CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-46436 |
Description: Hardcoded credentials in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to gain root access to the device over the telnet service.
EPSS Score: 0.04%
February 11th, 2025 (5 months ago)
|
|
CVE-2024-46435 |
Description: A stack overflow vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an authenticated remote attacker to cause a denial of service or potentially execute arbitrary code. This vulnerability occurs due to improper input validation when handling user-supplied data in the delFacebookPic function.
EPSS Score: 0.04%
February 11th, 2025 (5 months ago)
|
|
CVE-2024-46434 |
Description: Tenda W18E V16.01.0.8(1625) suffers from authentication bypass in the web management portal allowing an unauthorized remote attacker to gain administrative access by sending a specially crafted HTTP request.
EPSS Score: 0.04%
February 11th, 2025 (5 months ago)
|
|
CVE-2024-46433 |
Description: A default credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using the default rzadmin account with administrative privileges.
EPSS Score: 0.04%
February 11th, 2025 (5 months ago)
|
|
CVE-2024-46432 |
Description: Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. An attacker can send a specially crafted HTTP POST request to the setQuickCfgWifiAndLogin function, which allows unauthorized changes to WiFi configuration settings and administrative credentials.
EPSS Score: 0.04%
February 11th, 2025 (5 months ago)
|
|
CVE-2024-46431 |
Description: Tenda W18E V16.01.0.8(1625) is vulnerable to Buffer Overflow. An attacker with access to the web management portal can exploit this vulnerability by sending specially crafted data to the delWewifiPic function.
EPSS Score: 0.04%
February 11th, 2025 (5 months ago)
|
|
CVE-2024-46430 |
Description: Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. Unauthorized password change via the web management portal allows an unauthenticated remote attacker to change the administrator password by sending a specially crafted HTTP POST request to the setLoginPassword function, bypassing the authentication mechanism.
EPSS Score: 0.04%
February 11th, 2025 (5 months ago)
|
|
CVE-2024-46429 |
Description: A hardcoded credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using a default guest account with administrative privileges.
EPSS Score: 0.04%
February 11th, 2025 (5 months ago)
|
|
CVE-2024-43428 |
Description: To address a cache poisoning risk in Moodle, additional validation for local storage was required.
EPSS Score: 0.04%
February 11th, 2025 (5 months ago)
|
|
CVE-2024-43426 |
Description: A flaw was found in pdfTeX. Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available, such as those with TeX Live installed.
EPSS Score: 0.04%
February 11th, 2025 (5 months ago)
|