Filtered by vendor Tenda
Subscribe
Total
1690 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45995 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2025-04-10 | N/A | 9.8 CRITICAL |
|
There is an unauthorized buffer overflow vulnerability in Tenda AX12 v22.03.01.21 _ cn. This vulnerability can cause the web service not to restart or even execute arbitrary code. It is a different vulnerability from CVE-2022-2414.
|
|||||
| CVE-2024-30891 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-04-10 | N/A | 8.8 HIGH |
|
A command injection vulnerability exists in /goform/exeCommand in Tenda AC18 v15.03.05.05, which allows attackers to construct cmdinput parameters for arbitrary command execution.
|
|||||
| CVE-2024-33835 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-04-10 | N/A | 9.8 CRITICAL |
|
Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the remoteIp parameter from formSetSafeWanWebMan function.
|
|||||
| CVE-2025-25676 | 1 Tenda | 2 I12, I12 Firmware | 2025-04-10 | N/A | 9.8 CRITICAL |
|
Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the list parameter in the formwrlSSIDset function.
|
|||||
| CVE-2025-25678 | 1 Tenda | 2 I12, I12 Firmware | 2025-04-10 | N/A | 9.8 CRITICAL |
|
Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the funcpara1 parameter in the formSetCfm function.
|
|||||
| CVE-2025-25679 | 1 Tenda | 2 I12, I12 Firmware | 2025-04-10 | N/A | 8.0 HIGH |
|
Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterSet function.
|
|||||
| CVE-2025-25505 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-04-10 | N/A | 6.5 MEDIUM |
|
Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the sub_452A4 function.
|
|||||
| CVE-2025-25507 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-04-10 | N/A | 6.5 MEDIUM |
|
There is a RCE vulnerability in Tenda AC6 15.03.05.16_multi. In the formexeCommand function, the parameter cmdinput will cause remote command execution.
|
|||||
| CVE-2025-25510 | 1 Tenda | 2 Ac8, Ac8 Firmware | 2025-04-10 | N/A | 6.5 MEDIUM |
|
Tenda AC8 V16.03.34.06 is vulnerable to Buffer Overflow in the get_parentControl_list_Info function.
|
|||||
| CVE-2025-1851 | 1 Tenda | 2 Ac7, Ac7 Firmware | 2025-04-10 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability, which was classified as critical, was found in Tenda AC7 up to 15.03.06.44. This affects the function formSetFirewallCfg of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-25632 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-04-09 | N/A | 9.8 CRITICAL |
|
Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet.
|
|||||
| CVE-2024-51116 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-04-09 | N/A | 8.8 HIGH |
|
Tenda AC6 v2.0 V15.03.06.50 was discovered to contain a buffer overflow in the function 'formSetPPTPServer'.
|
|||||
| CVE-2024-44859 | 1 Tenda | 2 Fh1201, Fh1201 Firmware | 2025-04-09 | N/A | 8.0 HIGH |
|
Tenda FH1201 v1.2.0.14 has a stack buffer overflow vulnerability in `formWrlExtraGet`.
|
|||||
| CVE-2025-22949 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2025-04-09 | N/A | 9.8 CRITICAL |
|
Tenda ac9 v1.0 firmware v15.03.05.19 is vulnerable to command injection in /goform/SetSambaCfg, which may lead to remote arbitrary code execution.
|
|||||
| CVE-2025-22946 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2025-04-09 | N/A | 9.8 CRITICAL |
|
Tenda ac9 v1.0 firmware v15.03.05.19 contains a stack overflow vulnerability in /goform/SetOnlineDevName, which may lead to remote arbitrary code execution.
|
|||||
| CVE-2024-57483 | 1 Tenda | 2 I24, I24 Firmware | 2025-04-09 | N/A | 9.8 CRITICAL |
|
Tenda i24 V2.0.0.5 is vulnerable to Buffer Overflow in the addWifiMacFilter function.
|
|||||
| CVE-2025-3161 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-04-09 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. This issue affects the function ShutdownSetAdd of the file /goform/ShutdownSetAdd. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-32282 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-04-09 | N/A | 6.3 MEDIUM |
|
Tenda FH1202 v1.2.0.14(408) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter.
|
|||||
| CVE-2024-32302 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-04-09 | N/A | 6.3 MEDIUM |
|
Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability via the PPW parameter in the fromWizardHandle function.
|
|||||
| CVE-2024-32315 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-04-09 | N/A | 4.7 MEDIUM |
|
Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting function.
|
|||||
| CVE-2023-46060 | 1 Tenda | 2 Ac500, Ac500 Firmware | 2025-04-09 | N/A | 7.5 HIGH |
|
A Buffer Overflow vulnerability in Tenda AC500 v.2.0.1.9 allows a remote attacker to cause a denial of service via the port parameter at the goform/setVlanInfo component.
|
|||||
| CVE-2024-32305 | 1 Tenda | 2 A18, A18 Firmware | 2025-04-09 | N/A | 8.8 HIGH |
|
Tenda A18 v15.03.05.05 firmware has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function.
|
|||||
| CVE-2024-35340 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2025-04-09 | N/A | 8.6 HIGH |
|
Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command injection vulnerability via the cmdinput parameter at ip/goform/formexeCommand.
|
|||||
| CVE-2024-35339 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2025-04-09 | N/A | 9.8 CRITICAL |
|
Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command injection vulnerability via the mac parameter at ip/goform/WriteFacMac.
|
|||||
| CVE-2024-30645 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-04-08 | N/A | 8.0 HIGH |
|
Tenda AC15V1.0 V15.03.20_multi has a command injection vulnerability via the deviceName parameter.
|
|||||
| CVE-2024-30613 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-04-08 | N/A | 4.3 MEDIUM |
|
Tenda AC15 v15.03.05.18 has a stack overflow vulnerability in the time parameter from the setSmartPowerManagement function.
|
|||||
| CVE-2025-2993 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-04-08 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). Affected by this issue is some unknown functionality of the file /default.cfg. The manipulation of the argument these leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-3167 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2025-04-08 | 6.8 MEDIUM | 6.5 MEDIUM |
|
A vulnerability, which was classified as problematic, has been found in Tenda AC23 16.03.07.52. This issue affects some unknown processing of the file /goform/VerAPIMant of the component API Interface. The manipulation of the argument getuid leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-3203 | 1 Tenda | 2 W18e, W18e Firmware | 2025-04-08 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability classified as problematic was found in Tenda W18E 16.01.0.11. Affected by this vulnerability is the function formSetAccountList of the file /goform/setModules. The manipulation of the argument Password leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-2995 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-04-08 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. This vulnerability affects unknown code of the file /goform/SysToolChangePwd of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-2996 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-04-08 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability was found in Tenda FH1202 1.2.0.14(408) and classified as critical. This issue affects some unknown processing of the file /goform/SysToolDDNS of the component Web Management Interface. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-52788 | 1 Tenda | 2 W9, W9 Firmware | 2025-04-07 | N/A | 8.0 HIGH |
|
Tenda W9 v1.0.0.7(4456) was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root.
|
|||||
| CVE-2024-52789 | 1 Tenda | 2 W30e, W30e Firmware | 2025-04-07 | N/A | 8.0 HIGH |
|
Tenda W30E v2.0 V16.01.0.8 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root.
|
|||||
| CVE-2025-3259 | 1 Tenda | 2 Rx3, Rx3 Firmware | 2025-04-07 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability, which was classified as critical, has been found in Tenda RX3 16.03.13.11. This issue affects the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-3328 | 1 Tenda | 2 Ac1206, Ac1206 Firmware | 2025-04-07 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was found in Tenda AC1206 15.03.06.23. It has been classified as critical. Affected is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid/timeZone leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
|
|||||
| CVE-2024-40417 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2025-04-07 | N/A | 6.5 MEDIUM |
|
A vulnerability was found in Tenda AX1806 1.0.0.1. Affected by this issue is the function formSetRebootTimer of the file /goform/SetIpMacBind. The manipulation of the argument list leads to stack-based buffer overflow.
|
|||||
| CVE-2024-33181 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-04-07 | N/A | 8.8 HIGH |
|
Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceMac parameter at ip/goform/addWifiMacFilter.
|
|||||
| CVE-2024-41492 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2025-04-07 | N/A | 7.5 HIGH |
|
A stack overflow in Tenda AX1806 v1.0.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.
|
|||||
| CVE-2024-41630 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-04-07 | N/A | 7.6 HIGH |
|
Stack-based buffer overflow vulnerability in Tenda AC18 V15.03.3.10_EN allows a remote attacker to execute arbitrary code via the ssid parameter at ip/goform/fast_setting_wifi_set.
|
|||||
| CVE-2025-2992 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-04-07 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability classified as critical was found in Tenda FH1202 1.2.0.14(408). Affected by this vulnerability is an unknown functionality of the file /goform/AdvSetWrlsafeset of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||