Filtered by vendor Tenda
Subscribe
Total
1690 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-15216 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2026-01-02 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was identified in Tenda AC23 16.03.07.52. This impacts the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument bindnum leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
|
|||||
| CVE-2025-15215 | 1 Tenda | 2 Ac10u, Ac10u Firmware | 2026-01-02 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was determined in Tenda AC10U 15.03.06.48/15.03.06.49. This affects the function formSetPPTPUserList of the file /goform/setPptpUserList of the component HTTP POST Request Handler. This manipulation of the argument list causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
|
|||||
| CVE-2025-15253 | 1 Tenda | 2 M3, M3 Firmware | 2026-01-02 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability has been found in Tenda M3 1.0.0.13(4903). The impacted element is an unknown function of the file /goform/exeCommand. Such manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-15252 | 1 Tenda | 2 M3, M3 Firmware | 2026-01-02 | 9.0 HIGH | 8.8 HIGH |
|
A flaw has been found in Tenda M3 1.0.0.13(4903). The affected element is the function formSetRemoteDhcpForAp of the file /goform/setDhcpAP. This manipulation of the argument startip/endip/leasetime/gateway/dns1/dns2 causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used.
|
|||||
| CVE-2025-15232 | 1 Tenda | 2 M3, M3 Firmware | 2026-01-02 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was identified in Tenda M3 1.0.0.13(4903). This vulnerability affects the function formSetAdPushInfo of the file /goform/setAdPushInfo. The manipulation of the argument mac/terminal leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
|
|||||
| CVE-2025-67073 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2026-01-02 | N/A | 9.8 CRITICAL |
|
A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serviceName`) to /goform/AdvSetMacMtuWan.
|
|||||
| CVE-2025-67074 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2026-01-02 | N/A | 6.5 MEDIUM |
|
A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serverName`) to /goform/AdvSetMacMtuWan.
|
|||||
| CVE-2025-15356 | 1 Tenda | 2 Ac20, Ac20 Firmware | 2025-12-31 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability has been found in Tenda AC20 up to 16.03.08.12. The impacted element is the function sscanf of the file /goform/PowerSaveSet. The manipulation of the argument powerSavingEn/time/powerSaveDelay/ledCloseType leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-14992 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-12-31 | 9.0 HIGH | 8.8 HIGH |
|
A security vulnerability has been detected in Tenda AC18 15.03.05.05. The impacted element is the function strcpy of the file /goform/GetParentControlInfo of the component HTTP Request Handler. The manipulation of the argument mac leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
|
|||||
| CVE-2025-14993 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-12-31 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was detected in Tenda AC18 15.03.05.05. This affects the function sprintf of the file /goform/SetDlnaCfg of the component HTTP Request Handler. The manipulation of the argument scanList results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be used.
|
|||||
| CVE-2025-14995 | 1 Tenda | 2 Fh1201, Fh1201 Firmware | 2025-12-31 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability has been found in Tenda FH1201 1.2.0.14(408). Affected is the function sprintf of the file /goform/SetIpBind. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-14994 | 1 Tenda | 4 Fh1201, Fh1201 Firmware, Fh1206 and 1 more | 2025-12-31 | 9.0 HIGH | 8.8 HIGH |
|
A flaw has been found in Tenda FH1201 and FH1206 1.2.0.14(408)/1.2.0.8(8155). This impacts the function strcat of the file /goform/webtypelibrary of the component HTTP Request Handler. This manipulation of the argument webSiteId causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used.
|
|||||
| CVE-2025-9806 | 1 Tenda | 2 F1202, F1202 Firmware | 2025-12-31 | 0.8 LOW | 1.9 LOW |
|
A vulnerability was determined in Tenda F1202 1.2.0.9/1.2.0.14/1.2.0.20. Impacted is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation with the input Fireitup causes hard-coded credentials. The attack can only be executed locally. A high degree of complexity is needed for the attack. The exploitability is considered difficult. The exploit has been publicly disclosed and may be utilized.
|
|||||
| CVE-2025-15010 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2025-12-30 | 10.0 HIGH | 9.8 CRITICAL |
|
A vulnerability has been found in Tenda WH450 1.0.0.18. This issue affects some unknown processing of the file /goform/SafeUrlFilter. The manipulation of the argument page leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-15007 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2025-12-30 | 10.0 HIGH | 9.8 CRITICAL |
|
A security vulnerability has been detected in Tenda WH450 1.0.0.18. Affected by this issue is some unknown functionality of the file /goform/L7Im of the component HTTP Request Handler. Such manipulation of the argument page leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
|
|||||
| CVE-2025-15180 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2025-12-30 | 8.3 HIGH | 7.2 HIGH |
|
A vulnerability was identified in Tenda WH450 1.0.0.18. The affected element is an unknown function of the file /goform/webExcptypemanFilte of the component HTTP Request Handler. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit is publicly available and might be used.
|
|||||
| CVE-2025-15179 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2025-12-30 | 8.3 HIGH | 7.2 HIGH |
|
A vulnerability was determined in Tenda WH450 1.0.0.18. Impacted is an unknown function of the file /goform/qossetting. This manipulation of the argument page causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
|
|||||
| CVE-2025-15178 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2025-12-30 | 8.3 HIGH | 7.2 HIGH |
|
A vulnerability was found in Tenda WH450 1.0.0.18. This issue affects some unknown processing of the file /goform/VirtualSer of the component HTTP Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used.
|
|||||
| CVE-2025-15177 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2025-12-30 | 8.3 HIGH | 7.2 HIGH |
|
A vulnerability has been found in Tenda WH450 1.0.0.18. This vulnerability affects unknown code of the file /goform/SetIpBind of the component HTTP Request Handler. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-15163 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2025-12-30 | 8.3 HIGH | 7.2 HIGH |
|
A vulnerability was identified in Tenda WH450 1.0.0.18. Affected by this issue is some unknown functionality of the file /goform/SafeEmailFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
|
|||||
| CVE-2025-15160 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2025-12-30 | 8.3 HIGH | 7.2 HIGH |
|
A vulnerability has been found in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/PPTPServer. Such manipulation of the argument ip1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-15046 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2025-12-30 | 10.0 HIGH | 9.8 CRITICAL |
|
A vulnerability has been found in Tenda WH450 1.0.0.18. The impacted element is an unknown function of the file /goform/PPTPClient of the component HTTP Request Handler. Such manipulation of the argument netmsk leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-15045 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2025-12-30 | 10.0 HIGH | 9.8 CRITICAL |
|
A flaw has been found in Tenda WH450 1.0.0.18. The affected element is an unknown function of the file /goform/Natlimit of the component HTTP Request Handler. This manipulation of the argument page causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used.
|
|||||
| CVE-2025-15044 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2025-12-30 | 10.0 HIGH | 9.8 CRITICAL |
|
A vulnerability was detected in Tenda WH450 1.0.0.18. Impacted is an unknown function of the file /goform/NatStaticSetting. The manipulation of the argument page results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public and may be used.
|
|||||
| CVE-2025-14654 | 1 Tenda | 2 Ac20, Ac20 Firmware | 2025-12-19 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was identified in Tenda AC20 16.03.08.12. The affected element is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component httpd. Such manipulation of the argument list leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used.
|
|||||
| CVE-2025-14286 | 1 Tenda | 1 Ac9 Firmware | 2025-12-11 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability was determined in Tenda AC9 15.03.05.14_multi. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/DownloadCfg.jpg of the component Configuration File Handler. This manipulation causes information disclosure. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
|
|||||
| CVE-2025-65804 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2025-12-11 | N/A | 6.5 MEDIUM |
|
Tenda AX3 v16.03.12.11 contains a stack overflow in formSetIptv via the iptvType parameter, which can cause memory corruption and enable remote code execution (RCE).
|
|||||
| CVE-2023-39786 | 1 Tenda | 2 Ac8 Firmware, Ac8v4 | 2025-12-08 | N/A | 7.5 HIGH |
|
Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the sscanf function.
|
|||||
| CVE-2023-40897 | 1 Tenda | 2 Ac8 Firmware, Ac8v4 | 2025-12-08 | N/A | 9.8 CRITICAL |
|
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter mac at /goform/GetParentControlInfo.
|
|||||
| CVE-2023-40900 | 1 Tenda | 2 Ac8 Firmware, Ac8v4 | 2025-12-08 | N/A | 9.8 CRITICAL |
|
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list at /goform/SetNetControlList.
|
|||||
| CVE-2023-40892 | 1 Tenda | 2 Ac8 Firmware, Ac8v4 | 2025-12-08 | N/A | 9.8 CRITICAL |
|
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter schedStartTime and schedEndTime at /goform/openSchedWifi.
|
|||||
| CVE-2023-40894 | 1 Tenda | 2 Ac8 Firmware, Ac8v4 | 2025-12-08 | N/A | 9.8 CRITICAL |
|
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list at /goform/SetStaticRouteCfg.
|
|||||
| CVE-2023-40891 | 1 Tenda | 2 Ac8 Firmware, Ac8v4 | 2025-12-08 | N/A | 9.8 CRITICAL |
|
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter firewallEn at /goform/SetFirewallCfg.
|
|||||
| CVE-2023-40893 | 1 Tenda | 2 Ac8 Firmware, Ac8v4 | 2025-12-08 | N/A | 9.8 CRITICAL |
|
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter time at /goform/PowerSaveSet.
|
|||||
| CVE-2023-39785 | 1 Tenda | 2 Ac8 Firmware, Ac8v4 | 2025-12-08 | N/A | 7.5 HIGH |
|
Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the list parameter in the set_qosMib_list function.
|
|||||
| CVE-2023-40898 | 1 Tenda | 2 Ac8 Firmware, Ac8v4 | 2025-12-08 | N/A | 9.8 CRITICAL |
|
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter timeZone at /goform/SetSysTimeCfg.
|
|||||
| CVE-2023-39784 | 1 Tenda | 2 Ac8 Firmware, Ac8v4 | 2025-12-08 | N/A | 7.5 HIGH |
|
Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the list parameter in the save_virtualser_data function.
|
|||||
| CVE-2023-40896 | 1 Tenda | 2 Ac8 Firmware, Ac8v4 | 2025-12-08 | N/A | 9.8 CRITICAL |
|
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list and bindnum at /goform/SetIpMacBind.
|
|||||
| CVE-2023-40899 | 1 Tenda | 2 Ac8 Firmware, Ac8v4 | 2025-12-08 | N/A | 9.8 CRITICAL |
|
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceList at /goform/setMacFilterCfg.
|
|||||
| CVE-2023-40895 | 1 Tenda | 2 Ac8 Firmware, Ac8v4 | 2025-12-08 | N/A | 9.8 CRITICAL |
|
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list at /goform/SetVirtualServerCfg.
|
|||||