Note:
This project will be discontinued after December 13, 2021. [more]
Product:
W20e_firmware
(Tenda)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 10 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-04-16 | CVE-2024-3874 | A vulnerability was found in Tenda W20E 15.11.0.6. It has been declared as critical. This vulnerability affects the function formSetRemoteWebManage of the file /goform/SetRemoteWebManage. The manipulation of the argument remoteIP leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260908. NOTE: The vendor was contacted early about this disclosure but did not... | W20e_firmware | 8.8 | ||
| 2023-03-19 | CVE-2023-26805 | Tenda W20E v15.11.0.6 (US_W20EV4.0br_v15.11.0.6(1068_1546_841)_CN_TDC) is vulnerable to Buffer Overflow via function formIPMacBindModify. | W20e_firmware | 9.8 | ||
| 2023-03-19 | CVE-2023-26806 | Tenda W20E v15.11.0.6(US_W20EV4.0br_v15.11.0.6(1068_1546_841 is vulnerable to Buffer Overflow via function formSetSysTime, | W20e_firmware | 9.8 | ||
| 2022-09-23 | CVE-2022-40855 | Tenda W20E router V15.11.0.6 contains a stack overflow in the function formSetPortMapping with post request 'goform/setPortMapping/'. This vulnerability allows attackers to cause a Denial of Service (DoS) or Remote Code Execution (RCE) via the portMappingServer, portMappingProtocol, portMappingWan, porMappingtInternal, and portMappingExternal parameters. | W20e_firmware | 9.8 | ||
| 2022-09-23 | CVE-2022-40866 | Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formSetDebugCfg with request /goform/setDebugCfg/ | W20e_firmware | 9.8 | ||
| 2022-09-23 | CVE-2022-40867 | Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formIPMacBindDel with the request /goform/delIpMacBind/ | W20e_firmware | 9.8 | ||
| 2022-09-23 | CVE-2022-40868 | Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formDelDhcpRule with the request /goform/delDhcpRules/ | W20e_firmware | 9.8 | ||
| 2022-12-12 | CVE-2022-45997 | Tenda W20E V16.01.0.6(3392) is vulnerable to Buffer Overflow. | W20e_firmware | 7.2 | ||
| 2022-12-12 | CVE-2022-45996 | Tenda W20E V16.01.0.6(3392) is vulnerable to Command injection via cmd_get_ping_output. | W20e_firmware | 7.2 | ||
| 2023-02-02 | CVE-2022-48130 | Tenda W20E v15.11.0.6 was discovered to contain multiple stack overflows in the function formSetStaticRoute via the parameters staticRouteNet, staticRouteMask, staticRouteGateway, staticRouteWAN. | W20e_firmware | 9.8 |