show less
CVE-2018-14557 1Tenda 3Ac10 Firmware Ac7 FirmwareAc9 Firmware Nov 21, 2024 Apr 25, 2019 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A buffe...Show more An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A buffer overflow vulnerability exists in the router's web server (httpd). When processing the page parameters for a post request, the value is directly written with sprintf to a local variable placed on the stack, which overrides the return address of the function, a causing buffer overflow.Show less
CVE-2018-14558 1Tenda 3Ac10 Firmware Ac7 FirmwareAc9 Firmware Nov 7, 2025 Oct 30, 2018 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A comma...Show more An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted goform/setUsbUnload request. This occurs because the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input.Show less
CVE-2018-18732 1Tenda 5Ac10 Firmware Ac15 FirmwareAc18 Firmware+2 more Nov 21, 2024 Oct 29, 2018 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router'...Show more An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'ntpServer' parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function.Show less

Previous 1 234 Next