Security
Headlines
HeadlinesLatestCVEs

Tag

#git

CVE-2023-38929: IoT-Vulns/tenda/VirtualSer/README.md at main · FirmRec/IoT-Vulns

Tenda 4G300 v1.01.42 was discovered to contain a stack overflow via the page parameter at /VirtualSer.

CVE
Open in Source
#vulnerability#git
CVE-2023-38935: IoT-Vulns/tenda/formSetQosBand/README.md at main · FirmRec/IoT-Vulns

Tenda AC1206 V15.03.06.23, AC8 V4 V16.03.34.06, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and AC9 V3.0 V15.03.06.42_multi were discovered to contain a tack overflow via the list parameter in the formSetQosBand function.

CVE-2023-38933: IoT-Vulns/tenda/formSetClientState/README.md at main · FirmRec/IoT-Vulns

Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6 and AC9 V3.0 V15.03.06.42_multi, and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function.

CVE-2023-38936: IoT-Vulns/tenda/formSetSpeedWan/README.md at main · FirmRec/IoT-Vulns

Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6, AC9 V3.0 V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function.

CVE-2023-38937: IoT-Vulns/tenda/formSetVirtualSer/README.md at main · FirmRec/IoT-Vulns

Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, AC9 V3.0 V15.03.06.42_multi and AC10 v4.0 V16.03.10.13 were discovered to contain a stack overflow via the list parameter in the formSetVirtualSer function.

CVE-2023-4200: Inventory-Management-System/SQL Injection in product_data.php/vuln.md at main · Yesec/Inventory-Management-System

A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file product_data.php.. The manipulation of the argument columns[1][data] leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-236290 is the identifier assigned to this vulnerability.

CVE-2023-38939: IoT-Vulns/tenda/formWrlsafeset at main · FirmRec/IoT-Vulns

Tenda F1202 V1.2.0.9 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the mit_ssid parameter in the formWrlsafeset function.

CVE-2023-38934: IoT-Vulns/tenda/formSetDeviceName/README.md at main · FirmRec/IoT-Vulns

Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) was discovered to contain a stack overflow via the deviceId parameter in the formSetDeviceName function.

CVE-2023-38938: IoT-Vulns/tenda/frmL7ImForm at main · FirmRec/IoT-Vulns

Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the page parameter at /L7Im.

CVE-2023-38940: IoT-Vulns/tenda/form_fast_setting_wifi_set at main · FirmRec/IoT-Vulns

Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.