Z472421519

**Name of the Vulnerable Software and Affected Versions** Tenda WH450 version 1.0.0.18 **Description** A stack-based buffer overflow exists in the file `/goform/SafeEmailFilter` of the Tenda WH450. The issue is triggered by manipulating the `page` argument. This allows for remote exploitation. **Recommendations** Update Tenda WH450 to a newer version that addresses this vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda WH450 version 1.0.0.18 **Description** A flaw exists in the HTTP Request Handler component of Tenda WH450 version 1.0.0.18. Specifically, manipulation of the `page` argument within the `/goform/webExcptypemanFilte` file can trigger a stack-based buffer overflow. This issue can be exploited remotely. An exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda WH450 version 1.0.0.18 **Description** A flaw exists in Tenda WH450 version 1.0.0.18 where manipulation of the `page` argument in the file `/goform/qossetting` leads to a stack-based buffer overflow. This issue can be exploited remotely. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda WH450 version 1.0.0.18 **Description** A flaw exists in the HTTP Request Handler component of Tenda WH450 version 1.0.0.18. The issue relates to stack-based buffer overflow triggered by manipulating the `page` argument when processing the file '/goform/VirtualSer'. This allows for remote attacks. The exploit for this issue has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda WH450 version 1.0.0.18 **Description** A flaw exists in the Tenda WH450 device. This issue is located in the HTTP Request Handler component, specifically within the file '/goform/SetIpBind'. Manipulation of the `page` argument can trigger a stack-based buffer overflow. This can be exploited remotely. The exploit for this issue has been made public. **Recommendations** Update to a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda WH450 version 1.0.0.18 **Description** A security flaw exists in Tenda WH450 version 1.0.0.18. The issue involves a stack-based buffer overflow that occurs due to the manipulation of the `page` argument within the file '/goform/SafeMacFilter'. This allows for remote exploitation, and a public exploit is available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda WH450 version 1.0.0.18 **Description** A stack-based buffer overflow issue exists in the file `/goform/RouteStatic` of Tenda WH450 version 1.0.0.18. The issue is triggered by manipulating the `page` argument. This can be exploited remotely. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda WH450 version 1.0.0.18 **Description** A stack-based buffer overflow exists due to manipulation of the `delno` argument in an unknown function of the /goform/PPTPUserSetting file. Remote exploitation is possible. The exploit has been made public. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda WH450 version 1.0.0.18 **Description** A flaw exists in the HTTP Request Handler component of the Tenda WH450. The issue involves a stack-based buffer overflow triggered by manipulating the `page` argument within the `/goform/Natlimit` file. This manipulation occurs through an unknown function. The attack can be initiated remotely, potentially granting unauthenticated remote code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda WH450 version 1.0.0.18 **Description** A flaw exists in the Tenda WH450 device. This issue affects an unspecified function within the HTTP Request Handler component, specifically related to the file '/goform/CheckTools'. Manipulation of the `ipaddress` argument can result in command injection. The attack can be initiated remotely. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda WH450 version 1.0.0.18 **Description** A stack-based buffer overflow exists in the HTTP Request Handler component of the Tenda WH450. The issue is triggered by manipulating the `Username` argument in the '/goform/PPTPDClient' file. The attack can be initiated remotely. The exploit has been made public and could be used to hijack devices. Elevated activities targeting this vulnerability have been observed. **Recommendations** For Tenda WH450 version 1.0.0.18, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda WH450 version 1.0.0.18 **Description** A stack-based buffer overflow exists in the HTTP Request Handler component of the Tenda WH450. The issue is located in the `/goform/PPTPClient` file and can be triggered by manipulating the `netmsk` argument. This allows for remote exploitation of the device. The exploit has been publicly disclosed. The vulnerable function is unknown. **Recommendations** Update to a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda WH450 version 1.0.0.18 **Description** A stack-based buffer overflow exists in Tenda WH450 version 1.0.0.18. The issue is due to the manipulation of the `page` argument in the file '/goform/NatStaticSetting'. This allows for remote exploitation. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda WH450 version 1.0.0.18 **Description** A flaw exists in the HTTP Request Handler component of the software. Specifically, the issue resides in an unknown part of the `/goform/L7Port` file. Manipulating the `page` argument can trigger a stack-based buffer overflow. This issue can be exploited remotely. The exploit is publicly available. **Recommendations** Update to a newer version of Tenda WH450 that addresses this vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda WH450 version 1.0.0.18 **Description** A weakness exists in the Tenda WH450 device. The issue is a stack-based buffer overflow within the HTTP Request Handler component, specifically related to the file '/goform/CheckTools'. Manipulation of the `ipaddress` argument in this file causes the overflow. The attack can be initiated remotely, and the exploit has been publicly released. **API Endpoints** '/goform/CheckTools' **Vulnerable Parameters or Variables** `ipaddress` **Recommendations** For Tenda WH450 version 1.0.0.18, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda WH450 version 1.0.0.18 **Description** A security issue exists in Tenda WH450 version 1.0.0.18 related to a stack-based buffer overflow. The issue is located within the HTTP Request Handler component, specifically in the file `/goform/L7Im`. Manipulation of the `page` argument can trigger the overflow, allowing for remote exploitation. Public exploit code is available. **Recommendations** Restrict access to the HTTP Request Handler component. Disable the functionality associated with the `/goform/L7Im` file. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda FH1201 version 1.2.0.14(408) Tenda FH1206 version 1.2.0.14(408) Tenda FH1201 version 1.2.0.8(8155) Tenda FH1206 version 1.2.0.8(8155) **Description** A flaw exists in the Tenda FH1201 and FH1206 routers. The issue resides in the `strcat` function within the `/goform/webtypelibrary` file of the HTTP Request Handler component. Manipulation of the `webSiteId` argument can trigger a stack-based buffer overflow, potentially allowing for remote exploitation. An exploit for this issue has been published. **Recommendations** Tenda FH1201 version 1.2.0.14(408): At the moment, there is no information about a newer version that contains a fix for this vulnerability. Tenda FH1206 version 1.2.0.14(408): At the moment, there is no information about a newer version that contains a fix for this vulnerability. Tenda FH1201 version 1.2.0.8(8155): At the moment, there is no information about a newer version that contains a fix for this vulnerability. Tenda FH1206 version 1.2.0.8(8155): At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda FH1201 version 1.2.0.14(408) **Description** A stack-based buffer overflow exists in the `sprintf` function within the `/goform/SetIpBind` file of the Tenda FH1201 router. Manipulation of the `page` argument can trigger this issue, allowing for remote exploitation. The exploit for this issue has been publicly disclosed and is potentially being used in attacks. Recent reports indicate increased actor activity targeting this vulnerability. **Recommendations** Restrict access to the `/goform/SetIpBind` endpoint. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda WH450 version 1.0.0.18 **Description** A stack-based buffer overflow exists in the Tenda WH450 router. The issue is related to the manipulation of the `ip1` argument within an unknown function of the `/goform/PPTPServer` file. This allows for remote exploitation. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tenda AC18 version 15.03.05.05 **Description** A flaw exists in the Tenda AC18 router that could allow for remote attacks. The issue is related to the `sprintf` function within the HTTP Request Handler component, specifically in the file /goform/SetDlnaCfg. Manipulation of the `scanList` argument can lead to a stack-based buffer overflow. The exploit for this issue is publicly available. **Recommendations** Disable the DLNA feature to mitigate the risk.