Tenda

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-11120 1Tenda 1Ac18 Firmware Oct 3, 2025 Sep 28, 2025 7.4 HIGH· v4 8.8 HIGH· v3 9.0 HIGH· v2 A weakness has been identified in Tenda AC8 16.03.34.06. The affected element is the function formSetServerConfig of the file /goform/SetServerConfig. Executing manipulation can lead to buffer overflow. It is possible to...Show more A weakness has been identified in Tenda AC8 16.03.34.06. The affected element is the function formSetServerConfig of the file /goform/SetServerConfig. Executing manipulation can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited.Show less
CVE-2025-11117 1Tenda 1Ch22 Firmware Oct 3, 2025 Sep 28, 2025 7.4 HIGH· v4 8.8 HIGH· v3 9.0 HIGH· v2 A vulnerability was determined in Tenda CH22 1.0.0.1. This vulnerability affects the function formWrlExtraGet of the file /goform/GstDhcpSetSer. This manipulation of the argument dips causes buffer overflow. The attack i...Show more A vulnerability was determined in Tenda CH22 1.0.0.1. This vulnerability affects the function formWrlExtraGet of the file /goform/GstDhcpSetSer. This manipulation of the argument dips causes buffer overflow. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.Show less
CVE-2025-11091 1Tenda 1Ac21 Firmware Oct 3, 2025 Sep 28, 2025 7.4 HIGH· v4 8.8 HIGH· v3 9.0 HIGH· v2 A security flaw has been discovered in Tenda AC21 up to 16.03.08.16. Affected by this vulnerability is the function sscanf of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer ov...Show more A security flaw has been discovered in Tenda AC21 up to 16.03.08.16. Affected by this vulnerability is the function sscanf of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be exploited.Show less
CVE-2025-57638 1Tenda 1Ac9 Firmware Sep 25, 2025 Sep 23, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Buffer overflow vulnerability in Tenda AC9 1.0 via the user supplied sys.vendor configuration value.
CVE-2025-57639 1Tenda 1Ac9 Firmware Sep 25, 2025 Sep 23, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 OS Command injection vulnerability in Tenda AC9 1.0 was discovered to contain a command injection vulnerability via the usb.samba.guest.user parameter in the formSetSambaConf function of the httpd file.
CVE-2025-10838 1Tenda 1Ac21 Firmware Oct 3, 2025 Sep 23, 2025 7.4 HIGH· v4 8.8 HIGH· v3 9.0 HIGH· v2 A vulnerability was identified in Tenda AC21 16.03.08.16. The affected element is the function sub_45BB10 of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to buffer overflow. It is p...Show more A vulnerability was identified in Tenda AC21 16.03.08.16. The affected element is the function sub_45BB10 of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.Show less
CVE-2025-10815 1Tenda 1Ac20 Firmware Sep 25, 2025 Sep 22, 2025 7.4 HIGH· v4 8.8 HIGH· v3 9.0 HIGH· v2 A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Affected by this issue is the function strcpy of the file /goform/SetPptpServerCfg of the component HTTP POST Request Handler. Such manipulation of the argu...Show more A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Affected by this issue is the function strcpy of the file /goform/SetPptpServerCfg of the component HTTP POST Request Handler. Such manipulation of the argument startIp leads to buffer overflow. The attack can be launched remotely. The exploit is publicly available and might be used.Show less
CVE-2025-10803 1Tenda 1Ac23 Firmware Sep 24, 2025 Sep 22, 2025 7.4 HIGH· v4 8.8 HIGH· v3 9.0 HIGH· v2 A vulnerability has been found in Tenda AC23 up to 16.03.07.52. Affected by this vulnerability is the function sscanf of the file /goform/SetPptpServerCfg of the component HTTP POST Request Handler. Such manipulation of...Show more A vulnerability has been found in Tenda AC23 up to 16.03.07.52. Affected by this vulnerability is the function sscanf of the file /goform/SetPptpServerCfg of the component HTTP POST Request Handler. Such manipulation of the argument startIp leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-57296 1Tenda 1Ac6 Firmware Sep 25, 2025 Sep 19, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Tenda AC6 router firmware 15.03.05.19 contains a command injection vulnerability in the formSetIptv function, which processes requests to the /goform/SetIPTVCfg web interface. When handling the list and vlanId parameters...Show more Tenda AC6 router firmware 15.03.05.19 contains a command injection vulnerability in the formSetIptv function, which processes requests to the /goform/SetIPTVCfg web interface. When handling the list and vlanId parameters, the sub_ADBC0 helper function concatenates these user-supplied values into nvram set system commands using doSystemCmd, without validating or sanitizing special characters (e.g., ;, ", #). An unauthenticated or authenticated attacker can exploit this by submitting a crafted POST request, leading to arbitrary system command execution on the affected device.Show less
CVE-2025-57528 1Tenda 1Ac6 Firmware Oct 3, 2025 Sep 19, 2025 N/A· v4 7.7 HIGH· v3 N/A· v2 An issue was discovered in Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01 allowing attackers to cause a denial of service via the funcname, funcpara1, funcpara2 parameters to the formSetCfm function (uri path: SetCfm).
CVE-2025-10443 1Tenda 2Ac15 Firmware Ac9 Firmware Sep 19, 2025 Sep 15, 2025 7.4 HIGH· v4 8.8 HIGH· v3 9.0 HIGH· v2 A vulnerability was identified in Tenda AC9 and AC15 15.03.05.14/15.03.05.18. This vulnerability affects the function formexeCommand of the file /goform/exeCommand. Such manipulation of the argument cmdinput leads to buf...Show more A vulnerability was identified in Tenda AC9 and AC15 15.03.05.14/15.03.05.18. This vulnerability affects the function formexeCommand of the file /goform/exeCommand. Such manipulation of the argument cmdinput leads to buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used.Show less
CVE-2025-10442 1Tenda 2Ac15 Firmware Ac9 Firmware Apr 29, 2026 Sep 15, 2025 2.1 LOW· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability was determined in Tenda AC9 and AC15 15.03.05.14. This affects the function formexeCommand of the file /goform/exeCommand. This manipulation of the argument cmdinput causes os command injection. Remote ex...Show more A vulnerability was determined in Tenda AC9 and AC15 15.03.05.14. This affects the function formexeCommand of the file /goform/exeCommand. This manipulation of the argument cmdinput causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.Show less
CVE-2025-10432 1Tenda 1Ac1206 Firmware Sep 20, 2025 Sep 15, 2025 8.9 HIGH· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A vulnerability was found in Tenda AC1206 15.03.06.23. This vulnerability affects the function check_param_changed of the file /goform/AdvSetMacMtuWa of the component HTTP Request Handler. Performing manipulation of the...Show more A vulnerability was found in Tenda AC1206 15.03.06.23. This vulnerability affects the function check_param_changed of the file /goform/AdvSetMacMtuWa of the component HTTP Request Handler. Performing manipulation of the argument wanMTU results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used.Show less
CVE-2025-57573 1Tenda 1F3 Firmware Sep 17, 2025 Sep 10, 2025 N/A· v4 5.6 MEDIUM· v3 N/A· v2 Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the wifiTimeClose parameter in goform/setWifi.
CVE-2025-57572 1Tenda 1F3 Firmware Sep 17, 2025 Sep 10, 2025 N/A· v4 5.6 MEDIUM· v3 N/A· v2 Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the onlineList parameter in goform/setParentControl.
CVE-2025-57571 1Tenda 1F3 Firmware Sep 17, 2025 Sep 10, 2025 N/A· v4 5.6 MEDIUM· v3 N/A· v2 Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow. via the macFilterList parameter in goform/setNAT.
CVE-2025-57570 1Tenda 1F3 Firmware Sep 17, 2025 Sep 10, 2025 N/A· v4 5.6 MEDIUM· v3 N/A· v2 Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the QosList parameter in goform/setQoS.
CVE-2025-57569 1Tenda 1F3 Firmware Sep 17, 2025 Sep 10, 2025 N/A· v4 5.6 MEDIUM· v3 N/A· v2 Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the portList parameter in /goform/setNAT.
CVE-2025-57060 1Tenda 1G3 Firmware Sep 17, 2025 Sep 9, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the rules parameter in the dns_forward_rule_store function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted r...Show more Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the rules parameter in the dns_forward_rule_store function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.Show less
CVE-2025-57086 1Tenda 1W30e Firmware Sep 17, 2025 Sep 9, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the String parameter in the formDeleteMeshNode function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted re...Show more Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the String parameter in the formDeleteMeshNode function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.Show less

Previous 1...202122...92 Next