VYPR

Ac20

by Tenda

CVEs (20)

  • CVE-2025-9090MedAug 17, 2025
    risk 0.44cvss 6.3epss 0.14

    A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed…

  • CVE-2025-9091LowAug 17, 2025
    risk 0.16cvss 2.5epss 0.00

    A security flaw has been discovered in Tenda AC20 16.03.08.12. Affected by this vulnerability is an unknown functionality of the file /etc_ro/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an…

  • CVE-2025-15356Dec 30, 2025
    risk 0.00cvss epss 0.03

    A vulnerability has been found in Tenda AC20 up to 16.03.08.12. The impacted element is the function sscanf of the file /goform/PowerSaveSet. The manipulation of the argument powerSavingEn/time/powerSaveDelay/ledCloseType leads to buffer overflow. The attack can be initiated…

  • CVE-2025-14656Dec 14, 2025
    risk 0.00cvss epss 0.01

    A weakness has been identified in Tenda AC20 16.03.08.12. This affects the function httpd of the file /goform/openSchedWifi. Executing a manipulation of the argument schedStartTime/schedEndTime can lead to buffer overflow. The attack may be performed from remote. The exploit has…

  • CVE-2025-14655Dec 14, 2025
    risk 0.00cvss epss 0.03

    A security flaw has been discovered in Tenda AC20 16.03.08.12. The impacted element is the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg of the component httpd. Performing a manipulation of the argument rebootTime results in stack-based buffer overflow. The…

  • CVE-2025-14654Dec 14, 2025
    risk 0.00cvss epss 0.03

    A vulnerability was identified in Tenda AC20 16.03.08.12. The affected element is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component httpd. Such manipulation of the argument list leads to stack-based buffer overflow. The attack can be executed…

  • CVE-2025-13258Nov 17, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was detected in Tenda AC20 up to 16.03.08.12. The impacted element is an unknown function of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto results in buffer overflow. The attack can be launched remotely. The exploit is now public…

  • CVE-2025-11385Oct 7, 2025
    risk 0.00cvss epss 0.01

    A vulnerability has been found in Tenda AC20 up to 16.03.08.12. The affected element is the function sscanf of the file /goform/fast_setting_wifi_set. The manipulation of the argument timeZone leads to buffer overflow. The attack can be initiated remotely. The exploit has been…

  • CVE-2025-10815Sep 22, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Affected by this issue is the function strcpy of the file /goform/SetPptpServerCfg of the component HTTP POST Request Handler. Such manipulation of the argument startIp leads to buffer overflow. The attack can be…

  • CVE-2025-10120Sep 9, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was detected in Tenda AC20 up to 16.03.08.12. The impacted element is the function strcpy of the file /goform/GetParentControlInfo. The manipulation of the argument mac results in buffer overflow. The attack may be performed from remote. The exploit is now public…

  • CVE-2025-9791Sep 1, 2025
    risk 0.00cvss epss 0.01

    A weakness has been identified in Tenda AC20 16.03.08.05. This vulnerability affects unknown code of the file /goform/fromAdvSetMacMtuWan. This manipulation of the argument wanMTU causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has…

  • CVE-2025-9089Aug 16, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was determined in Tenda AC20 16.03.08.12. This issue affects the function sub_48E628 of the file /goform/SetIpMacBind. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed…

  • CVE-2025-9088Aug 16, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was found in Tenda AC20 16.03.08.12. This vulnerability affects the function save_virtualser_data of the file /goform/formSetVirtualSer. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit…

  • CVE-2025-9087Aug 16, 2025
    risk 0.00cvss epss 0.01

    A vulnerability has been found in Tenda AC20 16.03.08.12. This affects the function set_qosMib_list of the file /goform/SetNetControlList of the component SetNetControlList Endpoint. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to…

  • CVE-2025-9046Aug 15, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was identified in Tenda AC20 16.03.08.12. This issue affects the function sub_46A2AC of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been…

  • CVE-2025-8940Aug 14, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Affected by this vulnerability is the function strcpy of the file /goform/saveParentControlInfo. The manipulation of the argument Time leads to buffer overflow. The attack can be launched remotely. The exploit has…

  • CVE-2025-8939Aug 14, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was determined in Tenda AC20 up to 16.03.08.12. Affected is an unknown function of the file /goform/WifiGuestSet. The manipulation of the argument shareSpeed leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to…

  • CVE-2025-8810Aug 10, 2025
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical was found in Tenda AC20 16.03.08.05. Affected by this vulnerability is the function strcpy of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. The attack can be launched…

  • CVE-2025-8160Jul 25, 2025
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in Tenda AC20 up to 16.03.08.12. Affected is an unknown function of the file /goform/SetSysTimeCfg of the component httpd. The manipulation of the argument timeZone leads to buffer overflow. It is possible to launch the…

  • CVE-2025-8131Jul 25, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was found in Tenda AC20 16.03.08.05. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be…