Total
2901 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-12212 | 1 Tenda | 2 O3, O3 Firmware1.0.0.10\(2478\) | 2026-02-24 | 9.0 HIGH | 8.8 HIGH |
|
A weakness has been identified in Tenda O3 1.0.0.10(2478). This affects the function SetValue/GetValue of the file /goform/setNetworkService. This manipulation of the argument upnpEn causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.
|
|||||
| CVE-2025-12211 | 1 Tenda | 2 O3, O3 Firmware1.0.0.10\(2478\) | 2026-02-24 | 9.0 HIGH | 8.8 HIGH |
|
A security flaw has been discovered in Tenda O3 1.0.0.10(2478). Affected by this issue is the function SetValue/GetValue of the file /goform/setDmzInfo. The manipulation of the argument dmzIP results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.
|
|||||
| CVE-2025-12209 | 1 Tenda | 2 O3, O3 Firmware1.0.0.10\(2478\) | 2026-02-24 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was determined in Tenda O3 1.0.0.10(2478). Affected is the function SetValue/GetValue of the file /goform/setDhcpConfig. Executing a manipulation of the argument dhcpEn can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
|
|||||
| CVE-2025-15255 | 1 Tenda | 2 W6-s, W6-s Firmware | 2026-02-24 | 10.0 HIGH | 9.8 CRITICAL |
|
A vulnerability was determined in Tenda W6-S 1.0.0.4(510). This impacts an unknown function of the file /bin/httpd of the component R7websSsecurityHandler. Executing a manipulation of the argument Cookie can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
|
|||||
| CVE-2025-15231 | 1 Tenda | 2 M3, M3 Firmware | 2026-02-24 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was determined in Tenda M3 1.0.0.13(4903). This affects the function formSetRemoteVlanInfo of the file /goform/setVlanInfo. Executing a manipulation of the argument ID/vlan/port can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
|
|||||
| CVE-2025-15164 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2026-02-24 | 8.3 HIGH | 7.2 HIGH |
|
A security flaw has been discovered in Tenda WH450 1.0.0.18. This affects an unknown part of the file /goform/SafeMacFilter. The manipulation of the argument page results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
|
|||||
| CVE-2025-15162 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2026-02-24 | 8.3 HIGH | 7.2 HIGH |
|
A vulnerability was determined in Tenda WH450 1.0.0.18. Affected by this vulnerability is an unknown functionality of the file /goform/RouteStatic. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
|
|||||
| CVE-2025-15161 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2026-02-24 | 8.3 HIGH | 7.2 HIGH |
|
A vulnerability was found in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/PPTPUserSetting. Performing a manipulation of the argument delno results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
|
|||||
| CVE-2025-15047 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2026-02-24 | 10.0 HIGH | 9.8 CRITICAL |
|
A vulnerability was found in Tenda WH450 1.0.0.18. This affects an unknown function of the file /goform/PPTPDClient of the component HTTP Request Handler. Performing a manipulation of the argument Username results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made public and could be used.
|
|||||
| CVE-2025-13445 | 1 Tenda | 2 Ac21, Ac21 Firmware | 2026-02-24 | 9.0 HIGH | 8.8 HIGH |
|
A flaw has been found in Tenda AC21 16.03.08.16. This affects an unknown part of the file /goform/SetIpMacBind. Executing a manipulation of the argument list can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been published and may be used.
|
|||||
| CVE-2025-11527 | 1 Tenda | 2 Ac7, Ac7 Firmware | 2026-02-24 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was determined in Tenda AC7 15.03.06.44. The impacted element is an unknown function of the file /goform/fast_setting_pppoe_set. Executing a manipulation of the argument Password can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
|
|||||
| CVE-2025-11526 | 1 Tenda | 2 Ac7, Ac7 Firmware | 2026-02-24 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was found in Tenda AC7 15.03.06.44. The affected element is an unknown function of the file /goform/WifiMacFilterSet. Performing a manipulation of the argument wifi_chkHz results in stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made public and could be used.
|
|||||
| CVE-2025-11389 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2026-02-24 | 9.0 HIGH | 8.8 HIGH |
|
A security flaw has been discovered in Tenda AC15 15.03.05.18. Affected is an unknown function of the file /goform/saveAutoQos. Performing a manipulation of the argument enable results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.
|
|||||
| CVE-2025-11326 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2026-02-24 | 9.0 HIGH | 8.8 HIGH |
|
A weakness has been identified in Tenda AC18 15.03.05.19(6318). This affects an unknown part of the file /goform/WifiMacFilterSet. Executing a manipulation of the argument wifi_chkHz can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.
|
|||||
| CVE-2025-11325 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2026-02-24 | 9.0 HIGH | 8.8 HIGH |
|
A security flaw has been discovered in Tenda AC18 15.03.05.19(6318). Affected by this issue is some unknown functionality of the file /goform/fast_setting_pppoe_set. Performing a manipulation of the argument Username results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.
|
|||||
| CVE-2025-15008 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2026-02-24 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was detected in Tenda WH450 1.0.0.18. This affects an unknown part of the file /goform/L7Port of the component HTTP Request Handler. Performing a manipulation of the argument page results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.
|
|||||
| CVE-2025-15006 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2026-02-24 | 10.0 HIGH | 9.8 CRITICAL |
|
A weakness has been identified in Tenda WH450 1.0.0.18. Affected by this vulnerability is an unknown functionality of the file /goform/CheckTools of the component HTTP Request Handler. This manipulation of the argument ipaddress causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.
|
|||||
| CVE-2025-14879 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2026-02-24 | 10.0 HIGH | 9.8 CRITICAL |
|
A weakness has been identified in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/onSSIDChange of the component HTTP Request Handler. This manipulation of the argument ssid_index causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.
|
|||||
| CVE-2025-14878 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2026-02-24 | 10.0 HIGH | 9.8 CRITICAL |
|
A security flaw has been discovered in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/wirelessRestart of the component HTTP Request Handler. The manipulation of the argument GO results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
|
|||||
| CVE-2025-14665 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2026-02-24 | 10.0 HIGH | 9.8 CRITICAL |
|
A security flaw has been discovered in Tenda WH450 1.0.0.18. Impacted is an unknown function of the file /goform/DhcpListClient of the component HTTP Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
|
|||||
| CVE-2025-14655 | 1 Tenda | 2 Ac20, Ac20 Firmware | 2026-02-24 | 9.0 HIGH | 8.8 HIGH |
|
A security flaw has been discovered in Tenda AC20 16.03.08.12. The impacted element is the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg of the component httpd. Performing a manipulation of the argument rebootTime results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.
|
|||||
| CVE-2026-2886 | 1 Tenda | 2 A21, A21 Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
|
A weakness has been identified in Tenda A21 1.0.0.0. This affects the function set_device_name of the file /goform/SetOnlineDevName. This manipulation of the argument devName causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.
|
|||||
| CVE-2026-2870 | 1 Tenda | 2 A21, A21 Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
|
A security flaw has been discovered in Tenda A21 1.0.0.0. Affected by this issue is the function set_qosMib_list of the file /goform/formSetQosBand. The manipulation of the argument list results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
|
|||||
| CVE-2026-2871 | 1 Tenda | 2 A21, A21 Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
|
A weakness has been identified in Tenda A21 1.0.0.0. This affects the function fromSetIpMacBind of the file /goform/SetIpMacBind. This manipulation of the argument list causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.
|
|||||
| CVE-2026-2872 | 1 Tenda | 2 A21, A21 Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
|
A security vulnerability has been detected in Tenda A21 1.0.0.0. This vulnerability affects the function set_device_name of the file /goform/setBlackRule of the component MAC Filtering Configuration Endpoint. Such manipulation of the argument devName/mac leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
|
|||||
| CVE-2026-2873 | 1 Tenda | 2 A21, A21 Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was detected in Tenda A21 1.0.0.0. This issue affects the function setSchedWifi of the file /goform/openSchedWifi. Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is now public and may be used.
|
|||||
| CVE-2026-2876 | 1 Tenda | 2 A18, A18 Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was determined in Tenda A18 15.13.07.13. This affects the function parse_macfilter_rule of the file /goform/setBlackRule. This manipulation of the argument deviceList causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
|
|||||
| CVE-2026-2853 | 1 Dlink | 2 Dwr-m960, Dwr-m960 Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was detected in D-Link DWR-M960 1.01.07. This affects the function sub_462E14 of the file /boafrm/formSysLog of the component System Log Configuration Endpoint. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.
|
|||||
| CVE-2026-2854 | 1 Dlink | 2 Dwr-m960, Dwr-m960 Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
|
A flaw has been found in D-Link DWR-M960 1.01.07. This impacts the function sub_4611CC of the file /boafrm/formNtp of the component NTP Configuration Endpoint. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used.
|
|||||
| CVE-2026-2855 | 1 Dlink | 2 Dwr-m960, Dwr-m960 Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability has been found in D-Link DWR-M960 1.01.07. Affected is the function sub_4648F0 of the file /boafrm/formDdns of the component DDNS Settings Handler. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2026-2856 | 1 Dlink | 2 Dwr-m960, Dwr-m960 Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was found in D-Link DWR-M960 1.01.07. Affected by this vulnerability is the function sub_424AFC of the file /boafrm/formFilter of the component Filter Configuration Endpoint. The manipulation of the argument submit-url results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used.
|
|||||
| CVE-2026-2857 | 1 Dlink | 2 Dwr-m960, Dwr-m960 Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was determined in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub_423E00 of the file /boafrm/formPortFw of the component Port Forwarding Configuration Endpoint. This manipulation of the argument submit-url causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
|
|||||
| CVE-2026-2881 | 1 Dlink | 2 Dwr-m960, Dwr-m960 Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability has been found in D-Link DWR-M960 1.01.07. This vulnerability affects the function sub_425FF8 of the file /boafrm/formFirewallAdv of the component Advanced Firewall Configuration Endpoint. Such manipulation of the argument submit-url leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2026-2905 | 1 Tenda | 2 Hg9, Hg9 Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was identified in Tenda HG9 300001138. This impacts an unknown function of the file /boaform/formWlanSetup of the component Wireless Configuration Endpoint. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used.
|
|||||
| CVE-2026-2906 | 1 Tenda | 2 Hg9, Hg9 Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
|
A security flaw has been discovered in Tenda HG9 300001138. Affected is an unknown function of the file /boaform/formSamba of the component Samba Configuration Endpoint. The manipulation of the argument sambaCap results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.
|
|||||
| CVE-2026-2907 | 1 Tenda | 2 Hg9, Hg9 Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
|
A weakness has been identified in Tenda HG9 300001138. Affected by this vulnerability is an unknown functionality of the file /boaform/formgponConf of the component GPON Configuration Endpoint. This manipulation of the argument fmgpon_loid/fmgpon_loid_password causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.
|
|||||
| CVE-2026-2908 | 1 Tenda | 2 Hg9, Hg9 Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
|
A security vulnerability has been detected in Tenda HG9 300001138. Affected by this issue is some unknown functionality of the file /boaform/formLoopBack of the component Loopback Detection Configuration Endpoint. Such manipulation of the argument Ethtype leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
|
|||||
| CVE-2026-2909 | 1 Tenda | 2 Hg9, Hg9 Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was detected in Tenda HG9 300001138. This affects an unknown part of the file /boaform/formPing of the component Diagnostic Ping Endpoint. Performing a manipulation of the argument pingAddr results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used.
|
|||||
| CVE-2026-2910 | 1 Tenda | 2 Hg9, Hg9 Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
|
A flaw has been found in Tenda HG9 300001138. This vulnerability affects unknown code of the file /boaform/formPing6. Executing a manipulation of the argument pingAddr can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used.
|
|||||
| CVE-2026-2930 | 1 Tenda | 2 A18, A18 Firmware | 2026-02-23 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was identified in Tenda A18 15.13.07.13. The affected element is the function webCgiGetUploadFile of the file /cgi-bin/UploadCfg of the component Httpd Service. Such manipulation of the argument boundary leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used.
|
|||||