Total
35 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3186 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2025-07-07 | 4.3 MEDIUM | 5.4 MEDIUM |
|
A Stored Cross-site scripting (XSS) vulnerability in /main.html Wifi Settings in Tenda AC5 AC1200 version V15.03.06.47_multi allows remote attackers to inject arbitrary web script or HTML via the Wifi Name parameter.
|
|||||
| CVE-2025-6886 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2025-07-01 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability has been found in Tenda AC5 15.03.06.47 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-6887 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2025-07-01 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was found in Tenda AC5 15.03.06.47 and classified as critical. Affected by this issue is some unknown functionality of the file /goform/SetSysTimeCfg. The manipulation of the argument time/timeZone leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-5794 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2025-06-09 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability, which was classified as critical, has been found in Tenda AC5 15.03.06.47. Affected by this issue is the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-5795 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2025-06-09 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability, which was classified as critical, was found in Tenda AC5 1.0/15.03.06.47. This affects the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-5863 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2025-06-09 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was found in Tenda AC5 15.03.06.47. It has been classified as critical. Affected is the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2023-25212 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2025-02-13 | N/A | 9.8 CRITICAL |
|
Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the fromSetWirelessRepeat function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.
|
|||||
| CVE-2023-25211 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2025-02-13 | N/A | 9.8 CRITICAL |
|
Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the R7WebsSecurityHandler function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.
|
|||||
| CVE-2023-25210 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2025-02-13 | N/A | 9.8 CRITICAL |
|
Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the fromSetSysTime function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.
|
|||||
| CVE-2023-25213 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2025-02-12 | N/A | 9.8 CRITICAL |
|
Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the check_param_changed function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.
|
|||||
| CVE-2023-25220 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2025-02-12 | N/A | 9.8 CRITICAL |
|
Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the add_white_node function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.
|
|||||
| CVE-2023-25219 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2025-02-12 | N/A | 9.8 CRITICAL |
|
Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the fromDhcpListClient function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.
|
|||||
| CVE-2023-25218 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2025-02-12 | N/A | 9.8 CRITICAL |
|
Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the form_fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.
|
|||||
| CVE-2023-25217 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2025-02-12 | N/A | 9.8 CRITICAL |
|
Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the formWifiBasicSet function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.
|
|||||
| CVE-2023-25216 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2025-02-12 | N/A | 9.8 CRITICAL |
|
Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the formSetFirewallCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.
|
|||||
| CVE-2023-25215 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2025-02-12 | N/A | 9.8 CRITICAL |
|
Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the saveParentControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.
|
|||||
| CVE-2023-25214 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2025-02-12 | N/A | 9.8 CRITICAL |
|
Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the setSchedWifi function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.
|
|||||
| CVE-2023-30368 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2025-02-04 | N/A | 9.8 CRITICAL |
|
Tenda AC5 V15.03.06.28 is vulnerable to Buffer Overflow via the initWebs function.
|
|||||
| CVE-2023-31587 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2025-01-27 | N/A | 9.8 CRITICAL |
|
Tenda AC5 router V15.03.06.28 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at ip/goform/WriteFacMac.
|
|||||
| CVE-2023-41563 | 1 Tenda | 4 Ac5, Ac5 Firmware, Ac9 and 1 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter mac at url /goform/GetParentControlInfo.
|
|||||
| CVE-2023-41562 | 1 Tenda | 6 Ac5, Ac5 Firmware, Ac7 and 3 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter time at url /goform/PowerSaveSet.
|
|||||
| CVE-2023-41561 | 1 Tenda | 4 Ac5, Ac5 Firmware, Ac9 and 1 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter startIp and endIp at url /goform/SetPptpServerCfg.
|
|||||
| CVE-2023-41559 | 1 Tenda | 6 Ac5, Ac5 Firmware, Ac7 and 3 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter page at url /goform/NatStaticSetting.
|
|||||
| CVE-2023-41557 | 1 Tenda | 4 Ac5, Ac5 Firmware, Ac7 and 1 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Tenda AC7 V1.0 V15.03.06.44 and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter entrys and mitInterface at url /goform/addressNat.
|
|||||
| CVE-2023-41556 | 1 Tenda | 6 Ac5, Ac5 Firmware, Ac7 and 3 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter list at url /goform/SetIpMacBind.
|
|||||
| CVE-2023-41553 | 1 Tenda | 4 Ac5, Ac5 Firmware, Ac9 and 1 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter list at url /goform/SetStaticRouteCfg.
|
|||||
| CVE-2023-38937 | 1 Tenda | 14 Ac10, Ac10 Firmware, Ac1206 and 11 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, AC9 V3.0 V15.03.06.42_multi and AC10 v4.0 V16.03.10.13 were discovered to contain a stack overflow via the list parameter in the formSetVirtualSer function.
|
|||||
| CVE-2023-38936 | 1 Tenda | 18 Ac10, Ac10 Firmware, Ac1206 and 15 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6, AC9 V3.0 V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function.
|
|||||
| CVE-2023-38935 | 1 Tenda | 10 Ac10, Ac10 Firmware, Ac1206 and 7 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Tenda AC1206 V15.03.06.23, AC8 V4 V16.03.34.06, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and AC9 V3.0 V15.03.06.42_multi were discovered to contain a tack overflow via the list parameter in the formSetQosBand function.
|
|||||
| CVE-2023-38933 | 1 Tenda | 18 Ac10, Ac10 Firmware, Ac1206 and 15 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6 and AC9 V3.0 V15.03.06.42_multi, and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function.
|
|||||
| CVE-2023-38931 | 1 Tenda | 16 Ac10, Ac10 Firmware, Ac1206 and 13 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and FH1203 V2.0.1.6 were discovered to contain a stack overflow via the list parameter in the setaccount function.
|
|||||
| CVE-2023-38930 | 1 Tenda | 10 Ac5, Ac5 Firmware, Ac7 and 7 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Tenda AC7 V1.0,V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0,V15.03.06.28, AC9 V3.0,V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function.
|
|||||
| CVE-2023-37717 | 1 Tenda | 14 Ac10, Ac10 Firmware, Ac1206 and 11 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromDhcpListClient.
|
|||||
| CVE-2023-37716 | 1 Tenda | 14 Ac10, Ac10 Firmware, Ac1206 and 11 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromNatStaticSetting.
|
|||||
| CVE-2021-44971 | 1 Tenda | 4 Ac15, Ac15 Firmware, Ac5 and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Multiple Tenda devices are affected by authentication bypass, such as AC15V1.0 Firmware V15.03.05.20_multi?AC5V1.0 Firmware V15.03.06.48_multi and so on. an attacker can obtain sensitive information, and even combine it with authenticated command injection to implement RCE.
|
|||||