Total
44 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-15234 | 1 Tenda | 2 M3, M3 Firmware | 2026-02-24 | 9.0 HIGH | 8.8 HIGH |
|
A weakness has been identified in Tenda M3 1.0.0.13(4903). Impacted is the function formSetRemoteInternetLanInfo of the file /goform/setInternetLanInfo. This manipulation of the argument portIp/portMask/portGateWay/portDns/portSecDns causes heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.
|
|||||
| CVE-2025-15233 | 1 Tenda | 2 M3, M3 Firmware | 2026-02-24 | 9.0 HIGH | 8.8 HIGH |
|
A security flaw has been discovered in Tenda M3 1.0.0.13(4903). This issue affects the function formSetAdInfoDetails of the file /goform/setAdInfoDetail. The manipulation of the argument adName/smsPassword/smsAccount/weixinAccount/weixinName/smsSignature/adRedirectUrl/adCopyRight/smsContent/adItemUID results in heap-based buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
|
|||||
| CVE-2025-15231 | 1 Tenda | 2 M3, M3 Firmware | 2026-02-24 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was determined in Tenda M3 1.0.0.13(4903). This affects the function formSetRemoteVlanInfo of the file /goform/setVlanInfo. Executing a manipulation of the argument ID/vlan/port can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
|
|||||
| CVE-2025-15230 | 1 Tenda | 2 M3, M3 Firmware | 2026-02-24 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was found in Tenda M3 1.0.0.13(4903). Affected by this issue is the function formSetVlanPolicy of the file /goform/setVlanPolicyData. Performing a manipulation of the argument qvlan_truck_port results in heap-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
|
|||||
| CVE-2025-15253 | 1 Tenda | 2 M3, M3 Firmware | 2026-01-02 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability has been found in Tenda M3 1.0.0.13(4903). The impacted element is an unknown function of the file /goform/exeCommand. Such manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-15252 | 1 Tenda | 2 M3, M3 Firmware | 2026-01-02 | 9.0 HIGH | 8.8 HIGH |
|
A flaw has been found in Tenda M3 1.0.0.13(4903). The affected element is the function formSetRemoteDhcpForAp of the file /goform/setDhcpAP. This manipulation of the argument startip/endip/leasetime/gateway/dns1/dns2 causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used.
|
|||||
| CVE-2025-15232 | 1 Tenda | 2 M3, M3 Firmware | 2026-01-02 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was identified in Tenda M3 1.0.0.13(4903). This vulnerability affects the function formSetAdPushInfo of the file /goform/setAdPushInfo. The manipulation of the argument mac/terminal leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
|
|||||
| CVE-2025-9299 | 1 Tenda | 2 M3, M3 Firmware | 2025-08-25 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability has been found in Tenda M3 1.0.0.12. Affected by this vulnerability is the function formGetMasterPassengerAnalyseData of the file /goform/getMasterPassengerAnalyseData. The manipulation of the argument Time leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-9298 | 1 Tenda | 2 M3, M3 Firmware | 2025-08-25 | 9.0 HIGH | 8.8 HIGH |
|
A flaw has been found in Tenda M3 1.0.0.12. Affected is the function formQuickIndex of the file /goform/QuickIndex. Executing manipulation of the argument PPPOEPassword can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used.
|
|||||
| CVE-2023-51095 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function formDelWlRfPolicy.
|
|||||
| CVE-2023-51094 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Tenda M3 V1.0.0.12(4856) was discovered to contain a Command Execution vulnerability via the function TendaTelnet.
|
|||||
| CVE-2023-51093 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function fromSetLocalVlanInfo.
|
|||||
| CVE-2023-51092 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function upgrade.
|
|||||
| CVE-2023-51091 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function R7WebsSecurityHandler.
|
|||||
| CVE-2023-51090 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function formGetWeiXinConfig.
|
|||||
| CVE-2022-38571 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
|
Tenda M3 V1.0.0.12(4856) was discovered to contain a buffer overflow in the function formSetGuideListItem.
|
|||||
| CVE-2022-38570 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
|
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow in the function formDelPushedAd. This vulnerability allows attackers to cause a Denial of Service (DoS) via the adPushUID parameter.
|
|||||
| CVE-2022-38569 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
|
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow in the function formDelAd.
|
|||||
| CVE-2022-38568 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
|
Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability allows attackers to cause a Denial of Service (DoS) via the hostname parameter.
|
|||||
| CVE-2022-38567 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
|
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow vulnerability in the function formSetAdConfigInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the authIPs parameter.
|
|||||
| CVE-2022-38566 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
|
Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formEmailTest. This vulnerability allows attackers to cause a Denial of Service (DoS) via the mailname parameter.
|
|||||
| CVE-2022-38565 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
|
Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formEmailTest. This vulnerability allows attackers to cause a Denial of Service (DoS) via the mailpwd parameter.
|
|||||
| CVE-2022-38564 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
|
Tenda M3 V1.0.0.12(4856) was discovered to contain a buffer overflow vulnerability in the function formSetPicListItem. This vulnerability allows attackers to cause a Denial of Service (DoS) via the adItemUID parameter.
|
|||||
| CVE-2022-38563 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
|
Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability allows attackers to cause a Denial of Service (DoS) via the MACAddr parameter.
|
|||||
| CVE-2022-38562 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
|
Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability allows attackers to cause a Denial of Service (DoS) via the lan parameter.
|
|||||
| CVE-2022-32043 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAccessCodeInfo.
|
|||||
| CVE-2022-32041 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formGetPassengerAnalyseData.
|
|||||
| CVE-2022-32040 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetCfm.
|
|||||
| CVE-2022-32039 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the listN parameter in the function fromDhcpListClient.
|
|||||
| CVE-2022-32037 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAPCfg.
|
|||||
| CVE-2022-32036 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Tenda M3 V1.0.0.12 was discovered to contain multiple stack overflow vulnerabilities via the ssidList, storeName, and trademark parameters in the function formSetStoreWeb.
|
|||||
| CVE-2022-32035 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formMasterMng.
|
|||||
| CVE-2022-32034 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the items parameter in the function formdelMasteraclist.
|
|||||
| CVE-2022-27083 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadAccessCodePic.
|
|||||
| CVE-2022-27082 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetInternetLanInfo.
|
|||||
| CVE-2022-27081 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetLanInfo.
|
|||||
| CVE-2022-27080 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setWorkmode.
|
|||||
| CVE-2022-27079 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setPicListItem.
|
|||||
| CVE-2022-27078 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setAdInfoDetail.
|
|||||
| CVE-2022-27077 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadWeiXinPic.
|
|||||