Tenda

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-8265 1Tenda 1Ac6 Firmware May 11, 2026 May 11, 2026 2.0 LOW· v4 7.2 HIGH· v3 5.8 MEDIUM· v2 A security vulnerability has been detected in Tenda AC6 15.03.06.23. Affected by this issue is the function get_log_file of the file /goform/getLogFile of the component httpd. The manipulation of the argument wans.flag l...Show more A security vulnerability has been detected in Tenda AC6 15.03.06.23. Affected by this issue is the function get_log_file of the file /goform/getLogFile of the component httpd. The manipulation of the argument wans.flag leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.Show less
CVE-2026-8264 1Tenda 1Ac6 Firmware May 11, 2026 May 11, 2026 2.1 LOW· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A weakness has been identified in Tenda AC6 15.03.06.23. Affected by this vulnerability is the function formWifiApScan of the file /goform/WifiApScan of the component httpd. Executing a manipulation of the argument wl2g....Show more A weakness has been identified in Tenda AC6 15.03.06.23. Affected by this vulnerability is the function formWifiApScan of the file /goform/WifiApScan of the component httpd. Executing a manipulation of the argument wl2g.public.country/wl5g.public.country can lead to os command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.Show less
CVE-2026-8263 1Tenda 1Ac10u Firmware May 12, 2026 May 11, 2026 2.0 LOW· v4 9.8 CRITICAL· v3 5.8 MEDIUM· v2 A security flaw has been discovered in Tenda AC6 15.03.06.49_multi_TDE01. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet of the component httpd. Performing a manipulation of the argument...Show more A security flaw has been discovered in Tenda AC6 15.03.06.49_multi_TDE01. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet of the component httpd. Performing a manipulation of the argument mac/ssid results in os command injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.Show less
CVE-2026-8259 1Tenda 1Ac6 Firmware May 11, 2026 May 11, 2026 2.0 LOW· v4 7.2 HIGH· v3 5.8 MEDIUM· v2 A vulnerability has been found in Tenda AC6 2.0/15.03.06.23. The affected element is an unknown function of the file /goform/telnet of the component httpd. The manipulation of the argument lan.ip leads to os command inje...Show more A vulnerability has been found in Tenda AC6 2.0/15.03.06.23. The affected element is an unknown function of the file /goform/telnet of the component httpd. The manipulation of the argument lan.ip leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.Show less
CVE-2026-8138 1Tenda 1Cx12l Firmware May 11, 2026 May 8, 2026 7.4 HIGH· v4 8.8 HIGH· v3 9.0 HIGH· v2 A vulnerability was found in Tenda CX12L 16.03.53.12. This issue affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg”. The manipulation results in stack-based buffer overflow. The attack can be ex...Show more A vulnerability was found in Tenda CX12L 16.03.53.12. This issue affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg”. The manipulation results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.Show less
CVE-2026-7470 1Tenda 14g300 Firmware Apr 30, 2026 Apr 30, 2026 7.4 HIGH· v4 8.8 HIGH· v3 9.0 HIGH· v2 A flaw has been found in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. Affected is the function sub_427C3C of the file /goform/SafeMacFilter. This manipulation of the argument page causes stack-based buffer overflow. Rem...Show more A flaw has been found in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. Affected is the function sub_427C3C of the file /goform/SafeMacFilter. This manipulation of the argument page causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.Show less
CVE-2026-7469 1Tenda 14g300 Firmware Apr 30, 2026 Apr 30, 2026 2.1 LOW· v4 6.3 MEDIUM· v3 6.5 MEDIUM· v2 A vulnerability was detected in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. This impacts the function sub_425A28 of the file /goform/DelFil. The manipulation of the argument delflag results in command injection. The at...Show more A vulnerability was detected in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. This impacts the function sub_425A28 of the file /goform/DelFil. The manipulation of the argument delflag results in command injection. The attack may be launched remotely. The exploit is now public and may be used.Show less
CVE-2018-25318 1Tenda 2A300 Firmware Fh303 Firmware May 4, 2026 Apr 29, 2026 9.3 CRITICAL· v4 9.8 CRITICAL· v3 N/A· v2 Tenda FH303/A300 firmware V5.07.68_EN contains a session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient cookie validation. Attackers can send GET requests t...Show more Tenda FH303/A300 firmware V5.07.68_EN contains a session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient cookie validation. Attackers can send GET requests to the /goform/AdvSetDns endpoint with a crafted admin cookie to change DNS servers and redirect user traffic to malicious sites.Show less
CVE-2018-25317 1Tenda 3A302 Firmware W3002r FirmwareW309r Firmware May 5, 2026 Apr 29, 2026 9.3 CRITICAL· v4 9.8 CRITICAL· v3 N/A· v2 Tenda W3002R/A302/W309R wireless routers version V5.07.64_en contain a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Att...Show more Tenda W3002R/A302/W309R wireless routers version V5.07.64_en contain a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the /goform/AdvSetDns endpoint with a crafted admin language cookie to change primary and secondary DNS servers, redirecting user traffic to malicious DNS servers.Show less
CVE-2018-25316 1Tenda 1W308r Firmware May 4, 2026 Apr 29, 2026 9.3 CRITICAL· v4 9.8 CRITICAL· v3 N/A· v2 Tenda W308R v2 V5.07.48 contains a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the...Show more Tenda W308R v2 V5.07.48 contains a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the goform/AdvSetDns endpoint with a crafted admin language cookie to change DNS servers and redirect user traffic to malicious sites.Show less
CVE-2026-7160 1Tenda 1Hg3 Firmware Apr 30, 2026 Apr 27, 2026 7.4 HIGH· v4 8.8 HIGH· v3 9.0 HIGH· v2 A vulnerability was determined in Tenda HG3 2.0. This vulnerability affects the function formTracert of the file /boaform/formTracert. Executing a manipulation of the argument datasize can lead to command injection. The...Show more A vulnerability was determined in Tenda HG3 2.0. This vulnerability affects the function formTracert of the file /boaform/formTracert. Executing a manipulation of the argument datasize can lead to command injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.Show less
CVE-2026-7151 1Tenda 1Hg3 Firmware Apr 30, 2026 Apr 27, 2026 7.4 HIGH· v4 8.8 HIGH· v3 9.0 HIGH· v2 A vulnerability was determined in Tenda HG3 2.0. Impacted is the function formUploadConfig of the file /boaform/formIPv6Routing. This manipulation of the argument destNet causes stack-based buffer overflow. It is possibl...Show more A vulnerability was determined in Tenda HG3 2.0. Impacted is the function formUploadConfig of the file /boaform/formIPv6Routing. This manipulation of the argument destNet causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.Show less
CVE-2026-31255 1Tenda 1Ac18 Firmware Apr 28, 2026 Apr 27, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A command injection vulnerability exists in Tenda AC18 V15.03.05.05_multi. The vulnerability is located in the /goform/SetSambaCfg interface, where improper handling of the guestuser parameter allows attackers to execute...Show more A command injection vulnerability exists in Tenda AC18 V15.03.05.05_multi. The vulnerability is located in the /goform/SetSambaCfg interface, where improper handling of the guestuser parameter allows attackers to execute arbitrary system commands.Show less
CVE-2026-7119 1Tenda 1Hg3 Firmware Apr 30, 2026 Apr 27, 2026 7.4 HIGH· v4 8.8 HIGH· v3 9.0 HIGH· v2 A vulnerability was detected in Tenda HG3 2.0. The impacted element is an unknown function of the file /boaform/formCountrystr. The manipulation of the argument countrystr results in os command injection. The attack may...Show more A vulnerability was detected in Tenda HG3 2.0. The impacted element is an unknown function of the file /boaform/formCountrystr. The manipulation of the argument countrystr results in os command injection. The attack may be performed from remote. The exploit is now public and may be used.Show less
CVE-2026-7102 1Tenda 1F456 Firmware Apr 29, 2026 Apr 27, 2026 2.1 LOW· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability was found in Tenda F456 1.0.0.5. This impacts the function FromWriteFacMac of the file /goform/WriteFacMac of the component httpd. The manipulation of the argument mac results in command injection. The at...Show more A vulnerability was found in Tenda F456 1.0.0.5. This impacts the function FromWriteFacMac of the file /goform/WriteFacMac of the component httpd. The manipulation of the argument mac results in command injection. The attack can be executed remotely. The exploit has been made public and could be used.Show less
CVE-2026-7101 1Tenda 1F456 Firmware May 28, 2026 Apr 27, 2026 7.4 HIGH· v4 8.8 HIGH· v3 9.0 HIGH· v2 A vulnerability has been found in Tenda F456 1.0.0.5. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. The manipulation leads to buffer overflow. Remote exploitation of...Show more A vulnerability has been found in Tenda F456 1.0.0.5. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. The manipulation leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.Show less
CVE-2026-7100 1Tenda 1F456 Firmware Apr 30, 2026 Apr 27, 2026 7.4 HIGH· v4 8.8 HIGH· v3 9.0 HIGH· v2 A flaw has been found in Tenda F456 1.0.0.5. The impacted element is the function fromNatlimitof of the file /goform/Natlimit of the component httpd. Executing a manipulation can lead to buffer overflow. The attack may b...Show more A flaw has been found in Tenda F456 1.0.0.5. The impacted element is the function fromNatlimitof of the file /goform/Natlimit of the component httpd. Executing a manipulation can lead to buffer overflow. The attack may be launched remotely. The exploit has been published and may be used.Show less
CVE-2026-7099 1Tenda 1F456 Firmware Apr 30, 2026 Apr 27, 2026 7.4 HIGH· v4 8.8 HIGH· v3 9.0 HIGH· v2 A vulnerability was detected in Tenda F456 1.0.0.5. The affected element is the function formQuickIndex of the file /goform/QuickIndex of the component httpd. Performing a manipulation of the argument mit_linktype result...Show more A vulnerability was detected in Tenda F456 1.0.0.5. The affected element is the function formQuickIndex of the file /goform/QuickIndex of the component httpd. Performing a manipulation of the argument mit_linktype results in buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.Show less
CVE-2026-7098 1Tenda 1F456 Firmware Apr 30, 2026 Apr 27, 2026 7.4 HIGH· v4 8.8 HIGH· v3 9.0 HIGH· v2 A security vulnerability has been detected in Tenda F456 1.0.0.5. Impacted is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. Such manipulation of the argument page leads to buf...Show more A security vulnerability has been detected in Tenda F456 1.0.0.5. Impacted is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. Such manipulation of the argument page leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.Show less
CVE-2026-7097 1Tenda 1F456 Firmware Apr 30, 2026 Apr 27, 2026 7.4 HIGH· v4 8.8 HIGH· v3 9.0 HIGH· v2 A weakness has been identified in Tenda F456 1.0.0.5. This issue affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of the component httpd. This manipulation of the argument page cause...Show more A weakness has been identified in Tenda F456 1.0.0.5. This issue affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of the component httpd. This manipulation of the argument page causes buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.Show less

12 3 4 5...92 Next