Davybat

Name of the Vulnerable Software and Affected Versions: Tenda i22 version 1.0.0.3(4687) Description: A vulnerability was detected in Tenda i22. Manipulation of the `Type` argument in the `formWeixinAuthInfoGet` function of the `/goform/wxportalauth` file results in a stack-based buffer overflow. The attack can be initiated remotely, and the exploit is publicly available. Recommendations: Tenda i22 version 1.0.0.3(4687): At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Tenda M3 version 1.0.0.12 Description: A flaw has been found in the `formQuickIndex` function of the `/goform/QuickIndex` file. Manipulation of the `PPPOEPassword` argument can lead to a stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used. Recommendations: For Tenda M3 version 1.0.0.12, restrict or disable the use of the `formQuickIndex` function within the `/goform/QuickIndex` file.

Name of the Vulnerable Software and Affected Versions: Tenda M3 version 1.0.0.12 Description: A vulnerability has been identified in the Tenda M3 device. The `formGetMasterPassengerAnalyseData` function within the `/goform/getMasterPassengerAnalyseData` file is susceptible to a stack-based buffer overflow. This occurs through the manipulation of the `Time` argument. The attack can be initiated remotely. Recommendations: Tenda M3 version 1.0.0.12: At the moment, there is no information about a newer version that contains a fix for this vulnerability.