This issue can be exploited through maliciously crafted URL that can cause a Stack overflow on the web-server.
Another type of vulnerability that this software can be exploited is Bypass of Authentication.
Tenda AC10 V15.03.06.23 has a Remote Code Execution vulnerability via /goform/formAccount.
Tenda AC10 V15.03.06.23 has a SQL Injection vulnerability via /goform/formAccount.
Tenda AC10 V15.03.06.23 has a Local File Inclusion vulnerability via /goform/formAccount.
Tenda AC10 V15.03.06.23 has a Buffer Overflow vulnerability via /goform/formAccount.
Tenda AC10 V15.03.06.23 has a Code Injection vulnerability via /goform/formAccount.
Tenda AC10 V15.03.06.23 has a Cross-Site Request Forgery (CSRF) vulnerability via /goform/formAccount.
Tenda AC10 V15.03.06.23 has a XSS vulnerability via /goform/formAccount.
Tenda AC10 V15.03.06.23 has a Stored XSS vulnerability via /goform/formAccount.
Tenda AC10 V15.03.06.23 has a Polyglot Injection vulnerability via /goform/form
The Tenda AC10 V15.03.06.23 has a Remote Code Execution vulnerability
The vulnerability can be exploited by maliciously crafted URL that causes a stack overflow on the web-server. The attacker may use this vulnerability to take control of the affected system with high privileges and execute arbitrary code as the root user, which could result in a complete compromise of the affected system.
Tenda AC10 V15.03.06.23 Software Qualification Criteria
- The application must be running in the server environment
- The input passed to the application must not contain any malicious code
- The software must use an appropriate security mechanism
Tenda AC4 V15.03.06.23
- Remote Code Execution
This issue can be exploited through maliciously crafted URL that can cause a Stack overflow on the web-server.
Another type of vulnerability that this software can be exploited is Bypass of Authentication.
Tenda AC4 V15.03.06.23 has a Remote Code Execution vulnerability via /goform/formAccount.
Tenda AC4 V15.03.06.23 has a SQL Injection vulnerability via /goform/formAccount.
Tenda AC4 V15.03.06.23 has a Local File Inclusion vulnerability via /goform/formAccount.
Tenda AC4 V15.03.06.23 has a Buffer Overflow vulnerability via /goform/formAccount
Tenda AC4 V15.03.06.23 has a Code Injection vulnerability via /goform/formAccount
Tenda AC4 V15.03.06.23 has a Cross-Site Request Forgery (CSRF) vulnerability via /goform/formAccount
Tenda AC4 V15.03.06.23 has a XSS vulnerability via /goform/formAccount
Tenda AC4 V15
Tenda AC10 V15.03.06.24 Software Information
The vulnerability in these software poses a threat to the public.
The vulnerability is by design, or an error made during development.
Tenda AC10 V15.03.06.23 has a Remote Code Execution vulnerability via /goform/formAccount.
Tenda AC10 V15.03.06.23 has a SQL Injection vulnerability via /goform/formAccount.
Timeline
Published on: 10/17/2022 14:15:00 UTC
Last modified on: 10/19/2022 15:06:00 UTC