The-Itach1

5 exploits Active since Aug 2022
CVE-2022-37292 WRITEUP MEDIUM WORKING POC
Tenda AX12 V22.03.01.21_CN - Buffer Overflow in SetIpMacBind Request Handler
Tenda AX12 V22.03.01.21_CN is vulnerable to Buffer Overflow. This overflow is triggered in the sub_42FDE4 function, which satisfies the request of the upper-level interface function sub_430124, that is, handles the post request under /goform/SetIpMacBind.
CVSS 5.5
CVE-2022-45043 WRITEUP HIGH WORKING POC
Tenda AX12 V22.03.01.16_cn - OS Command Injection via fast_setting_internet_set
Tenda AX12 V22.03.01.16_cn is vulnerable to command injection via goform/fast_setting_internet_set.
CVSS 8.8
CVE-2022-45977 WRITEUP HIGH WORKING POC
Tenda AX12 V22.03.01.21_CN - OS Command Injection via setMacFilterCfg Function
Tenda AX12 V22.03.01.21_CN was found to have a command injection vulnerability via /goform/setMacFilterCfg function.
CVSS 8.8
CVE-2022-45979 WRITEUP HIGH WORKING POC
Tenda AX12 v22.03.01.21_CN - Stack Overflow via SSID Parameter
Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the ssid parameter at /goform/fast_setting_wifi_set .
CVSS 7.5
CVE-2022-45980 WRITEUP HIGH WORKING POC
Tenda AX12 V22.03.01.21_CN - Cross-Site Request Forgery via SysToolRestoreSet
Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via /goform/SysToolRestoreSet .
CVSS 8.8