AC9
by Tenda
CVEs (104)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-14558 | Cri | 0.76 | 9.8 | 0.09 | KEV | Oct 30, 2018 | An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute… | |
| CVE-2022-25414 | Cri | 0.65 | 9.8 | 0.10 | Feb 24, 2022 | Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the parameter NPTR. | ||
| CVE-2025-45042 | Cri | 0.64 | 9.8 | 0.02 | May 5, 2025 | Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet function. | ||
| CVE-2025-44877 | Cri | 0.64 | 9.8 | 0.02 | May 2, 2025 | Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSambaConf function via the usbname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||
| CVE-2025-44872 | Cri | 0.64 | 9.8 | 0.02 | May 2, 2025 | Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via the deviceName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||
| CVE-2025-45429 | Cri | 0.64 | 9.8 | 0.01 | Apr 23, 2025 | In the Tenda ac9 v1.0 router with firmware V15.03.05.14_multi, there is a stack overflow vulnerability in /goform/WifiWpsStart, which may lead to remote arbitrary code execution. | ||
| CVE-2025-45428 | Cri | 0.64 | 9.8 | 0.01 | Apr 23, 2025 | In Tenda ac9 v1.0 with firmware V15.03.05.14_multi, the rebootTime parameter of /goform/SetSysAutoRebbotCfg has a stack overflow vulnerability, which can lead to remote arbitrary code execution. | ||
| CVE-2025-45427 | Cri | 0.64 | 9.8 | 0.01 | Apr 23, 2025 | In Tenda AC9 v1.0 with firmware V15.03.05.14_multi, the security parameter of /goform/WifiBasicSet has a stack overflow vulnerability, which can lead to remote arbitrary code execution. | ||
| CVE-2025-29386 | Cri | 0.64 | 9.8 | 0.01 | Mar 14, 2025 | In Tenda AC9 v1.0 V15.03.05.14_multi, the mac parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. | ||
| CVE-2025-29385 | Cri | 0.64 | 9.8 | 0.01 | Mar 14, 2025 | In Tenda AC9 v1.0 V15.03.05.14_multi, the cloneType parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. | ||
| CVE-2025-29384 | Cri | 0.64 | 9.8 | 0.02 | Mar 14, 2025 | In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. | ||
| CVE-2025-22949 | Cri | 0.64 | 9.8 | 0.02 | Jan 10, 2025 | Tenda ac9 v1.0 firmware v15.03.05.19 is vulnerable to command injection in /goform/SetSambaCfg, which may lead to remote arbitrary code execution. | ||
| CVE-2025-22946 | Cri | 0.64 | 9.8 | 0.01 | Jan 10, 2025 | Tenda ac9 v1.0 firmware v15.03.05.19 contains a stack overflow vulnerability in /goform/SetOnlineDevName, which may lead to remote arbitrary code execution. | ||
| CVE-2024-42634 | Cri | 0.64 | 9.8 | 0.02 | Aug 16, 2024 | A Command Injection vulnerability exists in formWriteFacMac of the httpd binary in Tenda AC9 v15.03.06.42. As a result, attacker can execute OS commands with root privileges. | ||
| CVE-2024-25751 | Cri | 0.64 | 9.8 | 0.01 | Feb 26, 2024 | A Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the fromSetSysTime function. | ||
| CVE-2024-24543 | Cri | 0.64 | 9.8 | 0.01 | Feb 5, 2024 | Buffer Overflow vulnerability in the function setSchedWifi in Tenda AC9 v.3.0, firmware version v.15.03.06.42_multi allows a remote attacker to cause a denial of service or run arbitrary code via crafted overflow data. | ||
| CVE-2023-38823 | Cri | 0.64 | 9.8 | 0.01 | Nov 20, 2023 | Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 and v.1.0 allows a remote attacker to execute arbitrary code via the formSetCfm function in bin/httpd. | ||
| CVE-2023-40942 | Cri | 0.64 | 9.8 | 0.01 | Sep 7, 2023 | Tenda AC9 V3.0BR_V15.03.06.42_multi_TD01 was discovered stack overflow via parameter 'firewall_value' at url /goform/SetFirewallCfg. | ||
| CVE-2023-41563 | Cri | 0.64 | 9.8 | 0.01 | Aug 30, 2023 | Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter mac at url /goform/GetParentControlInfo. | ||
| CVE-2023-41562 | Cri | 0.64 | 9.8 | 0.01 | Aug 30, 2023 | Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter time at url /goform/PowerSaveSet. |
- risk 0.76cvss 9.8epss 0.09
An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute…
- risk 0.65cvss 9.8epss 0.10
Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the parameter NPTR.
- risk 0.64cvss 9.8epss 0.02
Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet function.
- risk 0.64cvss 9.8epss 0.02
Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSambaConf function via the usbname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
- risk 0.64cvss 9.8epss 0.02
Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via the deviceName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
- risk 0.64cvss 9.8epss 0.01
In the Tenda ac9 v1.0 router with firmware V15.03.05.14_multi, there is a stack overflow vulnerability in /goform/WifiWpsStart, which may lead to remote arbitrary code execution.
- risk 0.64cvss 9.8epss 0.01
In Tenda ac9 v1.0 with firmware V15.03.05.14_multi, the rebootTime parameter of /goform/SetSysAutoRebbotCfg has a stack overflow vulnerability, which can lead to remote arbitrary code execution.
- risk 0.64cvss 9.8epss 0.01
In Tenda AC9 v1.0 with firmware V15.03.05.14_multi, the security parameter of /goform/WifiBasicSet has a stack overflow vulnerability, which can lead to remote arbitrary code execution.
- risk 0.64cvss 9.8epss 0.01
In Tenda AC9 v1.0 V15.03.05.14_multi, the mac parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.
- risk 0.64cvss 9.8epss 0.01
In Tenda AC9 v1.0 V15.03.05.14_multi, the cloneType parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.
- risk 0.64cvss 9.8epss 0.02
In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.
- risk 0.64cvss 9.8epss 0.02
Tenda ac9 v1.0 firmware v15.03.05.19 is vulnerable to command injection in /goform/SetSambaCfg, which may lead to remote arbitrary code execution.
- risk 0.64cvss 9.8epss 0.01
Tenda ac9 v1.0 firmware v15.03.05.19 contains a stack overflow vulnerability in /goform/SetOnlineDevName, which may lead to remote arbitrary code execution.
- risk 0.64cvss 9.8epss 0.02
A Command Injection vulnerability exists in formWriteFacMac of the httpd binary in Tenda AC9 v15.03.06.42. As a result, attacker can execute OS commands with root privileges.
- risk 0.64cvss 9.8epss 0.01
A Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the fromSetSysTime function.
- risk 0.64cvss 9.8epss 0.01
Buffer Overflow vulnerability in the function setSchedWifi in Tenda AC9 v.3.0, firmware version v.15.03.06.42_multi allows a remote attacker to cause a denial of service or run arbitrary code via crafted overflow data.
- risk 0.64cvss 9.8epss 0.01
Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 and v.1.0 allows a remote attacker to execute arbitrary code via the formSetCfm function in bin/httpd.
- risk 0.64cvss 9.8epss 0.01
Tenda AC9 V3.0BR_V15.03.06.42_multi_TD01 was discovered stack overflow via parameter 'firewall_value' at url /goform/SetFirewallCfg.
- risk 0.64cvss 9.8epss 0.01
Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter mac at url /goform/GetParentControlInfo.
- risk 0.64cvss 9.8epss 0.01
Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter time at url /goform/PowerSaveSet.
Page 1 of 6