Ac6 Firmware

ac6_firmware

Vendor: Tenda • 108 CVEs

CVEs (108)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-8265 1Tenda 1Ac6 Firmware May 11, 2026 May 11, 2026 2.0 LOW· v4 7.2 HIGH· v3 5.8 MEDIUM· v2 A security vulnerability has been detected in Tenda AC6 15.03.06.23. Affected by this issue is the function get_log_file of the file /goform/getLogFile of the component httpd. The manipulation of the argument wans.flag l...Show more A security vulnerability has been detected in Tenda AC6 15.03.06.23. Affected by this issue is the function get_log_file of the file /goform/getLogFile of the component httpd. The manipulation of the argument wans.flag leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.Show less
CVE-2026-8264 1Tenda 1Ac6 Firmware May 11, 2026 May 11, 2026 2.1 LOW· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A weakness has been identified in Tenda AC6 15.03.06.23. Affected by this vulnerability is the function formWifiApScan of the file /goform/WifiApScan of the component httpd. Executing a manipulation of the argument wl2g....Show more A weakness has been identified in Tenda AC6 15.03.06.23. Affected by this vulnerability is the function formWifiApScan of the file /goform/WifiApScan of the component httpd. Executing a manipulation of the argument wl2g.public.country/wl5g.public.country can lead to os command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.Show less
CVE-2026-8259 1Tenda 1Ac6 Firmware May 11, 2026 May 11, 2026 2.0 LOW· v4 7.2 HIGH· v3 5.8 MEDIUM· v2 A vulnerability has been found in Tenda AC6 2.0/15.03.06.23. The affected element is an unknown function of the file /goform/telnet of the component httpd. The manipulation of the argument lan.ip leads to os command inje...Show more A vulnerability has been found in Tenda AC6 2.0/15.03.06.23. The affected element is an unknown function of the file /goform/telnet of the component httpd. The manipulation of the argument lan.ip leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-52221 1Tenda 1Ac6 Firmware Apr 13, 2026 Apr 8, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetCfm function via the funcname, funcpara1, and funcpara2 parameters.
CVE-2026-4961 1Tenda 1Ac6 Firmware Mar 31, 2026 Mar 27, 2026 7.4 HIGH· v4 8.8 HIGH· v3 9.0 HIGH· v2 A vulnerability was identified in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. The manipulation of the argumen...Show more A vulnerability was identified in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.Show less
CVE-2026-4960 1Tenda 1Ac6 Firmware Mar 31, 2026 Mar 27, 2026 7.4 HIGH· v4 8.8 HIGH· v3 9.0 HIGH· v2 A vulnerability was determined in Tenda AC6 15.03.05.16. Affected is the function fromWizardHandle of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WAN...Show more A vulnerability was determined in Tenda AC6 15.03.05.16. Affected is the function fromWizardHandle of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.Show less
CVE-2025-70252 1Tenda 1Ac6 Firmware Mar 6, 2026 Mar 2, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue was discovered in /goform/WifiWpsStart in Tenda AC6V2.0 V15.03.06.23_multi. The index and mode are controllable. If the conditions are met to sprintf, they will be spliced into tmp. It is worth noting that there...Show more An issue was discovered in /goform/WifiWpsStart in Tenda AC6V2.0 V15.03.06.23_multi. The index and mode are controllable. If the conditions are met to sprintf, they will be spliced into tmp. It is worth noting that there is no size check,which leads to a stack overflow vulnerability.Show less
CVE-2025-12225 1Tenda 1Ac6 Firmware Oct 28, 2025 Oct 27, 2025 7.4 HIGH· v4 8.8 HIGH· v3 9.0 HIGH· v2 A vulnerability has been found in Tenda AC6 15.03.06.50. This issue affects some unknown processing of the file /goform/WifiGuestSet of the component HTTP Request Handler. Such manipulation of the argument shareSpeed lea...Show more A vulnerability has been found in Tenda AC6 15.03.06.50. This issue affects some unknown processing of the file /goform/WifiGuestSet of the component HTTP Request Handler. Such manipulation of the argument shareSpeed leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-60343 1Tenda 1Ac6 Firmware Oct 24, 2025 Oct 22, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Multiple buffer overflows in the AdvSetMacMtuWan function of Tenda AC6 v.15.03.06.50 allows attackers to cause a Denial of Service (DoS) via injecting a crafted payload into the wanMTU, wanSpeed, cloneType, mac, serviceN...Show more Multiple buffer overflows in the AdvSetMacMtuWan function of Tenda AC6 v.15.03.06.50 allows attackers to cause a Denial of Service (DoS) via injecting a crafted payload into the wanMTU, wanSpeed, cloneType, mac, serviceName, serverName, wanMTU2, wanSpeed2, cloneType2, mac2, serviceName2, and serverName2 parameters.Show less
CVE-2025-60342 1Tenda 1Ac6 Firmware Oct 23, 2025 Oct 22, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Tenda AC6 V2.0 15.03.06.50 was discovered to contain a stack overflow in the page parameter in the addressNat function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2025-60341 1Tenda 1Ac6 Firmware Oct 28, 2025 Oct 22, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Tenda AC6 V2.0 15.03.06.50 was discovered to contain a stack overflow in the ssid parameter in the fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted inpu...Show more Tenda AC6 V2.0 15.03.06.50 was discovered to contain a stack overflow in the ssid parameter in the fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.Show less
CVE-2025-60340 1Tenda 1Ac6 Firmware Oct 28, 2025 Oct 22, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Multiple buffer overflows in the SetClientState function of Tenda AC6 v.15.03.06.50 allows attackers to cause a Denial of Service (DoS) via injecting a crafted payload into the limitSpeed, deviceId, and limitSpeedUp para...Show more Multiple buffer overflows in the SetClientState function of Tenda AC6 v.15.03.06.50 allows attackers to cause a Denial of Service (DoS) via injecting a crafted payload into the limitSpeed, deviceId, and limitSpeedUp parameters.Show less
CVE-2025-60339 1Tenda 1Ac6 Firmware Oct 27, 2025 Oct 22, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Multiple buffer overflow vulnerabilities in the openSchedWifi function of Tenda AC6 v.15.03.06.50 allows attackers to cause a Denial of Service (DoS) via injecting a crafted payload into the schedStartTime and schedEndTi...Show more Multiple buffer overflow vulnerabilities in the openSchedWifi function of Tenda AC6 v.15.03.06.50 allows attackers to cause a Denial of Service (DoS) via injecting a crafted payload into the schedStartTime and schedEndTime parameters.Show less
CVE-2025-60337 1Tenda 1Ac6 Firmware Oct 27, 2025 Oct 22, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Tenda AC6 V2.0 15.03.06.50 was discovered to contain a buffer overflow in the speed_dir parameter in the SetSpeedWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2025-60338 1Tenda 1Ac6 Firmware Oct 23, 2025 Oct 22, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Tenda AC6 V2.0 15.03.06.50 was discovered to contain a stack overflow in the page parameter in the DhcpListClient function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2025-57296 1Tenda 1Ac6 Firmware Sep 25, 2025 Sep 19, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Tenda AC6 router firmware 15.03.05.19 contains a command injection vulnerability in the formSetIptv function, which processes requests to the /goform/SetIPTVCfg web interface. When handling the list and vlanId parameters...Show more Tenda AC6 router firmware 15.03.05.19 contains a command injection vulnerability in the formSetIptv function, which processes requests to the /goform/SetIPTVCfg web interface. When handling the list and vlanId parameters, the sub_ADBC0 helper function concatenates these user-supplied values into nvram set system commands using doSystemCmd, without validating or sanitizing special characters (e.g., ;, ", #). An unauthenticated or authenticated attacker can exploit this by submitting a crafted POST request, leading to arbitrary system command execution on the affected device.Show less
CVE-2025-57528 1Tenda 1Ac6 Firmware Oct 3, 2025 Sep 19, 2025 N/A· v4 7.7 HIGH· v3 N/A· v2 An issue was discovered in Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01 allowing attackers to cause a denial of service via the funcname, funcpara1, funcpara2 parameters to the formSetCfm function (uri path: SetCfm).
CVE-2025-55495 1Tenda 1Ac6 Firmware Sep 3, 2025 Aug 27, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function.
CVE-2025-55498 1Tenda 1Ac6 Firmware Aug 25, 2025 Aug 20, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the time parameter in the fromSetSysTime function.
CVE-2025-55482 1Tenda 1Ac6 Firmware Aug 25, 2025 Aug 20, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Tenda AC6 V15.03.06.23_multi is vulnerable to Buffer Overflow in the formSetCfm function.

12 3 4 5 6 Next