VYPR

AC9

by Tenda

CVEs (104)

  • CVE-2018-14558CriKEVOct 30, 2018
    risk 0.76cvss 9.8epss 0.09

    An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute…

  • CVE-2022-25414CriFeb 24, 2022
    risk 0.65cvss 9.8epss 0.10

    Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the parameter NPTR.

  • CVE-2025-45042CriMay 5, 2025
    risk 0.64cvss 9.8epss 0.02

    Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet function.

  • CVE-2025-44877CriMay 2, 2025
    risk 0.64cvss 9.8epss 0.02

    Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSambaConf function via the usbname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

  • CVE-2025-44872CriMay 2, 2025
    risk 0.64cvss 9.8epss 0.02

    Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via the deviceName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

  • CVE-2025-45429CriApr 23, 2025
    risk 0.64cvss 9.8epss 0.01

    In the Tenda ac9 v1.0 router with firmware V15.03.05.14_multi, there is a stack overflow vulnerability in /goform/WifiWpsStart, which may lead to remote arbitrary code execution.

  • CVE-2025-45428CriApr 23, 2025
    risk 0.64cvss 9.8epss 0.01

    In Tenda ac9 v1.0 with firmware V15.03.05.14_multi, the rebootTime parameter of /goform/SetSysAutoRebbotCfg has a stack overflow vulnerability, which can lead to remote arbitrary code execution.

  • CVE-2025-45427CriApr 23, 2025
    risk 0.64cvss 9.8epss 0.01

    In Tenda AC9 v1.0 with firmware V15.03.05.14_multi, the security parameter of /goform/WifiBasicSet has a stack overflow vulnerability, which can lead to remote arbitrary code execution.

  • CVE-2025-29386CriMar 14, 2025
    risk 0.64cvss 9.8epss 0.01

    In Tenda AC9 v1.0 V15.03.05.14_multi, the mac parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.

  • CVE-2025-29385CriMar 14, 2025
    risk 0.64cvss 9.8epss 0.01

    In Tenda AC9 v1.0 V15.03.05.14_multi, the cloneType parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.

  • CVE-2025-29384CriMar 14, 2025
    risk 0.64cvss 9.8epss 0.02

    In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.

  • CVE-2025-22949CriJan 10, 2025
    risk 0.64cvss 9.8epss 0.02

    Tenda ac9 v1.0 firmware v15.03.05.19 is vulnerable to command injection in /goform/SetSambaCfg, which may lead to remote arbitrary code execution.

  • CVE-2025-22946CriJan 10, 2025
    risk 0.64cvss 9.8epss 0.01

    Tenda ac9 v1.0 firmware v15.03.05.19 contains a stack overflow vulnerability in /goform/SetOnlineDevName, which may lead to remote arbitrary code execution.

  • CVE-2024-42634CriAug 16, 2024
    risk 0.64cvss 9.8epss 0.02

    A Command Injection vulnerability exists in formWriteFacMac of the httpd binary in Tenda AC9 v15.03.06.42. As a result, attacker can execute OS commands with root privileges.

  • CVE-2024-25751CriFeb 26, 2024
    risk 0.64cvss 9.8epss 0.01

    A Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the fromSetSysTime function.

  • CVE-2024-24543CriFeb 5, 2024
    risk 0.64cvss 9.8epss 0.01

    Buffer Overflow vulnerability in the function setSchedWifi in Tenda AC9 v.3.0, firmware version v.15.03.06.42_multi allows a remote attacker to cause a denial of service or run arbitrary code via crafted overflow data.

  • CVE-2023-38823CriNov 20, 2023
    risk 0.64cvss 9.8epss 0.01

    Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 and v.1.0 allows a remote attacker to execute arbitrary code via the formSetCfm function in bin/httpd.

  • CVE-2023-40942CriSep 7, 2023
    risk 0.64cvss 9.8epss 0.01

    Tenda AC9 V3.0BR_V15.03.06.42_multi_TD01 was discovered stack overflow via parameter 'firewall_value' at url /goform/SetFirewallCfg.

  • CVE-2023-41563CriAug 30, 2023
    risk 0.64cvss 9.8epss 0.01

    Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter mac at url /goform/GetParentControlInfo.

  • CVE-2023-41562CriAug 30, 2023
    risk 0.64cvss 9.8epss 0.01

    Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter time at url /goform/PowerSaveSet.

Page 1 of 6