VYPR

AC9

by Tenda

CVEs (104)

  • CVE-2018-18708HigOct 29, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "page" parameter of…

  • CVE-2018-18707HigOct 29, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "ssid" parameter…

  • CVE-2018-18706HigOct 29, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. It is a buffer overflow vulnerability in the router's web server -- httpd. When processing the "page" parameter of…

  • CVE-2018-16333HigSep 2, 2018
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server. While processing the ssid parameter for a…

  • CVE-2018-14492HigJul 21, 2018
    risk 0.49cvss 7.5epss 0.01

    Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI.

  • CVE-2022-36571HigAug 31, 2022
    risk 0.47cvss 7.2epss 0.01

    Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the mask parameter at /goform/WanParameterSetting.

  • CVE-2022-36570HigAug 31, 2022
    risk 0.47cvss 7.2epss 0.01

    Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the time parameter at /goform/SetLEDCfg.

  • CVE-2020-20746HigSep 30, 2021
    risk 0.47cvss 7.2epss 0.03

    A stack-based buffer overflow in the httpd server on Tenda AC9 V15.03.06.60_EN allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via a crafted POST request to /goform/SetStaticRouteCfg.

  • CVE-2025-29387HigMar 14, 2025
    risk 0.46cvss 7.1epss 0.01

    In Tenda AC9 v1.0 V15.03.05.14_multi, the wanSpeed parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.

  • CVE-2024-10280MedOct 23, 2024
    risk 0.42cvss 6.5epss 0.01

    A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to…

  • CVE-2021-42659MedMay 24, 2022
    risk 0.42cvss 6.5epss 0.01

    There is a buffer overflow vulnerability in the Web server httpd of the router in Tenda router devices such as Tenda AC9 V1.0 V15.03.02.19(6318) and Tenda AC9 V3.0 V15.03.06.42_multi. When setting the virtual service, the httpd program will crash and exit when the super-long…

  • CVE-2017-16936MedNov 24, 2017
    risk 0.42cvss 6.5epss 0.01

    Directory Traversal vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01,…

  • CVE-2025-10442MedSep 15, 2025
    risk 0.41cvss 6.3epss 0.08

    A vulnerability was determined in Tenda AC9 and AC15 15.03.05.14. This affects the function formexeCommand of the file /goform/exeCommand. This manipulation of the argument cmdinput causes os command injection. Remote exploitation of the attack is possible. The exploit has been…

  • CVE-2025-5836MedJun 7, 2025
    risk 0.41cvss 6.3epss 0.03

    A vulnerability was found in Tenda AC9 15.03.02.13. It has been rated as critical. This issue affects the function formSetIptv of the file /goform/SetIPTVCfg of the component POST Request Handler. The manipulation of the argument list leads to command injection. The attack may…

  • CVE-2025-29032MedMar 14, 2025
    risk 0.39cvss 5.9epss 0.04

    Tenda AC9 v15.03.05.19(6318) was discovered to contain a buffer overflow via the formWifiWpsOOB function.

  • CVE-2022-36233MedAug 19, 2022
    risk 0.36cvss 5.5epss 0.00

    Tenda AC9 V15.03.2.13 is vulnerable to Buffer Overflow via httpd, form_fast_setting_wifi_set. httpd.

  • CVE-2025-5900MedJun 9, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability, which was classified as problematic, was found in Tenda AC9 15.03.02.13. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be…

  • CVE-2025-9731LowAug 31, 2025
    risk 0.16cvss 2.5epss 0.00

    A vulnerability was determined in Tenda AC9 15.03.05.19. The impacted element is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation causes hard-coded credentials. It is possible to launch the attack on the local host. The…

  • CVE-2026-2192Feb 8, 2026
    risk 0.00cvss epss 0.01

    A security vulnerability has been detected in Tenda AC9 15.03.06.42_multi. Affected by this vulnerability is the function formGetRebootTimer. Such manipulation of the argument sys.schedulereboot.start_time/sys.schedulereboot.end_time leads to stack-based buffer overflow. The…

  • CVE-2026-2191Feb 8, 2026
    risk 0.00cvss epss 0.01

    A weakness has been identified in Tenda AC9 15.03.06.42_multi. Affected is the function formGetDdosDefenceList. This manipulation of the argument security.ddos.map causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made available to…

Page 5 of 6