Rx3 Firmware
Monthly
Stack-based buffer overflow in Tenda RX3 firmware 16.03.13.11 allows remote attackers with low privileges to achieve complete system compromise through manipulation of QoS parameters. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects the set_qosMib_list function in the /goform/formSetQosBand endpoint, enabling unauthorized code execution and data theft.
Stack-based buffer overflow in Tenda RX3 firmware 16.03.13.11 allows authenticated remote attackers to achieve full system compromise through improper argument handling in the SetIpMacBind function. Public exploit code exists for this vulnerability, and no patch is currently available. Affected organizations should implement network segmentation and access controls to restrict administrative functionality until remediation is possible.
Stack-based buffer overflow in Tenda RX3 firmware 16.03.13.11 MAC filtering endpoint allows authenticated remote attackers to achieve code execution through crafted device name or MAC address parameters. Public exploit code exists for this vulnerability and no patch is currently available. The flaw affects the /goform/setBlackRule component with high impact on confidentiality, integrity, and availability.
Remote code execution in Tenda RX3 firmware versions up to 16.03.13.11 via stack-based buffer overflow in the /goform/openSchedWifi endpoint allows unauthenticated attackers to execute arbitrary code by manipulating the schedStartTime and schedEndTime parameters. Public exploit code exists and no patch is currently available. This vulnerability affects network devices and poses an immediate risk to deployed systems.
Stack-based buffer overflow in Tenda RX3 firmware 16.03.13.11 allows unauthenticated remote attackers to achieve code execution by sending a malicious SSID value to the /goform/fast_setting_wifi_set endpoint. Public exploit code exists for this vulnerability and no patch is currently available. An attacker can exploit this to gain complete system compromise with high integrity and availability impact.
Critical stack-based buffer overflow vulnerability in Tenda RX3 router firmware version 16.03.13.11_multi_TDE01, affecting the static route configuration endpoint. An authenticated remote attacker can exploit this vulnerability through manipulation of the 'list' argument in /goform/SetStaticRouteCfg to achieve code execution with full system privileges (confidentiality, integrity, and availability impact). Public exploit code exists and the vulnerability has been disclosed, creating immediate exploitation risk despite requiring authenticated access.
There is a stack overflow vulnerability in Tenda RX3 V1.0br_V16.03.13.11 In the fromSetWifiGusetBasic function of the web url /goform/ WifiGuestSet, the manipulation of the parameter shareSpeed leads. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In Tenda RX3 V1.0br_V16.03.13.11 in the GetParentControlInfo function of the web url /goform/GetParentControlInfo, the manipulation of the parameter mac leads to stack overflow. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability was found in Tenda RX3 16.03.13.11_multi. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as critical, has been found in Tenda RX3 16.03.13.11. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to buffer overflow via the schedStartTime and schedEndTime parameters at /goform/saveParentControlInfo. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the list parameter at /goform/setPptpUserList. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the list parameter at /goform/SetVirtualServerCfg. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the time and timeZone parameters at /goform/SetSysTimeCfg. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the deviceId parameter at /goform/saveParentControlInfo. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the firewallEn parameter at /goform/SetFirewallCfg. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the startIp and endIp parameters at /goform/SetPptpServerCfg. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Stack-based buffer overflow in Tenda RX3 firmware 16.03.13.11 allows remote attackers with low privileges to achieve complete system compromise through manipulation of QoS parameters. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects the set_qosMib_list function in the /goform/formSetQosBand endpoint, enabling unauthorized code execution and data theft.
Stack-based buffer overflow in Tenda RX3 firmware 16.03.13.11 allows authenticated remote attackers to achieve full system compromise through improper argument handling in the SetIpMacBind function. Public exploit code exists for this vulnerability, and no patch is currently available. Affected organizations should implement network segmentation and access controls to restrict administrative functionality until remediation is possible.
Stack-based buffer overflow in Tenda RX3 firmware 16.03.13.11 MAC filtering endpoint allows authenticated remote attackers to achieve code execution through crafted device name or MAC address parameters. Public exploit code exists for this vulnerability and no patch is currently available. The flaw affects the /goform/setBlackRule component with high impact on confidentiality, integrity, and availability.
Remote code execution in Tenda RX3 firmware versions up to 16.03.13.11 via stack-based buffer overflow in the /goform/openSchedWifi endpoint allows unauthenticated attackers to execute arbitrary code by manipulating the schedStartTime and schedEndTime parameters. Public exploit code exists and no patch is currently available. This vulnerability affects network devices and poses an immediate risk to deployed systems.
Stack-based buffer overflow in Tenda RX3 firmware 16.03.13.11 allows unauthenticated remote attackers to achieve code execution by sending a malicious SSID value to the /goform/fast_setting_wifi_set endpoint. Public exploit code exists for this vulnerability and no patch is currently available. An attacker can exploit this to gain complete system compromise with high integrity and availability impact.
Critical stack-based buffer overflow vulnerability in Tenda RX3 router firmware version 16.03.13.11_multi_TDE01, affecting the static route configuration endpoint. An authenticated remote attacker can exploit this vulnerability through manipulation of the 'list' argument in /goform/SetStaticRouteCfg to achieve code execution with full system privileges (confidentiality, integrity, and availability impact). Public exploit code exists and the vulnerability has been disclosed, creating immediate exploitation risk despite requiring authenticated access.
There is a stack overflow vulnerability in Tenda RX3 V1.0br_V16.03.13.11 In the fromSetWifiGusetBasic function of the web url /goform/ WifiGuestSet, the manipulation of the parameter shareSpeed leads. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In Tenda RX3 V1.0br_V16.03.13.11 in the GetParentControlInfo function of the web url /goform/GetParentControlInfo, the manipulation of the parameter mac leads to stack overflow. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability was found in Tenda RX3 16.03.13.11_multi. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as critical, has been found in Tenda RX3 16.03.13.11. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to buffer overflow via the schedStartTime and schedEndTime parameters at /goform/saveParentControlInfo. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the list parameter at /goform/setPptpUserList. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the list parameter at /goform/SetVirtualServerCfg. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the time and timeZone parameters at /goform/SetSysTimeCfg. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the deviceId parameter at /goform/saveParentControlInfo. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the firewallEn parameter at /goform/SetFirewallCfg. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the startIp and endIp parameters at /goform/SetPptpServerCfg. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.