Ac9 Firmware

ac9_firmware

Vendor: Tenda • 92 CVEs

CVEs (92)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-29387 1Tenda 1Ac9 Firmware Mar 17, 2025 Mar 14, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 In Tenda AC9 v1.0 V15.03.05.14_multi, the wanSpeed parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.
CVE-2025-29386 1Tenda 1Ac9 Firmware Mar 19, 2025 Mar 14, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In Tenda AC9 v1.0 V15.03.05.14_multi, the mac parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.
CVE-2025-29385 1Tenda 1Ac9 Firmware Mar 19, 2025 Mar 14, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In Tenda AC9 v1.0 V15.03.05.14_multi, the cloneType parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.
CVE-2025-29384 1Tenda 1Ac9 Firmware Mar 19, 2025 Mar 14, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.
CVE-2025-22949 1Tenda 1Ac9 Firmware Apr 9, 2025 Jan 10, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Tenda ac9 v1.0 firmware v15.03.05.19 is vulnerable to command injection in /goform/SetSambaCfg, which may lead to remote arbitrary code execution.
CVE-2025-22946 1Tenda 1Ac9 Firmware Apr 9, 2025 Jan 10, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Tenda ac9 v1.0 firmware v15.03.05.19 contains a stack overflow vulnerability in /goform/SetOnlineDevName, which may lead to remote arbitrary code execution.
CVE-2024-10280 1Tenda 10Ac10 Firmware Ac10u FirmwareAc1206 Firmware+7 more Nov 1, 2024 Oct 23, 2024 7.1 HIGH· v4 7.5 HIGH· v3 6.8 MEDIUM· v2 A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV...Show more A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2024-42634 1Tenda 1Ac9 Firmware Apr 11, 2025 Aug 16, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A Command Injection vulnerability exists in formWriteFacMac of the httpd binary in Tenda AC9 v15.03.06.42. As a result, attacker can execute OS commands with root privileges.
CVE-2024-25751 1Tenda 1Ac9 Firmware Mar 13, 2025 Feb 26, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the fromSetSysTime function.
CVE-2024-25756 1Tenda 1Ac9 Firmware Mar 13, 2025 Feb 22, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 A Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the formWifiBasicSet function.
CVE-2024-25753 1Tenda 1Ac9 Firmware Mar 13, 2025 Feb 22, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the formSetDeviceName function.
CVE-2024-25748 1Tenda 1Ac9 Firmware Mar 13, 2025 Feb 22, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 A Stack Based Buffer Overflow vulnerability in tenda AC9 AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the fromSetIpMacBind function.
CVE-2024-25746 1Tenda 1Ac9 Firmware Mar 13, 2025 Feb 22, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the add_white_node function.
CVE-2024-24543 1Tenda 1Ac9 Firmware May 15, 2025 Feb 5, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Buffer Overflow vulnerability in the function setSchedWifi in Tenda AC9 v.3.0, firmware version v.15.03.06.42_multi allows a remote attacker to cause a denial of service or run arbitrary code via crafted overflow data.
CVE-2023-38823 1Tenda 4Ac18 Firmware Ac19 FirmwareAc6 Firmware+1 more Jun 10, 2025 Nov 20, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 and v.1.0 allows a remote attacker to execute arbitrary code via the formSetCfm function in bin/httpd.
CVE-2023-41563 1Tenda 2Ac5 Firmware Ac9 Firmware Nov 21, 2024 Aug 30, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter mac at url /goform/GetParentControlInfo.
CVE-2023-41562 1Tenda 3Ac5 Firmware Ac7 FirmwareAc9 Firmware Nov 21, 2024 Aug 30, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter time at url /goform/PowerSaveSet.
CVE-2023-41561 1Tenda 2Ac5 Firmware Ac9 Firmware Nov 21, 2024 Aug 30, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter startIp and endIp at url /goform/SetPptpServerCfg.
CVE-2023-41560 1Tenda 1Ac9 Firmware Nov 21, 2024 Aug 30, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Tenda AC9 V3.0 V15.03.06.42_multi was discovered to contain a stack overflow via parameter firewallEn at url /goform/SetFirewallCfg.
CVE-2023-41559 1Tenda 3Ac5 Firmware Ac7 FirmwareAc9 Firmware Nov 21, 2024 Aug 30, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter page at url /goform/NatStaticSetting.

Previous 123 4 5 Next