Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
tenda

w30e_firmware

3 Versions 10 CVEs

Versions

1.0.1.25\(633\)

OTHER 8 CVEs

16.01.0.8

OTHER 1 CVE

v1.0.1.25\(633\)

OTHER 1 CVE

Recent CVEs

CVE-2024-52789

Tenda W30E v2.0 V16.01.0.8 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root.

HIGH Nov 19, 2024

CVE-2024-32293

Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in the fromDhcpListClient function.

HIGH Apr 17, 2024

CVE-2024-32292

Tenda W30E v1.0 V1.0.1.25(633) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter.

HIGH Apr 17, 2024

CVE-2024-32286

Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability located via the page parameter in the fromVirtualSer function.

CRITICAL Apr 17, 2024

CVE-2024-32290

Tenda W30E v1.0 v1.0.1.25(633) firmware has a stack overflow vulnerability via the page parameter in the fromAddressNat function.

MEDIUM Apr 17, 2024

CVE-2024-32285

Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the password parameter in the formaddUserName function.

HIGH Apr 17, 2024

CVE-2024-32291

Tenda W30E v1.0 firmware v1.0.1.25(633) has a stack overflow vulnerability via the page parameter in the fromNatlimit function.

HIGH Apr 17, 2024

CVE-2024-32287

Tenda W30E v1.0 V1.0.1.25(633) firmware has a stack overflow vulnerability via the qos parameter in the fromqossetting function.

MEDIUM Apr 17, 2024

CVE-2024-3882

A vulnerability was found in Tenda W30E 1.0.1.25(633). It has been classified as critical. Affected is the function fromRouteStatic of the file /goform/fromRouteStatic. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260916. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

HIGH Apr 16, 2024

CVE-2024-3879

A vulnerability, which was classified as critical, was found in Tenda W30E 1.0.1.25(633). This affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260913 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

HIGH Apr 16, 2024