0-fool/VulnbyCola

Releases0

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-70648 ↗	Jan 21, 2026Wednesday, 21 January 2026, 17:16	7.5 HIGH	—
Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in the security_5g parameter of the sub_727F4 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-70644 ↗	Jan 21, 2026Wednesday, 21 January 2026, 17:16	7.5 HIGH	—
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the time parameter of the sub_60CFC function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-70646 ↗	Jan 21, 2026Wednesday, 21 January 2026, 17:16	7.5 HIGH	—
Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in the security parameter of the sub_72290 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-70651 ↗	Jan 21, 2026Wednesday, 21 January 2026, 16:16	7.5 HIGH	—
Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow in the ssid parameter of the form_fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-70650 ↗	Jan 21, 2026Wednesday, 21 January 2026, 16:16	7.5 HIGH	—
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the deviceList parameter of the formSetMacFilterCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-70645 ↗	Jan 21, 2026Wednesday, 21 January 2026, 16:16	7.5 HIGH	—
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the deviceList parameter of the formSetWifiMacFilterCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-70746 ↗	Jan 16, 2026Friday, 16 January 2026, 16:15	7.5 HIGH	—
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the timeZone parameter of the fromSetSysTime function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-71020 ↗	Jan 16, 2026Friday, 16 January 2026, 16:15	7.5 HIGH	—
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the security parameter of the sub_4C408 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-70656 ↗	Jan 15, 2026Thursday, 15 January 2026, 17:16	7.5 HIGH	—
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the mac parameter of the sub_65B5C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-70744 ↗	Jan 15, 2026Thursday, 15 January 2026, 15:15	7.5 HIGH	—
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the cloneType parameter of the sub_65B5C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-71019 ↗	Jan 15, 2026Thursday, 15 January 2026, 15:15	7.5 HIGH	—
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the wanSpeed parameter of the sub_65B5C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-70747 ↗	Jan 14, 2026Wednesday, 14 January 2026, 18:16	7.5 HIGH	—
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the serviceName parameter of the sub_65A28 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-71021 ↗	Jan 14, 2026Wednesday, 14 January 2026, 18:16	7.5 HIGH	—
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the serverName parameter of the sub_65A28 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-71024 ↗	Jan 13, 2026Tuesday, 13 January 2026, 16:16	7.5 HIGH	—
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the serviceName2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-71023 ↗	Jan 13, 2026Tuesday, 13 January 2026, 16:16	7.5 HIGH	—
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the mac2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-71026 ↗	Jan 13, 2026Tuesday, 13 January 2026, 16:16	7.5 HIGH	—
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanSpeed2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-71027 ↗	Jan 13, 2026Tuesday, 13 January 2026, 16:16	7.5 HIGH	—
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanMTU2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-70753 ↗	Jan 13, 2026Tuesday, 13 January 2026, 16:16	7.5 HIGH	—
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the security_5g parameter of the sub_4CA50 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-71025 ↗	Jan 13, 2026Tuesday, 13 January 2026, 16:16	7.5 HIGH	—
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the cloneType2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-63149 ↗	Nov 10, 2025Monday, 10 November 2025, 20:15	7.5 HIGH	—
Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the urls parameter of the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-63457 ↗	Nov 10, 2025Monday, 10 November 2025, 17:15	7.5 HIGH	—
Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the wanMTU parameter in the sub_4F55C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-63455 ↗	Nov 10, 2025Monday, 10 November 2025, 17:15	7.5 HIGH	—
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-63456 ↗	Nov 10, 2025Monday, 10 November 2025, 17:15	7.5 HIGH	—
Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the time parameter in the SetSysTimeCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-63147 ↗	Nov 10, 2025Monday, 10 November 2025, 17:15	7.5 HIGH	—
Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the deviceId parameter of the saveParentControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-63154 ↗	Nov 10, 2025Monday, 10 November 2025, 16:15	7.5 HIGH	—
TOTOLink A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow in the addEffect parameter of the urldecode function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2025-63153 ↗	Nov 10, 2025Monday, 10 November 2025, 16:15	7.5 HIGH	—
TOTOLink A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow in the ssid parameter of the urldecode function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-63152 ↗	Nov 10, 2025Monday, 10 November 2025, 16:15	7.5 HIGH	—
Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the wpapsk_crypto parameter of the wlSetExternParameter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-63458 ↗	Oct 31, 2025Friday, 31 October 2025, 19:15	7.5 HIGH	—
Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the timeZone parameter in the form_fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-63454 ↗	Oct 31, 2025Friday, 31 October 2025, 19:15	7.5 HIGH	—
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow via the deviceId parameter in the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-63459 ↗	Oct 31, 2025Friday, 31 October 2025, 18:15	7.5 HIGH	—
Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g parameter in the sub_421CF0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-63465 ↗	Oct 31, 2025Friday, 31 October 2025, 17:15	7.5 HIGH	—
Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_422880 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-63464 ↗	Oct 31, 2025Friday, 31 October 2025, 17:15	7.5 HIGH	—
Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_42396C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-63463 ↗	Oct 31, 2025Friday, 31 October 2025, 17:15	7.5 HIGH	—
Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the wifiOff parameter in the sub_4232EC function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-63462 ↗	Oct 31, 2025Friday, 31 October 2025, 17:15	7.5 HIGH	—
Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the wifiOff parameter in the sub_421A04 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-63461 ↗	Oct 31, 2025Friday, 31 October 2025, 17:15	7.5 HIGH	—
Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g parameter in the urldecode function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-63460 ↗	Oct 31, 2025Friday, 31 October 2025, 17:15	7.5 HIGH	—
Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g parameter in the sub_4222E0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-63469 ↗	Oct 31, 2025Friday, 31 October 2025, 16:15	7.5 HIGH	—
Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_421BAC function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-63468 ↗	Oct 31, 2025Friday, 31 October 2025, 16:15	7.5 HIGH	—
Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the http_host parameter in the sub_426EF8 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-63467 ↗	Oct 31, 2025Friday, 31 October 2025, 16:15	7.5 HIGH	—
Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_425400 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-63466 ↗	Oct 31, 2025Friday, 31 October 2025, 16:15	7.5 HIGH	—
Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the sub_426EF8 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.