Ac21 Firmware
Monthly
Tenda AC21 firmware version 16.03.08.16 contains an information disclosure vulnerability in the /cgi-bin/DownloadFlash web management interface that allows unauthenticated remote attackers to access sensitive data. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at risk of data exposure.
Tenda AC21 firmware version 16.03.08.16 contains an information disclosure vulnerability in the web management interface's /cgi-bin/DownloadLog endpoint that allows unauthenticated remote attackers to access sensitive data. Public exploit code is available for this vulnerability, increasing the risk of active exploitation. No patch is currently available for affected devices.
Command injection in Tenda AC21 firmware versions 1.1.1.1/1.dmzip/16.03.08.16 allows authenticated remote attackers to execute arbitrary commands via the dmzIp parameter in the mDMZSetCfg function. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available.
Tenda AC21 firmware versions up to 16.03.08.16 contain a stack-based buffer overflow in the /goform/AdvSetMacMtuWan endpoint that can be exploited remotely by authenticated attackers to achieve arbitrary code execution. Public exploit code exists for this vulnerability, and no patch is currently available. The high CVSS score (8.8) reflects the severity of this flaw affecting device confidentiality, integrity, and availability.
Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the deviceId parameter in /goform/saveParentControlInfo. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the urls parameter of /goform/saveParentControlInfo. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the rebootTime parameter of /goform/SetSysAutoRebbotCfg. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the list parameter of /goform/setPptpUserList. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow in: /goform/SetVirtualServerCfg via the list parameter. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been found in Tenda AC21 16.03.08.16. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A flaw has been found in Tenda AC21 16.03.08.16. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was identified in Tenda AC21 16.03.08.16. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A security flaw has been discovered in Tenda AC21 up to 16.03.08.16. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was identified in Tenda AC21 16.03.08.16. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A security vulnerability has been detected in Tenda AC21 and AC23 16.03.08.16. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Tenda AC21 firmware version 16.03.08.16 contains an information disclosure vulnerability in the /cgi-bin/DownloadFlash web management interface that allows unauthenticated remote attackers to access sensitive data. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at risk of data exposure.
Tenda AC21 firmware version 16.03.08.16 contains an information disclosure vulnerability in the web management interface's /cgi-bin/DownloadLog endpoint that allows unauthenticated remote attackers to access sensitive data. Public exploit code is available for this vulnerability, increasing the risk of active exploitation. No patch is currently available for affected devices.
Command injection in Tenda AC21 firmware versions 1.1.1.1/1.dmzip/16.03.08.16 allows authenticated remote attackers to execute arbitrary commands via the dmzIp parameter in the mDMZSetCfg function. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available.
Tenda AC21 firmware versions up to 16.03.08.16 contain a stack-based buffer overflow in the /goform/AdvSetMacMtuWan endpoint that can be exploited remotely by authenticated attackers to achieve arbitrary code execution. Public exploit code exists for this vulnerability, and no patch is currently available. The high CVSS score (8.8) reflects the severity of this flaw affecting device confidentiality, integrity, and availability.
Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the deviceId parameter in /goform/saveParentControlInfo. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the urls parameter of /goform/saveParentControlInfo. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the rebootTime parameter of /goform/SetSysAutoRebbotCfg. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the list parameter of /goform/setPptpUserList. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow in: /goform/SetVirtualServerCfg via the list parameter. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been found in Tenda AC21 16.03.08.16. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A flaw has been found in Tenda AC21 16.03.08.16. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was identified in Tenda AC21 16.03.08.16. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A security flaw has been discovered in Tenda AC21 up to 16.03.08.16. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was identified in Tenda AC21 16.03.08.16. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A security vulnerability has been detected in Tenda AC21 and AC23 16.03.08.16. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.