Anza2001

7 exploits Active since Nov 2023
CVE-2023-47455 WRITEUP CRITICAL WRITEUP
Tenda Ax1806 Firmware - Out-of-Bounds Write
Tenda AX1806 V1.0.0.1 contains a heap overflow vulnerability in setSchedWifi function, in which the src and v12 are directly obtained from http request parameter schedStartTime and schedEndTime without checking their size.
CVSS 9.1
CVE-2023-47456 WRITEUP CRITICAL WRITEUP
Tenda Ax1806 Firmware - Out-of-Bounds Write
Tenda AX1806 V1.0.0.1 contains a stack overflow vulnerability in function sub_455D4, called by function fromSetWirelessRepeat.
CVSS 9.1
CVE-2023-49040 WRITEUP CRITICAL WRITEUP
Tneda AX1803 <1.0.0.1 - RCE
An issue in Tneda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the adslPwd parameter in the form_fast_setting_internet_set function.
CVSS 9.8
CVE-2023-49042 WRITEUP CRITICAL WRITEUP
Tenda AX1803 <1.0.0.1 - RCE
Heap Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the schedStartTime parameter or the schedEndTime parameter in the function setSchedWifi.
CVSS 9.8
CVE-2023-49043 WRITEUP CRITICAL WRITEUP
Tenda AX1803 <1.0.0.1 - Buffer Overflow
Buffer Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the wpapsk_crypto parameter in the function fromSetWirelessRepeat.
CVSS 9.8
CVE-2023-49044 WRITEUP CRITICAL WRITEUP
Tenda AX1803 <1.0.0.1 - RCE
Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the ssid parameter in the function form_fast_setting_wifi_set.
CVSS 9.8
CVE-2023-49046 WRITEUP CRITICAL WRITEUP
Tenda AX1803 <1.0.0.1 - RCE
Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the devName parameter in the function formAddMacfilterRule.
CVSS 9.8