AC6
by Tenda
CVEs (128)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-45647 | Hig | 0.49 | 7.5 | 0.01 | Dec 2, 2022 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the limitSpeed parameter in the formSetClientState function. | ||
| CVE-2022-45646 | Hig | 0.49 | 7.5 | 0.01 | Dec 2, 2022 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the limitSpeedUp parameter in the formSetClientState function. | ||
| CVE-2022-45645 | Hig | 0.49 | 7.5 | 0.01 | Dec 2, 2022 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceMac parameter in the addWifiMacFilter function. | ||
| CVE-2022-45644 | Hig | 0.49 | 7.5 | 0.01 | Dec 2, 2022 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceId parameter in the formSetClientState function. | ||
| CVE-2022-45643 | Hig | 0.49 | 7.5 | 0.01 | Dec 2, 2022 | Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceId parameter in the addWifiMacFilter function. | ||
| CVE-2022-45641 | Hig | 0.49 | 7.5 | 0.01 | Dec 2, 2022 | Tenda AC6V1.0 V15.03.05.19 is vulnerable to Buffer Overflow via formSetMacFilterCfg. | ||
| CVE-2022-45640 | Hig | 0.49 | 7.5 | 0.01 | Dec 1, 2022 | Tenda Tenda AC6V1.0 V15.03.05.19 is affected by buffer overflow. Causes a denial of service (local). | ||
| CVE-2020-28095 | Hig | 0.49 | 7.5 | 0.01 | Dec 30, 2020 | On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, a large HTTP POST request sent to the change password API will trigger the router to crash and enter an infinite boot loop. | ||
| CVE-2020-28094 | Hig | 0.49 | 7.5 | 0.01 | Dec 28, 2020 | On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, the default settings for the router speed test contain links to download malware named elive or CNKI E-Learning. | ||
| CVE-2025-50528 | Hig | 0.47 | 7.3 | 0.00 | Jun 27, 2025 | A buffer overflow vulnerability exists in the fromNatStaticSetting function of Tenda AC6 <=V15.03.05.19 via the page parameter. | ||
| CVE-2020-28093 | Hig | 0.47 | 7.2 | 0.01 | Dec 28, 2020 | On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, admin, support, user, and nobody have a password of 1234. | ||
| CVE-2024-10697 | Med | 0.43 | 6.3 | 0.26 | Nov 2, 2024 | A vulnerability has been found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac of the component API Endpoint. The manipulation of the argument mac leads to command injection. The… | ||
| CVE-2025-50641 | Med | 0.42 | 6.5 | 0.00 | Jul 1, 2025 | Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the addWifiMacFilter function via the parameter deviceId. | ||
| CVE-2025-44172 | Med | 0.42 | 6.5 | 0.00 | Jun 2, 2025 | Tenda AC6 V15.03.05.16 was discovered to contain a stack overflow via the time parameter in the setSmartPowerManagement function. | ||
| CVE-2025-25507 | Med | 0.42 | 6.5 | 0.00 | Feb 21, 2025 | There is a RCE vulnerability in Tenda AC6 15.03.05.16_multi. In the formexeCommand function, the parameter cmdinput will cause remote command execution. | ||
| CVE-2025-25505 | Med | 0.42 | 6.5 | 0.00 | Feb 21, 2025 | Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the sub_452A4 function. | ||
| CVE-2024-10280 | Med | 0.42 | 6.5 | 0.01 | Oct 23, 2024 | A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to… | ||
| CVE-2022-45674 | Med | 0.42 | 6.5 | 0.00 | Dec 2, 2022 | Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. | ||
| CVE-2022-45673 | Med | 0.42 | 6.5 | 0.00 | Dec 2, 2022 | Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet. | ||
| CVE-2026-8264 | Med | 0.41 | 6.3 | 0.03 | May 11, 2026 | A weakness has been identified in Tenda AC6 15.03.06.23. Affected by this vulnerability is the function formWifiApScan of the file /goform/WifiApScan of the component httpd. Executing a manipulation of the argument wl2g.public.country/wl5g.public.country can lead to os command… |
- risk 0.49cvss 7.5epss 0.01
Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the limitSpeed parameter in the formSetClientState function.
- risk 0.49cvss 7.5epss 0.01
Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the limitSpeedUp parameter in the formSetClientState function.
- risk 0.49cvss 7.5epss 0.01
Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceMac parameter in the addWifiMacFilter function.
- risk 0.49cvss 7.5epss 0.01
Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceId parameter in the formSetClientState function.
- risk 0.49cvss 7.5epss 0.01
Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceId parameter in the addWifiMacFilter function.
- risk 0.49cvss 7.5epss 0.01
Tenda AC6V1.0 V15.03.05.19 is vulnerable to Buffer Overflow via formSetMacFilterCfg.
- risk 0.49cvss 7.5epss 0.01
Tenda Tenda AC6V1.0 V15.03.05.19 is affected by buffer overflow. Causes a denial of service (local).
- risk 0.49cvss 7.5epss 0.01
On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, a large HTTP POST request sent to the change password API will trigger the router to crash and enter an infinite boot loop.
- risk 0.49cvss 7.5epss 0.01
On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, the default settings for the router speed test contain links to download malware named elive or CNKI E-Learning.
- risk 0.47cvss 7.3epss 0.00
A buffer overflow vulnerability exists in the fromNatStaticSetting function of Tenda AC6 <=V15.03.05.19 via the page parameter.
- risk 0.47cvss 7.2epss 0.01
On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, admin, support, user, and nobody have a password of 1234.
- risk 0.43cvss 6.3epss 0.26
A vulnerability has been found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac of the component API Endpoint. The manipulation of the argument mac leads to command injection. The…
- risk 0.42cvss 6.5epss 0.00
Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the addWifiMacFilter function via the parameter deviceId.
- risk 0.42cvss 6.5epss 0.00
Tenda AC6 V15.03.05.16 was discovered to contain a stack overflow via the time parameter in the setSmartPowerManagement function.
- risk 0.42cvss 6.5epss 0.00
There is a RCE vulnerability in Tenda AC6 15.03.05.16_multi. In the formexeCommand function, the parameter cmdinput will cause remote command execution.
- risk 0.42cvss 6.5epss 0.00
Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the sub_452A4 function.
- risk 0.42cvss 6.5epss 0.01
A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to…
- risk 0.42cvss 6.5epss 0.00
Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot.
- risk 0.42cvss 6.5epss 0.00
Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet.
- risk 0.41cvss 6.3epss 0.03
A weakness has been identified in Tenda AC6 15.03.06.23. Affected by this vulnerability is the function formWifiApScan of the file /goform/WifiApScan of the component httpd. Executing a manipulation of the argument wl2g.public.country/wl5g.public.country can lead to os command…
Page 5 of 7