VYPR

AC9

by Tenda

CVEs (104)

  • CVE-2025-5847HigJun 8, 2025
    risk 0.57cvss 8.8epss 0.01

    A vulnerability has been found in Tenda AC9 15.03.02.13 and classified as critical. Affected by this vulnerability is the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg of the component HTTP POST Request Handler. The manipulation of the argument remoteIp leads…

  • CVE-2025-5839HigJun 7, 2025
    risk 0.57cvss 8.8epss 0.01

    A vulnerability, which was classified as critical, has been found in Tenda AC9 15.03.02.13. Affected by this issue is the function fromadvsetlanip of the file /goform/AdvSetLanip of the component POST Request Handler. The manipulation of the argument lanMask leads to buffer…

  • CVE-2024-25753HigFeb 22, 2024
    risk 0.57cvss 8.8epss 0.01

    Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the formSetDeviceName function.

  • CVE-2024-25748HigFeb 22, 2024
    risk 0.57cvss 8.8epss 0.01

    A Stack Based Buffer Overflow vulnerability in tenda AC9 AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the fromSetIpMacBind function.

  • CVE-2024-25746HigFeb 22, 2024
    risk 0.57cvss 8.8epss 0.00

    Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the add_white_node function.

  • CVE-2022-36569HigAug 31, 2022
    risk 0.57cvss 8.8epss 0.01

    Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg.

  • CVE-2022-36568HigAug 31, 2022
    risk 0.57cvss 8.8epss 0.01

    Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the list parameter at /goform/setPptpUserList.

  • CVE-2021-31627HigOct 29, 2021
    risk 0.57cvss 8.8epss 0.01

    Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the index parameter.

  • CVE-2021-31624HigOct 29, 2021
    risk 0.57cvss 8.8epss 0.01

    Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the urls parameter.

  • CVE-2018-16334HigSep 2, 2018
    risk 0.57cvss 8.8epss 0.04

    An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection.

  • CVE-2017-16923HigNov 21, 2017
    risk 0.57cvss 8.8epss 0.03

    Command Injection vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01,…

  • CVE-2024-25756HigFeb 22, 2024
    risk 0.52cvss 8.0epss 0.01

    A Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the formWifiBasicSet function.

  • CVE-2019-5072HigNov 21, 2019
    risk 0.51cvss 7.8epss 0.02

    An exploitable command injection vulnerability exists in the /goform/WanParameterSetting functionality of Tenda AC9 Router AC1200 Smart Dual-Band Gigabit WiFi Route (AC9V1.0 Firmware V15.03.05.16multiTRU). A specially crafted HTTP POST request can cause a command injection in…

  • CVE-2018-14559HigApr 25, 2019
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A buffer overflow vulnerability exists in the router's web server…

  • CVE-2018-14557HigApr 25, 2019
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A buffer overflow vulnerability exists in the router's web server…

  • CVE-2018-18732HigOct 29, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'ntpServer'…

  • CVE-2018-18731HigOct 29, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceMac'…

  • CVE-2018-18730HigOct 29, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'startIp' and…

  • CVE-2018-18727HigOct 29, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceList'…

  • CVE-2018-18709HigOct 29, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "firewallEn"…

Page 4 of 6