TTTJJJWWW/AHU-IoT-vulnerable

Releases0

Stars8

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-46419 ↗	Sep 16, 2024Monday, 16 September 2024, 14:15	9.8 CRITICAL	—
TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWizardCfg function via the ssid5g parameter.
CVE-2024-46424 ↗	Sep 16, 2024Monday, 16 September 2024, 13:15	7.5 HIGH	—
TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the UploadCustomModule function, which allows attackers to cause a Denial of Service (DoS) via the File parameter.
CVE-2024-42979 ↗	Aug 15, 2024Thursday, 15 August 2024, 17:15	7.5 HIGH	—
Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the frmL7ProtForm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2024-42987 ↗	Aug 15, 2024Thursday, 15 August 2024, 17:15	7.5 HIGH	—
Tenda FH1206 v02.03.01.35 was discovered to contain a stack-based buffer overflow vulnerability in the fromPptpUserAdd function. The vulnerability can be triggered via the modino, username, newpwd, or pptpdnetseg parameters, all of which are passed via HTTP POST and used in unsafe sprintf calls without proper length validation. A remote attacker can exploit this flaw through a crafted POST request, which may cause a Denial of Service (DoS). In certain scenarios, this issue could potentially be leveraged to achieve remote code execution.
CVE-2024-42986 ↗	Aug 15, 2024Thursday, 15 August 2024, 17:15	7.5 HIGH	—
Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the PPPOEPassword parameter in the fromAdvSetWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2024-42985 ↗	Aug 15, 2024Thursday, 15 August 2024, 17:15	7.5 HIGH	—
Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromNatlimit function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2024-42984 ↗	Aug 15, 2024Thursday, 15 August 2024, 17:15	7.5 HIGH	—
Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromP2pListFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2024-42983 ↗	Aug 15, 2024Thursday, 15 August 2024, 17:15	7.5 HIGH	—
Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the pptpPPW parameter in the fromAdvSetWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2024-42982 ↗	Aug 15, 2024Thursday, 15 August 2024, 17:15	7.5 HIGH	—
Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromVirtualSer function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2024-42981 ↗	Aug 15, 2024Thursday, 15 August 2024, 17:15	7.5 HIGH	—
Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the delno parameter in the fromPptpUserSetting function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2024-42980 ↗	Aug 15, 2024Thursday, 15 August 2024, 17:15	7.5 HIGH	—
Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the frmL7ImForm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2024-42968 ↗	Aug 15, 2024Thursday, 15 August 2024, 17:15	7.5 HIGH	—
Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the Go parameter in the fromSafeUrlFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2024-42973 ↗	Aug 15, 2024Thursday, 15 August 2024, 17:15	7.5 HIGH	—
Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromSetlpBind function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2024-42978 ↗	Aug 15, 2024Thursday, 15 August 2024, 17:15	9.8 CRITICAL	—
An issue in the handler function in /goform/telnet of Tenda FH1206 v02.03.01.35 allows attackers to execute arbitrary commands via a crafted HTTP request.
CVE-2024-42977 ↗	Aug 15, 2024Thursday, 15 August 2024, 17:15	7.5 HIGH	—
Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the qos parameter in the fromqossetting function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2024-42976 ↗	Aug 15, 2024Thursday, 15 August 2024, 17:15	7.5 HIGH	—
Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromSafeClientFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2024-42966 ↗	Aug 15, 2024Thursday, 15 August 2024, 17:15	9.8 CRITICAL	—
Incorrect access control in TOTOLINK N350RT V9.3.5u.6139_B20201216 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh.
CVE-2024-42967 ↗	Aug 15, 2024Thursday, 15 August 2024, 17:15	9.8 CRITICAL	—
Incorrect access control in TOTOLINK LR350 V9.3.5u.6369_B20220309 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh.
CVE-2024-42974 ↗	Aug 15, 2024Thursday, 15 August 2024, 17:15	7.5 HIGH	—
Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromwebExcptypemanFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2024-42969 ↗	Aug 15, 2024Thursday, 15 August 2024, 17:15	7.5 HIGH	—
Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromSafeUrlFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2024-42946 ↗	Aug 15, 2024Thursday, 15 August 2024, 17:15	7.5 HIGH	—
Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromVirtualSer function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2024-42949 ↗	Aug 15, 2024Thursday, 15 August 2024, 17:15	7.5 HIGH	—
Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the qos parameter in the fromqossetting function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2024-42955 ↗	Aug 15, 2024Thursday, 15 August 2024, 17:15	7.5 HIGH	—
Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromSafeClientFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2024-42954 ↗	Aug 15, 2024Thursday, 15 August 2024, 17:15	7.5 HIGH	—
Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromwebExcptypemanFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2024-42953 ↗	Aug 15, 2024Thursday, 15 August 2024, 17:15	7.5 HIGH	—
Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the PPW parameter in the fromWizardHandle function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2024-42951 ↗	Aug 15, 2024Thursday, 15 August 2024, 17:15	7.5 HIGH	—
Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the mit_pptpusrpw parameter in the fromWizardHandle function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2024-42950 ↗	Aug 15, 2024Thursday, 15 August 2024, 17:15	7.5 HIGH	—
Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the Go parameter in the fromSafeClientFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2024-42945 ↗	Aug 15, 2024Thursday, 15 August 2024, 17:15	7.5 HIGH	—
Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromAddressNat function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2024-42948 ↗	Aug 15, 2024Thursday, 15 August 2024, 17:15	7.5 HIGH	—
Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the delno parameter in the fromPptpUserSetting function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2024-42947 ↗	Aug 15, 2024Thursday, 15 August 2024, 17:15	9.8 CRITICAL	—
An issue in the handler function in /goform/telnet of Tenda FH1201 v1.2.0.14 (408) allows attackers to execute arbitrary commands via a crafted HTTP request.
CVE-2024-42952 ↗	Aug 15, 2024Thursday, 15 August 2024, 17:15	7.5 HIGH	—
Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromqossetting function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2024-42940 ↗	Aug 15, 2024Thursday, 15 August 2024, 17:15	7.5 HIGH	—
Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromP2pListFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2024-42944 ↗	Aug 15, 2024Thursday, 15 August 2024, 17:15	7.5 HIGH	—
Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromNatlimit function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2024-42943 ↗	Aug 15, 2024Thursday, 15 August 2024, 17:15	7.5 HIGH	—
Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the PPPOEPassword parameter in the fromAdvSetWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2024-42942 ↗	Aug 15, 2024Thursday, 15 August 2024, 17:15	7.5 HIGH	—
Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the frmL7ImForm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2024-42941 ↗	Aug 15, 2024Thursday, 15 August 2024, 17:15	7.5 HIGH	—
Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the wanmode parameter in the fromAdvSetWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.