Anza2001 - Security Researcher - Exploit Intelligence Platform

CVE-2023-47455 WRITEUP CRITICAL WRITEUP

Tenda AX1806 V1.0.0.1 - Heap Overflow in setSchedWifi via schedStartTime and schedEndTime Parameters

Tenda AX1806 V1.0.0.1 contains a heap overflow vulnerability in setSchedWifi function, in which the src and v12 are directly obtained from http request parameter schedStartTime and schedEndTime without checking their size.

CVSS 9.1

View Code

CVE-2023-47456 WRITEUP CRITICAL WRITEUP

Tenda AX1806 V1.0.0.1 - Stack Overflow in fromSetWirelessRepeat Function

Tenda AX1806 V1.0.0.1 contains a stack overflow vulnerability in function sub_455D4, called by function fromSetWirelessRepeat.

CVSS 9.1

View Code

CVE-2023-49040 WRITEUP CRITICAL WRITEUP

Tenda AX1803 1.0.0.1 adslPwd - Remote Command Execution

An issue in Tneda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the adslPwd parameter in the form_fast_setting_internet_set function.

CVSS 9.8

View Code

CVE-2023-49042 WRITEUP CRITICAL WRITEUP

Tenda AX1803 1.0.0.1 - Remote Code Execution via setSchedWifi Parameter Overflow

Heap Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the schedStartTime parameter or the schedEndTime parameter in the function setSchedWifi.

CVSS 9.8

View Code

CVE-2023-49043 WRITEUP CRITICAL WRITEUP

Tenda AX1803 <1.0.0.1 - Buffer Overflow

Buffer Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the wpapsk_crypto parameter in the function fromSetWirelessRepeat.

CVSS 9.8

View Code

CVE-2023-49044 WRITEUP CRITICAL WRITEUP

Tenda AX1803 1.0.0.1 - Remote Code Execution via SSID Parameter in form_fast_setting_wifi_set

Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the ssid parameter in the function form_fast_setting_wifi_set.

CVSS 9.8

View Code

CVE-2023-49046 WRITEUP CRITICAL WRITEUP

Tenda AX1803 1.0.0.1 - Remote Code Execution via devName Parameter in formAddMacfilterRule

Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the devName parameter in the function formAddMacfilterRule.

CVSS 9.8

View Code