CVE-2022-42170 Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formWifiWpsStart.
This issue can be exploited through maliciously crafted URL that can cause a Stack overflow on the web-server.
Another type of vulnerability that this software
CVE-2022-42168 Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromSetIpMacBind.
This issue can be exploited by sending specially crafted requests to the affected device. A remote user can hijack the device’s session by sending
CVE-2022-42166 Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetSpeedWan.
Tenda AC10 V15.03.06.23 contains a SQL Injection vulnerability via /goform/formSetSpeedWan.
Tenda AC3200 V15.03.06.23 contains an Improper Access Control
CVE-2022-3150 The WP Custom Cursors plugin through 3.0 doesn't properly sanitise and escape a parameter, which leads to a SQL injection vulnerability that can be exploited by high-privileged users.
or root. This could lead to the deletion of important data or even the installation of a malicious plugin. You can avoid this risk by
CVE-2022-3131 The Search Logger plugin through 0.9 does not properly sanitise and escape a parameter, which leads to a SQL injection. This is a high privilege exploit.
when you pass a parameter that has a non-escaped special character within the parameter to the Search Logger view, the SQL query is not properly
Episode
00:00:00
00:00:00