Lyc-heng - Security Researcher - Exploit Intelligence Platform

CVE-2020-22079 WRITEUP CRITICAL WRITEUP

Tendacn Ac10u Firmware - Out-of-Bounds Write

Stack-based buffer overflow in Tenda AC-10U AC1200 Router US_AC10UV1.0RTL_V15.03.06.48_multi_TDE01 allows remote attackers to execute arbitrary code via the timeZone parameter to goform/SetSysTimeCfg.

CVSS 9.8

View Code

CVE-2021-31624 WRITEUP HIGH WRITEUP

Tenda AC9 Firmware < 15.03.06.42_multi - Buffer Overflow via URLs Parameter

Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the urls parameter.

CVSS 8.8

View Code

CVE-2021-31627 WRITEUP HIGH WRITEUP

Tenda AC9 Firmware < 15.03.06.42_multi - Buffer Overflow via Index Parameter

Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the index parameter.

CVSS 8.8

View Code

CVE-2021-42659 WRITEUP MEDIUM WRITEUP

Tenda AC9 Firmware - Buffer Overflow via Virtual Service List Parameter

There is a buffer overflow vulnerability in the Web server httpd of the router in Tenda router devices such as Tenda AC9 V1.0 V15.03.02.19(6318) and Tenda AC9 V3.0 V15.03.06.42_multi. When setting the virtual service, the httpd program will crash and exit when the super-long list parameter occurs.

CVSS 6.5

View Code