Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ax1803_firmware
(Tenda)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 51 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-10-27 | CVE-2022-40874 | Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow vulnerability in the GetParentControlInfo function, which can cause a denial of service attack through a carefully constructed http request. | Ax1803_firmware | 7.5 | ||
| 2022-10-27 | CVE-2022-40875 | Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow in the function GetParentControlInfo. | Ax1803_firmware | 7.5 | ||
| 2022-10-27 | CVE-2022-40876 | In Tenda ax1803 v1.0.0.1, the http requests handled by the fromAdvSetMacMtuWan functions, wanSpeed, cloneType, mac, can cause a stack overflow and enable remote code execution (RCE). | Ax1803_firmware | 9.8 | ||
| 2024-04-02 | CVE-2024-30620 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the serviceName parameter in the function fromAdvSetMacMtuWan. | Ax1803_firmware | 9.8 | ||
| 2024-04-26 | CVE-2024-4236 | A vulnerability, which was classified as critical, has been found in Tenda AX1803 1.0.0.1. This issue affects the function formSetSysToolDDNS of the file /goform/SetDDNSCfg. The manipulation of the argument serverName/ddnsUser/ddnsPwd/ddnsDomain leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-262127. NOTE: The vendor was contacted early about this... | Ax1803_firmware | 8.8 | ||
| 2022-05-02 | CVE-2022-28572 | Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability in `SetIPv6Status` function | Ax1803_firmware, Ax1806_firmware | 8.8 | ||
| 2022-05-11 | CVE-2022-30040 | Tenda AX1803 v1.0.0.1_2890 is vulnerable to Buffer Overflow. The vulnerability lies in rootfs_ In / goform / setsystimecfg of / bin / tdhttpd in ubif file system, attackers can access http://ip/goform/SetSysTimeCfg, and by setting the ntpserve parameter, the stack buffer overflow can be caused to achieve the effect of router denial of service. | Ax1803_firmware | 7.5 | ||
| 2022-07-06 | CVE-2022-34595 | Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function setipv6status. | Ax1803_firmware | 9.8 | ||
| 2022-07-06 | CVE-2022-34596 | Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function WanParameterSetting. | Ax1803_firmware | 9.8 | ||
| 2022-08-25 | CVE-2022-37817 | Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the function fromSetIpMacBind. | Ax1803_firmware | 7.8 |