Akuma-Qaq

**Name of the Vulnerable Software and Affected Versions** Tenda AC15V1.0 versions V15.03.05.18 multi **Description** A buffer overflow issue exists in the `goform/formSetMacFilterCfg` component. The issue is related to the configuration of MAC filters. The affected component processes data without sufficient bounds checking, potentially allowing an attacker to cause a denial-of-service or execute arbitrary code. **Recommendations** Update to a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda W20E version 4.0br V15.11.0.6 **Description** A buffer overflow issue exists in the `getMibPrefix` function of Tenda W20E routers. The issue occurs due to improper size validation when concatenating the value of the `nptr` parameter using `sprintf`. Exploitation may allow a remote attacker to cause a denial-of-service condition. The vulnerability is related to the `goform/formWifiFilterRulesAdd` function. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda W20E version 4.0br V15.11.0.6 **Description** An issue exists in the Tenda W20E router firmware. Attackers can exploit this issue by controlling the `picName` variable. The `picName` value is used in the `sprintf` function without proper size validation, which can lead to a buffer overflow. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda W20E version 4.0br V15.11.0.6 **Description** An issue exists in Tenda W20E version 4.0br V15.11.0.6 that could allow attackers to cause a buffer overflow. This is possible by controlling the value of `nptr`, which is then passed into the `getMibPrefix` function. The `sprintf` function is used to concatenate this value without proper size validation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda W20E version 4.0br V15.11.0.6 **Description** A flaw exists in Tenda W20E version 4.0br V15.11.0.6 related to improper input validation. Specifically, the `pPortMapIndex` variable is not adequately validated before being used in a `strcpy` operation, which can result in a buffer overflow. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda W20E version 4.0br V15.11.0.6 **Description** A buffer overflow issue exists in the Tenda W20E router firmware. Insufficient validation of the sizes of `gstup` and `gstdwn` before they are combined into `gstruleQos` can lead to a buffer overflow. **Recommendations** Update to a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda W20E version 4.0br V15.11.0.6 **Description** A command injection issue exists in the Tenda W20E router firmware. The firmware does not properly validate the `usbPartitionName` variable before using it within the `doSystemCmd` function. This can allow for the execution of arbitrary commands. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the USB partition functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Tenda AC15 versions prior to V15.03.05.18 multi **Description** A flaw exists in the `goform/formSetIptv` function of Tenda AC15 routers due to improper handling of code generation in memory when processing the `s1 1` parameter. Exploitation of this issue could allow a remote attacker to execute arbitrary commands. Specifically, the `s1 1` parameter is passed into the `sub B0488` function and concatenated into the `doSystemCmd` function without validation, potentially leading to command injection. **Recommendations** Update to a version later than V15.03.05.18 multi.

**Name of the Vulnerable Software and Affected Versions** Tenda W20E version 4.0br V15.11.0.6 **Description** A buffer overflow issue exists in the Tenda W20E. The issue occurs due to insufficient size validation when processing overly long `addDhcpRules` data. Specifically, the `addDhcpRule` function uses `sscanf` to process the rules, and the lack of validation for `dhcpsIndex`, `dhcpsIP`, and `dhcpsMac` can lead to buffer overflows. The vulnerable function is `addDhcpRule`. The `sscanf` function is used with the format string " %dt%[^t]t%[^ rt]". **Recommendations** Update to a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda W20E version 4.0br V15.11.0.6 **Description** A buffer overflow issue exists in the `addWewifiWhiteUser` function of Tenda W20E routers. The issue is related to out-of-bounds write access within the `userInfo` parameter. Exploitation could allow a remote attacker to execute arbitrary commands. The `addWewifiWhiteUser` function processes the `userInfo` variable using `sscanf` without proper size validation, leading to the buffer overflow. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the `addWewifiWhiteUser` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Tenda AC15V1.0 versions prior to V15.03.05.18 multi **Description** An issue exists in the `goform/formsetUsbUnload` component of the software. The `v1` variable is not properly validated, which could allow for command injection when used with the `doSystemCmd` function. This could potentially allow an attacker to execute arbitrary commands on the system. **Recommendations** Update to a version later than V15.03.05.18 multi.

**Name of the Vulnerable Software and Affected Versions** Tenda W20E version 4.0br V15.11.0.6 **Description** An issue exists in Tenda W20E firmware where improper input validation can lead to a buffer overflow. Attackers can exploit this by manipulating the `userInfo` variable. Specifically, when the `userInfo` value is passed to the `addAuthUser` function and processed by the `sscanf` function without sufficient size validation, a buffer overflow can occur. **Recommendations** Update to a newer version of Tenda W20E firmware that addresses this vulnerability.