The-Itach1

5 exploits Active since Aug 2022
CVE-2022-37292 WRITEUP MEDIUM WORKING POC
Tenda Ax12 Firmware - Out-of-Bounds Write
Tenda AX12 V22.03.01.21_CN is vulnerable to Buffer Overflow. This overflow is triggered in the sub_42FDE4 function, which satisfies the request of the upper-level interface function sub_430124, that is, handles the post request under /goform/SetIpMacBind.
CVSS 5.5
CVE-2022-45043 WRITEUP HIGH WORKING POC
Tenda Ax12 Firmware - OS Command Injection
Tenda AX12 V22.03.01.16_cn is vulnerable to command injection via goform/fast_setting_internet_set.
CVSS 8.8
CVE-2022-45977 WRITEUP HIGH WORKING POC
Tenda Ax12 Firmware - OS Command Injection
Tenda AX12 V22.03.01.21_CN was found to have a command injection vulnerability via /goform/setMacFilterCfg function.
CVSS 8.8
CVE-2022-45979 WRITEUP HIGH WORKING POC
Tenda Ax12 Firmware - Out-of-Bounds Write
Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the ssid parameter at /goform/fast_setting_wifi_set .
CVSS 7.5
CVE-2022-45980 WRITEUP HIGH WORKING POC
Tenda Ax12 Firmware - CSRF
Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via /goform/SysToolRestoreSet .
CVSS 8.8