Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ax1803_firmware
(Tenda)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 50 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-11-27 | CVE-2023-49046 | Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the devName parameter in the function formAddMacfilterRule. | Ax1803_firmware | 9.8 | ||
| 2023-11-27 | CVE-2023-49044 | Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the ssid parameter in the function form_fast_setting_wifi_set. | Ax1803_firmware | 9.8 | ||
| 2023-11-20 | CVE-2023-48109 | Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow via the deviceId parameter in the function saveParentControlInfo . This vulnerability allows attackers to cause a Denial of Service (DoS) attack | Ax1803_firmware | 7.5 | ||
| 2022-05-02 | CVE-2022-28572 | Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability in `SetIPv6Status` function | Ax1803_firmware, Ax1806_firmware | 8.8 | ||
| 2022-07-06 | CVE-2022-34595 | Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function setipv6status. | Ax1803_firmware | 9.8 | ||
| 2022-07-06 | CVE-2022-34596 | Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function WanParameterSetting. | Ax1803_firmware | 9.8 | ||
| 2022-10-27 | CVE-2022-40876 | In Tenda ax1803 v1.0.0.1, the http requests handled by the fromAdvSetMacMtuWan functions, wanSpeed, cloneType, mac, can cause a stack overflow and enable remote code execution (RCE). | Ax1803_firmware | 9.8 | ||
| 2022-10-27 | CVE-2022-40874 | Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow vulnerability in the GetParentControlInfo function, which can cause a denial of service attack through a carefully constructed http request. | Ax1803_firmware | 7.5 | ||
| 2022-10-27 | CVE-2022-40875 | Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow in the function GetParentControlInfo. | Ax1803_firmware | 7.5 | ||
| 2022-10-12 | CVE-2022-42086 | Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function TendaAteMode. | Ax1803_firmware | 6.5 |