Filtered by vendor Tenda
Subscribe
Total
1690 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-2994 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-04-07 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2.0.14(408). This affects an unknown part of the file /goform/qossetting of the component Web Management Interface. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-2989 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-04-07 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been declared as critical. This vulnerability affects unknown code of the file /goform/AdvSetWrl of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-2991 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-04-07 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability classified as critical has been found in Tenda FH1202 1.2.0.14(408). Affected is an unknown function of the file /goform/AdvSetWrlmacfilter of the component Web Management Interface. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-2990 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-04-07 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects some unknown processing of the file /goform/AdvSetWrlGstset of the component Web Management Interface. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-10697 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-04-05 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability has been found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac of the component API Endpoint. The manipulation of the argument mac leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-34942 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2025-04-04 | N/A | 8.8 HIGH |
|
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the funcpara1 parameter at ip/goform/exeCommand.
|
|||||
| CVE-2024-34943 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2025-04-04 | N/A | 9.8 CRITICAL |
|
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at ip/goform/NatStaticSetting.
|
|||||
| CVE-2024-34944 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2025-04-04 | N/A | 8.8 HIGH |
|
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the list1 parameter at ip/goform/DhcpListClient.
|
|||||
| CVE-2024-44386 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2025-04-04 | N/A | 7.3 HIGH |
|
Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerability via the function fromSetIpBind.
|
|||||
| CVE-2024-34945 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2025-04-04 | N/A | 9.8 CRITICAL |
|
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the PPW parameter at ip/goform/WizardHandle.
|
|||||
| CVE-2024-34946 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2025-04-04 | N/A | 6.5 MEDIUM |
|
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at ip/goform/DhcpListClient.
|
|||||
| CVE-2025-29137 | 1 Tenda | 2 Ac7, Ac7 Firmware | 2025-04-01 | N/A | 9.8 CRITICAL |
|
Tenda AC7 V1.0 V15.03.06.44 found a buffer overflow caused by the timeZone parameter in the form_fast_setting_wifi_set function, which can cause RCE.
|
|||||
| CVE-2025-29118 | 1 Tenda | 2 Ac8, Ac8 Firmware | 2025-04-01 | N/A | 6.5 MEDIUM |
|
Tenda AC8 V16.03.34.06 was discovered to contain a stack overflow via the src parameter in the function sub_47D878.
|
|||||
| CVE-2025-29100 | 1 Tenda | 2 Ac8, Ac8 Firmware | 2025-04-01 | N/A | 9.8 CRITICAL |
|
Tenda AC8 V16.03.34.06 is vulnerable to Buffer Overflow in the fromSetRouteStatic function via the parameter list.
|
|||||
| CVE-2025-29135 | 1 Tenda | 2 Ac7, Ac7 Firmware | 2025-04-01 | N/A | 9.8 CRITICAL |
|
A stack-based buffer overflow vulnerability in Tenda AC7 V15.03.06.44 allows a remote attacker to execute arbitrary code through a stack overflow attack using the security parameter of the formWifiBasicSet function.
|
|||||
| CVE-2025-29121 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-03-28 | N/A | 7.5 HIGH |
|
A vulnerability was found in Tenda AC6 V15.03.05.16. The vulnerability affects the functionality of the /goform/fast_setting_wifi_set file form_fast_setting_wifi_set. Using the timeZone parameter causes a stack-based buffer overflow.
|
|||||
| CVE-2024-46429 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-28 | N/A | 8.8 HIGH |
|
A hardcoded credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using a default guest account with administrative privileges.
|
|||||
| CVE-2023-24170 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-03-28 | N/A | 9.8 CRITICAL |
|
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/fromSetWirelessRepeat.
|
|||||
| CVE-2023-24169 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-03-28 | N/A | 9.8 CRITICAL |
|
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_0007343c.
|
|||||
| CVE-2023-24167 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-03-28 | N/A | 9.8 CRITICAL |
|
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/add_white_node.
|
|||||
| CVE-2023-24166 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-03-28 | N/A | 9.8 CRITICAL |
|
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/formWifiBasicSet.
|
|||||
| CVE-2023-24165 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-03-28 | N/A | 9.8 CRITICAL |
|
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/initIpAddrInfo.
|
|||||
| CVE-2023-24164 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-03-28 | N/A | 9.8 CRITICAL |
|
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_000c2318.
|
|||||
| CVE-2025-29149 | 1 Tenda | 2 I12, I12 Firmware | 2025-03-27 | N/A | 7.5 HIGH |
|
Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the ping1 parameter in the formSetAutoPing function.
|
|||||
| CVE-2024-44551 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2025-03-26 | N/A | 9.8 CRITICAL |
|
Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formGetIptv.
|
|||||
| CVE-2022-48130 | 1 Tenda | 2 W20e, W20e Firmware | 2025-03-26 | N/A | 9.8 CRITICAL |
|
Tenda W20E v15.11.0.6 was discovered to contain multiple stack overflows in the function formSetStaticRoute via the parameters staticRouteNet, staticRouteMask, staticRouteGateway, staticRouteWAN.
|
|||||
| CVE-2025-29218 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-26 | N/A | 6.5 MEDIUM |
|
Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow in the wifiPwd parameter at /goform/setModules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
|
|||||
| CVE-2024-46434 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-25 | N/A | 8.8 HIGH |
|
Tenda W18E V16.01.0.8(1625) suffers from authentication bypass in the web management portal allowing an unauthorized remote attacker to gain administrative access by sending a specially crafted HTTP request.
|
|||||
| CVE-2024-46433 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-25 | N/A | 8.8 HIGH |
|
A default credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using the default rzadmin account with administrative privileges.
|
|||||
| CVE-2024-46432 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-25 | N/A | 8.8 HIGH |
|
Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. An attacker can send a specially crafted HTTP POST request to the setQuickCfgWifiAndLogin function, which allows unauthorized changes to WiFi configuration settings and administrative credentials.
|
|||||
| CVE-2024-46431 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-25 | N/A | 8.0 HIGH |
|
Tenda W18E V16.01.0.8(1625) is vulnerable to Buffer Overflow. An attacker with access to the web management portal can exploit this vulnerability by sending specially crafted data to the delWewifiPic function.
|
|||||
| CVE-2024-46430 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-25 | N/A | 6.5 MEDIUM |
|
Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. Unauthorized password change via the web management portal allows an unauthenticated remote attacker to change the administrator password by sending a specially crafted HTTP POST request to the setLoginPassword function, bypassing the authentication mechanism.
|
|||||
| CVE-2024-46435 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-25 | N/A | 8.0 HIGH |
|
A stack overflow vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an authenticated remote attacker to cause a denial of service or potentially execute arbitrary code. This vulnerability occurs due to improper input validation when handling user-supplied data in the delFacebookPic function.
|
|||||
| CVE-2024-46436 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-25 | N/A | 8.3 HIGH |
|
Hardcoded credentials in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to gain root access to the device over the telnet service.
|
|||||
| CVE-2024-46437 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-25 | N/A | 6.5 MEDIUM |
|
A sensitive information disclosure vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an unauthenticated remote attacker to retrieve sensitive configuration information, including WiFi SSID, WiFi password, and base64-encoded administrator credentials, by sending a specially crafted HTTP POST request to the getQuickCfgWifiAndLogin function, bypassing authentication checks.
|
|||||
| CVE-2025-29217 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-25 | N/A | 6.5 MEDIUM |
|
Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow in the wifiSSID parameter at /goform/setModules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
|
|||||
| CVE-2025-29215 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2025-03-25 | N/A | 6.5 MEDIUM |
|
Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow via the sub_43fdcc function at /goform/SetNetControlList.
|
|||||
| CVE-2025-29214 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2025-03-25 | N/A | 7.5 HIGH |
|
Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow via the sub_42F69C function at /goform/setMacFilterCfg.
|
|||||
| CVE-2025-29101 | 1 Tenda | 2 Ac8, Ac8 Firmware | 2025-03-25 | N/A | 7.5 HIGH |
|
Tenda AC8V4.0 V16.03.34.06 was discovered to contain a stack overflow via the deviceid parameter in the get_parentControl_list_Info function.
|
|||||
| CVE-2024-42978 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2025-03-25 | N/A | 9.8 CRITICAL |
|
An issue in the handler function in /goform/telnet of Tenda FH1206 v02.03.01.35 allows attackers to execute arbitrary commands via a crafted HTTP request.
|
|||||