CVE-2022-42165 Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetDeviceName.

Tenda AC10 V15.03.06.23 has a XSS vulnerability via /goform/formSetDeviceName.

Tenda AC6 V15.03.06.23 has a XSS vulnerability via /goform/formSetDeviceName .

Tenda AC6 V15.03.06.23 has a XSS vulnerability via /goform/formSetDeviceName.

Low severity vulnerability - Denial of Service

(DoS) risk
The vulnerability is remote code execution and occurs when a user inputs a valid POST request in the form of a GET request. The vulnerability can be exploited for denial of service (DoS).

Tenda AC15 V15.03.06.23 has a XSS vulnerability via /goform/formSetDeviceName

This vulnerability is located in Tenda AC15 V15.03.06.23 and affects the following ids: 3, 6, 7, 8, 9, 10.

Timeline

Published on: 10/17/2022 13:15:00 UTC
Last modified on: 10/19/2022 15:07:00 UTC

References

• https://github.com/z1r00/IOT_Vul/blob/main/Tenda/AC10/formSetDeviceName/readme.md
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42165