z1r00/IOT_Vul

Releases0

Stars22

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-46109 ↗	Dec 16, 2022Friday, 16 December 2022, 17:15	7.5 HIGH	—
Tenda AC15 V15.03.06.23 is vulnerable to Buffer Overflow via function formSetClientState.
CVE-2022-45519 ↗	Dec 8, 2022Thursday, 8 December 2022, 16:15	7.5 HIGH	—
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the Go parameter at /goform/SafeMacFilter.
CVE-2022-45517 ↗	Dec 8, 2022Thursday, 8 December 2022, 16:15	7.5 HIGH	—
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/VirtualSer.
CVE-2022-45524 ↗	Dec 8, 2022Thursday, 8 December 2022, 16:15	7.5 HIGH	—
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the opttype parameter at /goform/IPSECsave.
CVE-2022-45523 ↗	Dec 8, 2022Thursday, 8 December 2022, 16:15	7.5 HIGH	—
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/L7Im.
CVE-2022-45522 ↗	Dec 8, 2022Thursday, 8 December 2022, 16:15	7.5 HIGH	—
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeClientFilter.
CVE-2022-45521 ↗	Dec 8, 2022Thursday, 8 December 2022, 16:15	7.5 HIGH	—
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeUrlFilter.
CVE-2022-45520 ↗	Dec 8, 2022Thursday, 8 December 2022, 16:15	7.5 HIGH	—
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/qossetting.
CVE-2022-45509 ↗	Dec 8, 2022Thursday, 8 December 2022, 16:15	7.5 HIGH	—
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the account parameter at /goform/addUserName.
CVE-2022-45525 ↗	Dec 8, 2022Thursday, 8 December 2022, 16:15	7.5 HIGH	—
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the downaction parameter at /goform/CertListInfo.
CVE-2022-45516 ↗	Dec 8, 2022Thursday, 8 December 2022, 16:15	7.5 HIGH	—
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/NatStaticSetting.
CVE-2022-45518 ↗	Dec 8, 2022Thursday, 8 December 2022, 16:15	7.5 HIGH	—
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SetIpBind.
CVE-2022-45515 ↗	Dec 8, 2022Thursday, 8 December 2022, 16:15	7.5 HIGH	—
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the entries parameter at /goform/addressNat.
CVE-2022-45514 ↗	Dec 8, 2022Thursday, 8 December 2022, 16:15	7.5 HIGH	—
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/webExcptypemanFilter.
CVE-2022-45513 ↗	Dec 8, 2022Thursday, 8 December 2022, 16:15	7.5 HIGH	—
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/P2pListFilter.
CVE-2022-45512 ↗	Dec 8, 2022Thursday, 8 December 2022, 16:15	7.5 HIGH	—
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeEmailFilter.
CVE-2022-45511 ↗	Dec 8, 2022Thursday, 8 December 2022, 16:15	7.5 HIGH	—
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the PPPOEPassword parameter at /goform/QuickIndex.
CVE-2022-45510 ↗	Dec 8, 2022Thursday, 8 December 2022, 16:15	7.5 HIGH	—
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the mit_ssid_index parameter at /goform/AdvSetWrlsafeset.
CVE-2022-45503 ↗	Dec 8, 2022Thursday, 8 December 2022, 16:15	7.5 HIGH	—
Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the linkEn parameter at /goform/setAutoPing.
CVE-2022-44931 ↗	Dec 8, 2022Thursday, 8 December 2022, 16:15	7.5 HIGH	—
Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the security_5g parameter at /goform/WifiBasicSet.
CVE-2022-45497 ↗	Dec 8, 2022Thursday, 8 December 2022, 16:15	9.8 CRITICAL	—
Tenda W6-S v1.0.0.4(510) was discovered to contain a command injection vulnerability in the tpi_get_ping_output function at /goform/exeCommand.
CVE-2022-45498 ↗	Dec 8, 2022Thursday, 8 December 2022, 16:15	7.5 HIGH	—
An issue in the component tpi_systool_handle(0) (/goform/SysToolReboot) of Tenda W6-S v1.0.0.4(510) allows unauthenticated attackers to arbitrarily reboot the device.
CVE-2022-45499 ↗	Dec 8, 2022Thursday, 8 December 2022, 16:15	7.5 HIGH	—
Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /goform/WifiMacFilterGet.
CVE-2022-45501 ↗	Dec 8, 2022Thursday, 8 December 2022, 16:15	7.5 HIGH	—
Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /goform/wifiSSIDset.
CVE-2022-44932 ↗	Dec 8, 2022Thursday, 8 December 2022, 16:15	7.5 HIGH	—
An access control issue in Tenda A18 v15.13.07.09 allows unauthenticated attackers to access the Telnet service.
CVE-2022-45504 ↗	Dec 8, 2022Thursday, 8 December 2022, 16:15	7.5 HIGH	—
An issue in the component tpi_systool_handle(0) (/goform/SysToolRestoreSet) of Tenda W6-S v1.0.0.4(510) allows unauthenticated attackers to arbitrarily reboot the device.
CVE-2022-45505 ↗	Dec 8, 2022Thursday, 8 December 2022, 16:15	7.5 HIGH	—
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the cmdinput parameter at /goform/exeCommand.
CVE-2022-45506 ↗	Dec 8, 2022Thursday, 8 December 2022, 16:15	9.8 CRITICAL	—
Tenda W30E v1.0.1.25(633) was discovered to contain a command injection vulnerability via the fileNameMit parameter at /goform/delFileName.
CVE-2022-45507 ↗	Dec 8, 2022Thursday, 8 December 2022, 16:15	7.5 HIGH	—
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the editNameMit parameter at /goform/editFileName.
CVE-2022-45508 ↗	Dec 8, 2022Thursday, 8 December 2022, 16:15	7.5 HIGH	—
Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the new_account parameter at /goform/editUserName.
CVE-2022-42169 ↗	Oct 17, 2022Monday, 17 October 2022, 14:15	9.8 CRITICAL	—
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/addWifiMacFilter.
CVE-2022-42170 ↗	Oct 17, 2022Monday, 17 October 2022, 14:15	9.8 CRITICAL	—
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formWifiWpsStart.
CVE-2022-42171 ↗	Oct 17, 2022Monday, 17 October 2022, 14:15	9.8 CRITICAL	—
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/saveParentControlInfo.
CVE-2022-42168 ↗	Oct 17, 2022Monday, 17 October 2022, 14:15	9.8 CRITICAL	—
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromSetIpMacBind.
CVE-2022-42166 ↗	Oct 17, 2022Monday, 17 October 2022, 14:15	9.8 CRITICAL	—
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetSpeedWan.
CVE-2022-42167 ↗	Oct 17, 2022Monday, 17 October 2022, 14:15	9.8 CRITICAL	—
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetFirewallCfg.
CVE-2022-42163 ↗	Oct 17, 2022Monday, 17 October 2022, 13:15	9.8 CRITICAL	—
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromNatStaticSetting.
CVE-2022-42165 ↗	Oct 17, 2022Monday, 17 October 2022, 13:15	9.8 CRITICAL	—
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetDeviceName.
CVE-2022-42164 ↗	Oct 17, 2022Monday, 17 October 2022, 13:15	9.8 CRITICAL	—
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetClientState.
CVE-2022-36619 ↗	Aug 31, 2022Wednesday, 31 August 2022, 23:15	7.5 HIGH	—
In D-link DIR-816 A2_v1.10CNB04.img,the network can be reset without authentication via /goform/setMAC.
CVE-2022-37130 ↗	Aug 31, 2022Wednesday, 31 August 2022, 23:15	9.8 CRITICAL	—
In D-Link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img a command injection vulnerability occurs in /goform/Diagnosis, after the condition is met, setnum will be spliced into v10 by snprintf, and the system will be executed, resulting in a command injection vulnerability
CVE-2022-37129 ↗	Aug 31, 2022Wednesday, 31 August 2022, 23:15	8.8 HIGH	—
D-Link DIR-816 A2_v1.10CNB04.img is vulnerable to Command Injection via /goform/SystemCommand. After the user passes in the command parameter, it will be spliced into byte_4836B0 by snprintf, and finally doSystem(&byte_4836B0); will be executed, resulting in a command injection.
CVE-2022-37123 ↗	Aug 31, 2022Wednesday, 31 August 2022, 23:15	8.8 HIGH	—
D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/form2userconfig.cgi.
CVE-2022-37125 ↗	Aug 31, 2022Wednesday, 31 August 2022, 22:15	9.8 CRITICAL	—
D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/NTPSyncWithHost.
CVE-2022-36620 ↗	Aug 31, 2022Wednesday, 31 August 2022, 21:15	7.5 HIGH	—
D-link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img is vulnerable to Buffer Overflow via /goform/addRouting.
CVE-2022-37128 ↗	Aug 31, 2022Wednesday, 31 August 2022, 19:15	9.8 CRITICAL	—
In D-Link DIR-816 A2_v1.10CNB04.img the network can be initialized without authentication via /goform/wizard_end.
CVE-2022-37134 ↗	Aug 22, 2022Monday, 22 August 2022, 15:15	9.8 CRITICAL	—
D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Buffer Overflow via /goform/form2Wan.cgi. When wantype is 3, l2tp_usrname will be decrypted by base64, and the result will be stored in v94, which does not check the size of l2tp_usrname, resulting in stack overflow.
CVE-2022-37133 ↗	Aug 22, 2022Monday, 22 August 2022, 15:15	7.5 HIGH	—
D-link DIR-816 A2_v1.10CNB04.img reboots the router without authentication via /goform/doReboot. No authentication is required, and reboot is executed when the function returns at the end.