GCVE - cpe:2.3:o:tendacn:ac10u_firmware:15.03.06.48_multi

Approved changes feed: RSS · Atom

cpe:2.3:o:tendacn:ac10u_firmware:15.03.06.48_multi_tde01:*:*:*:*:*:*:*

part: o version: 15.03.06.48_multi_tde01 update: *

Vendor	Tendacn (`911f347d-94dc-5fe9-b545-6a7f771d2f53`)
Product	Ac10U Firmware (`5b7ac22b-c6ae-5693-b50c-b501ae74ca79`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-30612`	vulnerable	2026-06-03 14:55:38.647533	Details available Tenda AC10U v15.03.06.48 has a stack overflow vulnerability in the deviceId, limitSpeed, limitSpeedUp parameter from formSetClientState function. Published: 2024-03-28T00:00:00.000Z Updated: 2024-08-02T01:39:00.652Z Open on db.gcve.eu Reference links https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.48/more/formSetClientState.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-2853`	vulnerable	2026-06-03 14:55:36.362019	Tenda AC10U setsambacfg formSetSambaConf os command injection MEDIUM (6.3) A vulnerability was found in Tenda AC10U 15.03.06.48/15.03.06.49. It has been rated as critical. This issue affects the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257777 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Published: 2024-03-24T05:00:06.892Z Updated: 2024-08-01T19:25:42.158Z Open on db.gcve.eu Reference links https://vuldb.com/?id.257777 https://vuldb.com/?ctiid.257777 https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.48/more/formSetSambaConf.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-2764`	vulnerable	2026-06-03 14:55:36.186384	Tenda AC10U SetPptpServerCfg formSetPPTPServer stack-based overflow HIGH (8.8) A vulnerability, which was classified as critical, was found in Tenda AC10U 15.03.06.48. This affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument endIP leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257601 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Published: 2024-03-21T20:31:05.130Z Updated: 2024-08-02T13:57:14.115Z Open on db.gcve.eu Reference links https://vuldb.com/?id.257601 https://vuldb.com/?ctiid.257601 https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.48/more/formSetPPTPServer.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-22079`	vulnerable	2026-06-03 14:42:05.243964	Details available Stack-based buffer overflow in Tenda AC-10U AC1200 Router US_AC10UV1.0RTL_V15.03.06.48_multi_TDE01 allows remote attackers to execute arbitrary code via the timeZone parameter to goform/SetSysTimeCfg. Published: 2021-10-29T10:19:30.000Z Updated: 2024-08-04T14:51:10.418Z Open on db.gcve.eu Reference links https://cwe.mitre.org/data/definitions/121.html https://github.com/1sd3d/Tendown/tree/master/PoCs/Auth/bof11 https://github.com/Lyc-heng/routers/blob/main/routers/stack1.md	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Tenda Technology AC10U Firmware 15.03.06.48_Multi_TDE01

PURL mappings

Vulnerability references

Contribute