Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ac6_firmware
(Tenda)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 64 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-05-27 | CVE-2023-2923 | A vulnerability classified as critical was found in Tenda AC6 US_AC6V1.0BR_V15.03.05.19. Affected by this vulnerability is the function fromDhcpListClient. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230077 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | Ac6_firmware | 9.8 | ||
| 2023-06-26 | CVE-2022-40010 | Tenda AC6 AC1200 Smart Dual-Band WiFi Router 15.03.06.50_multi was discovered to contain a cross-site scripting (XSS) vulnerability via the deviceId parameter in the Parental Control module. | Ac6_firmware | 5.4 | ||
| 2023-08-07 | CVE-2023-38931 | Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and FH1203 V2.0.1.6 were discovered to contain a stack overflow via the list parameter in the setaccount function. | Ac10_firmware, Ac1206_firmware, Ac5_firmware, Ac6_firmware, Ac7_firmware, Ac8_firmware, F1203_firmware, Fh1203_firmware | 9.8 | ||
| 2023-08-07 | CVE-2023-38933 | Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6 and AC9 V3.0 V15.03.06.42_multi, and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function. | Ac10_firmware, Ac1206_firmware, Ac5_firmware, Ac6_firmware, Ac7_firmware, Ac9_firmware, F1203_firmware, Fh1203_firmware, Fh1205_firmware | 9.8 | ||
| 2023-08-07 | CVE-2023-38936 | Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6, AC9 V3.0 V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function. | Ac10_firmware, Ac1206_firmware, Ac5_firmware, Ac6_firmware, Ac7_firmware, Ac9_firmware, F1203_firmware, Fh1203_firmware, Fh1205_firmware | 9.8 | ||
| 2023-08-07 | CVE-2023-38937 | Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, AC9 V3.0 V15.03.06.42_multi and AC10 v4.0 V16.03.10.13 were discovered to contain a stack overflow via the list parameter in the formSetVirtualSer function. | Ac10_firmware, Ac1206_firmware, Ac5_firmware, Ac6_firmware, Ac7_firmware, Ac8_firmware, Ac9_firmware | 9.8 | ||
| 2023-08-18 | CVE-2023-39670 | Tenda AC6 _US_AC6V1.0BR_V15.03.05.16 was discovered to contain a buffer overflow via the function fgets. | Ac6_firmware | 9.8 | ||
| 2023-08-28 | CVE-2023-40846 | Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function sub_90998. | Ac6_firmware | 9.8 | ||
| 2023-08-30 | CVE-2023-40837 | Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_ADD50' contains a command execution vulnerability. In the "formSetIptv" function, obtaining the "list" and "vlanId" fields, unfiltered passing these two fields as parameters to the "sub_ADD50" function to execute commands. | Ac6_firmware | 9.8 | ||
| 2023-08-30 | CVE-2023-40838 | Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_3A1D0' contains a command execution vulnerability. | Ac6_firmware | 9.8 |