Tenda W15e Firmware

Tenda W15E 15.11.0.14 remote bufovf via manualTime in SetSysTimeCfg
CVE-2024-4126 8.8 - High - April 24, 2024

A vulnerability was found in Tenda W15E 15.11.0.14 and classified as critical. This issue affects the function formSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument manualTime leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261869 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Stack Buffer Overflow in Tenda W15E 15.11.0.14 guestWifiRuleRefresh (Remote)
CVE-2024-4127 8.8 - High - April 24, 2024

A vulnerability was found in Tenda W15E 15.11.0.14. It has been classified as critical. Affected is the function guestWifiRuleRefresh. The manipulation of the argument qosGuestDownstream leads to stack-based buffer overflow. It is possible to launch the attack remotely. VDB-261870 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Tenda W15E 15.11.0.14 critical buf overflow in formSetStaticRoute
CVE-2024-4125 8.8 - High - April 24, 2024

A vulnerability has been found in Tenda W15E 15.11.0.14 and classified as critical. This vulnerability affects the function formSetStaticRoute of the file /goform/setStaticRoute. The manipulation of the argument staticRouteIndex leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261868. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Tenda W15E 15.11.0.14 RemoteWebManage RemoteIP buf overflow critical
CVE-2024-4124 8.8 - High - April 24, 2024

A vulnerability, which was classified as critical, was found in Tenda W15E 15.11.0.14. This affects the function formSetRemoteWebManage of the file /goform/SetRemoteWebManage. The manipulation of the argument remoteIP leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261867. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Tenda W15E 15.11.0.14 CVE20244123: Remote Stack Overflw via SetPortMapping
CVE-2024-4123 8.8 - High - April 24, 2024

A vulnerability, which was classified as critical, has been found in Tenda W15E 15.11.0.14. Affected by this issue is the function formSetPortMapping of the file /goform/SetPortMapping. The manipulation of the argument portMappingServer/portMappingProtocol/portMappingWan/porMappingtInternal/portMappingExternal leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-261866 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Stack Buffer Overflow in Tenda W15E 15.11.0.14 formSetDebugCfg
CVE-2024-4122 8.8 - High - April 24, 2024

A vulnerability classified as critical was found in Tenda W15E 15.11.0.14. Affected by this vulnerability is the function formSetDebugCfg of the file /goform/setDebugCfg. The manipulation of the argument enable/level/module leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261865 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Tenda W15E 15.11.0.14: formQOSRuleDel stack overflow remote
CVE-2024-4121 8.8 - High - April 24, 2024

A vulnerability classified as critical has been found in Tenda W15E 15.11.0.14. Affected is the function formQOSRuleDel. The manipulation of the argument qosIndex leads to stack-based buffer overflow. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-261864. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Tenda W15E 15.11.0.14 RCE via stack overflow in formIPMacBindModify
CVE-2024-4120 8.8 - High - April 24, 2024

A vulnerability was found in Tenda W15E 15.11.0.14. It has been rated as critical. This issue affects the function formIPMacBindModify of the file /goform/modifyIpMacBind. The manipulation of the argument IPMacBindRuleId/IPMacBindRuleIp/IPMacBindRuleMac/IPMacBindRuleRemark leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261863. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Tenda W15E 15.11.0.14: Critical formIPMacBindDel Buffer Overflow
CVE-2024-4119 8.8 - High - April 24, 2024

A vulnerability was found in Tenda W15E 15.11.0.14. It has been declared as critical. This vulnerability affects the function formIPMacBindDel of the file /goform/delIpMacBind. The manipulation of the argument IPMacBindIndex leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-261862 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Critical SB-Overflow in Tenda W15E 15.11.0.14 formIPMacBindAdd
CVE-2024-4118 8.8 - High - April 24, 2024

A vulnerability was found in Tenda W15E 15.11.0.14. It has been classified as critical. This affects the function formIPMacBindAdd of the file /goform/addIpMacBind. The manipulation of the argument IPMacBindRule leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261861 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Tenda W15E 15.11.0.14 Remote Buffer Overflow via formDelPortMapping
CVE-2024-4117 8.8 - High - April 24, 2024

A vulnerability was found in Tenda W15E 15.11.0.14 and classified as critical. Affected by this issue is the function formDelPortMapping of the file /goform/DelPortMapping. The manipulation of the argument portMappingIndex leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261860. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Tenda W15E 15.11.0.14 Stack Buffer Overflow in formDelDhcpRule
CVE-2024-4116 8.8 - High - April 24, 2024

A vulnerability has been found in Tenda W15E 15.11.0.14 and classified as critical. Affected by this vulnerability is the function formDelDhcpRule of the file /goform/DelDhcpRule. The manipulation of the argument delDhcpIndex leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261859. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Tenda W15E 15.11.0.14: critical stackbuffer overflow in formAddDnsForward (DnsForwardRule)
CVE-2024-4115 8.8 - High - April 24, 2024

A vulnerability, which was classified as critical, was found in Tenda W15E 15.11.0.14. Affected is the function formAddDnsForward of the file /goform/AddDnsForward. The manipulation of the argument DnsForwardRule leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-261858 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Memory Corruption

Tenda V15 buffer overflow via formDelDnsForward (pre V15.11.0.14)
CVE-2023-27064 7.5 - High - March 13, 2023

Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the index parameter in the formDelDnsForward function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

Classic Buffer Overflow

Buffer Overflow in Tenda V15 wifiFilterListRemark causing DoS (V15.11.0.14)
CVE-2023-27061 9.8 - Critical - March 13, 2023

Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the wifiFilterListRemark parameter in the modifyWifiFilterRules function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

Classic Buffer Overflow

Tenda V15 buffer overflow via gotoUrl in formPortalAuth (DoS)
CVE-2023-27062 7.5 - High - March 13, 2023

Tenda V15V1.0 was discovered to contain a buffer overflow vulnerability via the gotoUrl parameter in the formPortalAuth function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

Classic Buffer Overflow

Tenda V15 Router DoS via DNSDomainName Buffer Overflow Fixed 15.11.0.14
CVE-2023-27063 9.8 - Critical - March 13, 2023

Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the DNSDomainName parameter in the formModifyDnsForward function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

Classic Buffer Overflow

Tenda V15 DoS via Buffer Overflow (picName) before 15.11.0.14
CVE-2023-27065 7.5 - High - March 13, 2023

Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the picName parameter in the formDelWewifiPi function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

Classic Buffer Overflow

Tenda AC1200 W15Ev2 DoS via stack overflow in setRWM V15.11.0.10
CVE-2022-42058 9.8 - Critical - November 15, 2022

Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setRemoteWebManage function. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.

Memory Corruption

Command Injection in Tenda AC1200 Router W15Ev2 <15.11.0.10 via PortMappingServer
CVE-2022-42053 7.8 - High - November 15, 2022

Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a command injection vulnerability via the PortMappingServer parameter in the setPortMapping function.

Shell injection

Command Injection in Tenda AC1200 Router setIPsecTunnelList (V15.11.0.10)
CVE-2022-41396 7.8 - High - November 15, 2022

Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain multiple command injection vulnerabilities in the function setIPsecTunnelList via the IPsecLocalNet and IPsecRemoteNet parameters.

Shell injection

Command Injection in Tenda AC1200 W15Ev2 setDMZ (V15.11.0.10)
CVE-2022-41395 7.8 - High - November 15, 2022

Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a command injection vulnerability via the dmzHost parameter in the setDMZ function.

Shell injection

Tenda AC1200 W15Ev2 V15.11.0.10 Stored XSS via hostname
CVE-2022-40846 4.8 - Medium - November 15, 2022

In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), a Stored Cross Site Scripting (XSS) vulnerability exists allowing an attacker to execute JavaScript code via the applications stored hostname.

XSS

Tenda AC1200 Router V15.11.0.10 DoS via stack overflow in setWanPpoe
CVE-2022-42060 7.5 - High - November 15, 2022

Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setWanPpoe function. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.

Memory Corruption

Tenda AC1200 Router V15.11.0.10 XSS via URL Filter
CVE-2022-40844 5.4 - Medium - November 15, 2022

In Tenda (Shenzhen Tenda Technology Co., Ltd) AC1200 Router model W15Ev2 V15.11.0.10(1576), a Stored Cross Site Scripting (XSS) issue exists allowing an attacker to execute JavaScript code via the applications website filtering tab, specifically the URL body.

XSS

Tenda AC1200 W15Ev2 V15.11.0.10 Command Injection via formSetFixTools
CVE-2022-40847 7.8 - High - November 15, 2022

In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), there exists a command injection vulnerability in the function formSetFixTools. This vulnerability allows attackers to run arbitrary commands on the server via the hostname parameter.

Shell injection

Password Exposure in Tenda AC1200 Router v15.11.0.10 (W15Ev2)
CVE-2022-40845 6.5 - Medium - November 15, 2022

The Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576) is affected by a password exposure vulnerability. When combined with the improper authorization/improper session management vulnerability, an attacker with access to the router may be able to expose sensitive information which they're not explicitly authorized to have.

forced browsing

Tenda AC1200 V-W15Ev2 V15.11.0.10 Improper Auth Session Bypass Syslog Exposure
CVE-2022-40843 4.9 - Medium - November 15, 2022

The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to improper authorization / improper session management that allows the router login page to be bypassed. This leads to authenticated attackers having the ability to read the routers syslog.log file which contains the MD5 password of the Administrator's user account.