Tenda G1 Firmware 15.11.0.17(9502)_CN
Approved changes feed: RSS · Atom
cpe:2.3:o:tendacn:g1_firmware:15.11.0.17\(9502\)_cn:*:*:*:*:*:*:*
part: o version: 15.11.0.17(9502)_cn update: *
| Vendor | Tendacn (911f347d-94dc-5fe9-b545-6a7f771d2f53) |
|---|---|
| Product | G1 Firmware (6e1761a5-f257-550b-ae02-28a9875a1ee5) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2022-24172 |
vulnerable | 2026-06-03 14:46:29.437012 |
Details available
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formAddDhcpBindRule. This vulnerability allows attackers to cause a Denial of Service (DoS) via the addDhcpRules parameter.
Published: 2022-02-04T01:32:56.000Z
Updated: 2024-08-03T04:07:01.524Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-24171 |
vulnerable | 2026-06-03 14:46:29.436671 |
Details available
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetPppoeServer. This vulnerability allows attackers to execute arbitrary commands via the pppoeServerIP, pppoeServerStartIP, and pppoeServerEndIP parameters.
Published: 2022-02-04T01:32:57.000Z
Updated: 2024-08-03T04:07:01.501Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-24170 |
vulnerable | 2026-06-03 14:46:29.436329 |
Details available
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetIpSecTunnel. This vulnerability allows attackers to execute arbitrary commands via the IPsecLocalNet and IPsecRemoteNet parameters.
Published: 2022-02-04T01:32:58.000Z
Updated: 2024-08-03T04:07:01.577Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-24169 |
vulnerable | 2026-06-03 14:46:29.435966 |
Details available
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formIPMacBindAdd. This vulnerability allows attackers to cause a Denial of Service (DoS) via the IPMacBindRule parameter.
Published: 2022-02-04T01:32:59.000Z
Updated: 2024-08-03T04:07:02.317Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-24168 |
vulnerable | 2026-06-03 14:46:29.435622 |
Details available
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetIpGroup. This vulnerability allows attackers to execute arbitrary commands via the IPGroupStartIP and IPGroupEndIP parameters.
Published: 2022-02-04T01:32:59.000Z
Updated: 2024-08-03T04:07:01.543Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-24167 |
vulnerable | 2026-06-03 14:46:29.435270 |
Details available
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetDMZ. This vulnerability allows attackers to execute arbitrary commands via the dmzHost1 parameter.
Published: 2022-02-04T01:33:01.000Z
Updated: 2024-08-03T04:07:01.389Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-24166 |
vulnerable | 2026-06-03 14:46:29.434909 |
Details available
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the manualTime parameter.
Published: 2022-02-04T01:33:01.000Z
Updated: 2024-08-03T04:07:01.940Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-24165 |
vulnerable | 2026-06-03 14:46:29.434522 |
Details available
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetQvlanList. This vulnerability allows attackers to execute arbitrary commands via the qvlanIP parameter.
Published: 2022-02-04T01:33:02.000Z
Updated: 2024-08-03T04:07:01.458Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-24164 |
vulnerable | 2026-06-03 14:46:29.432292 |
Details available
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetVirtualSer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the DnsHijackRule parameter.
Published: 2022-02-04T01:33:04.000Z
Updated: 2024-08-03T04:07:02.043Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-45997 |
vulnerable | 2026-06-03 14:45:39.183981 |
Details available
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetPortMapping. This vulnerability allows attackers to cause a Denial of Service (DoS) via the portMappingServer, portMappingProtocol, portMappingWan, porMappingtInternal, and portMappingExternal parameters.
Published: 2022-02-04T01:33:39.000Z
Updated: 2024-08-04T04:54:31.240Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-45996 |
vulnerable | 2026-06-03 14:45:39.183635 |
Details available
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetPortMapping. This vulnerability allows attackers to cause a Denial of Service (DoS) via the portMappingServer, portMappingProtocol, portMappingWan, porMappingtInternal, and portMappingExternal parameters.
Published: 2022-02-04T01:33:40.000Z
Updated: 2024-08-04T04:54:31.224Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-45995 |
vulnerable | 2026-06-03 14:45:39.183288 |
Details available
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetStaticRoute. This vulnerability allows attackers to cause a Denial of Service (DoS) via the staticRouteNet, staticRouteMask, and staticRouteGateway parameters.
Published: 2022-02-04T01:33:40.000Z
Updated: 2024-08-04T04:54:31.135Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-45994 |
vulnerable | 2026-06-03 14:45:39.182868 |
Details available
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formDelDhcpRule. This vulnerability allows attackers to cause a Denial of Service (DoS) via the delDhcpIndex parameter.
Published: 2022-02-04T01:33:41.000Z
Updated: 2024-08-04T04:54:31.118Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-45993 |
vulnerable | 2026-06-03 14:45:39.182521 |
Details available
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formIPMacBindModify. This vulnerability allows attackers to cause a Denial of Service (DoS) via the IPMacBindRuleIP and IPMacBindRuleMac parameters.
Published: 2022-02-04T01:33:41.000Z
Updated: 2024-08-04T04:54:31.107Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-45992 |
vulnerable | 2026-06-03 14:45:39.182179 |
Details available
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetQvlanList. This vulnerability allows attackers to cause a Denial of Service (DoS) via the qvlanName parameter.
Published: 2022-02-04T01:33:44.000Z
Updated: 2024-08-04T04:54:31.260Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-45991 |
vulnerable | 2026-06-03 14:45:39.181829 |
Details available
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formAddVpnUsers. This vulnerability allows attackers to cause a Denial of Service (DoS) via the vpnUsers parameter.
Published: 2022-02-04T01:33:45.000Z
Updated: 2024-08-04T04:54:31.217Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-45990 |
vulnerable | 2026-06-03 14:45:39.181473 |
Details available
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function uploadPicture. This vulnerability allows attackers to execute arbitrary commands via the pic_name parameter.
Published: 2022-02-04T01:33:46.000Z
Updated: 2024-08-04T04:54:31.261Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-45989 |
vulnerable | 2026-06-03 14:45:39.181116 |
Details available
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function guestWifiRuleRefresh. This vulnerability allows attackers to cause a Denial of Service (DoS) via the qosGuestUpstream and qosGuestDownstream parameters.
Published: 2022-02-04T01:33:46.000Z
Updated: 2024-08-04T04:54:31.137Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-45988 |
vulnerable | 2026-06-03 14:45:39.180759 |
Details available
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formAddDnsForward. This vulnerability allows attackers to cause a Denial of Service (DoS) via the DnsForwardRule parameter.
Published: 2022-02-04T01:33:47.000Z
Updated: 2024-08-04T04:54:31.233Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-45987 |
vulnerable | 2026-06-03 14:45:39.180372 |
Details available
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetNetCheckTools. This vulnerability allows attackers to execute arbitrary commands via the hostName parameter.
Published: 2022-02-04T01:33:48.000Z
Updated: 2024-08-04T04:54:31.238Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-45986 |
vulnerable | 2026-06-03 14:45:39.178361 |
Details available
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetUSBShareInfo. This vulnerability allows attackers to execute arbitrary commands via the usbOrdinaryUserName parameter.
Published: 2022-02-04T01:33:50.000Z
Updated: 2024-08-04T04:54:31.221Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-27692 |
vulnerable | 2026-06-03 14:44:16.490667 |
Details available
Command Injection in Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted "action/umountUSBPartition" request. This occurs because the "formSetUSBPartitionUmount" function executes the "doSystemCmd" function with untrusted input.
Published: 2021-04-15T23:14:32.000Z
Updated: 2024-08-03T21:26:10.675Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-27691 |
vulnerable | 2026-06-03 14:44:16.488224 |
Details available
Command Injection in Tenda G0 routers with firmware versions v15.11.0.6(9039)_CN and v15.11.0.5(5876)_CN , and Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted action/setDebugCfg request. This occurs because the "formSetDebugCfg" function executes glibc's system function with untrusted input.
Published: 2021-04-15T23:14:46.000Z
Updated: 2024-08-03T21:26:10.746Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.