VYPR

AC15

by Tenda

CVEs (97)

  • CVE-2025-11387Oct 7, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was determined in Tenda AC15 15.03.05.18. This affects an unknown function of the file /goform/fast_setting_pppoe_set. This manipulation of the argument Password causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been…

  • CVE-2025-11386Oct 7, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was found in Tenda AC15 15.03.05.18. The impacted element is an unknown function of the file /goform/SetDDNSCfg of the component POST Parameter Handler. The manipulation of the argument ddnsEn results in stack-based buffer overflow. The attack can be launched…

  • CVE-2025-10443Sep 15, 2025
    risk 0.00cvss epss 0.04

    A vulnerability was identified in Tenda AC9 and AC15 15.03.05.14/15.03.05.18. This vulnerability affects the function formexeCommand of the file /goform/exeCommand. Such manipulation of the argument cmdinput leads to buffer overflow. The attack can be executed remotely. The…

  • CVE-2025-55564Aug 21, 2025
    risk 0.00cvss epss 0.00

    Tenda AC15 v15.03.05.19_multi_TD01 has a stack overflow via the list parameter in the fromSetIpMacBind function.

  • CVE-2025-8979Aug 14, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was identified in Tenda AC15 15.13.07.13. Affected by this vulnerability is the function check_fw_type/split_fireware/check_fw of the component Firmware Update Handler. The manipulation leads to insufficient verification of data authenticity. The attack can be…

  • CVE-2025-5851Jun 8, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been rated as critical. This issue affects the function fromadvsetlanip of the file /goform/AdvSetLanip of the component HTTP POST Request Handler. The manipulation of the argument lanMask leads to buffer…

  • CVE-2025-5850Jun 8, 2025
    risk 0.00cvss epss 0.04

    A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been declared as critical. This vulnerability affects the function formsetschedled of the file /goform/SetLEDCf of the component HTTP POST Request Handler. The manipulation of the argument Time leads to buffer…

  • CVE-2025-5849Jun 8, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been classified as critical. This affects the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg of the component HTTP POST Request Handler. The manipulation of the argument remoteIp leads to…

  • CVE-2025-5848Jun 8, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was found in Tenda AC15 15.03.05.19_multi and classified as critical. Affected by this issue is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component HTTP POST Request Handler. The manipulation of the argument list leads to buffer…

  • CVE-2025-3786Apr 18, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was found in Tenda AC15 up to 15.03.05.19 and classified as critical. This issue affects the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument mac leads to buffer overflow. The attack may be initiated remotely. The…

  • CVE-2025-29462Apr 3, 2025
    risk 0.00cvss epss 0.00

    A buffer overflow vulnerability has been discovered in Tenda Ac15 V15.13.07.13. The vulnerability occurs when the webCgiGetUploadFile function calls the socketRead function to process HTTP request messages, resulting in the overwriting of a buffer on the stack.

  • CVE-2025-25632Mar 5, 2025
    risk 0.00cvss epss 0.02

    Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet.

  • CVE-2025-25634Mar 5, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been found in Tenda AC15 15.03.05.19 in the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument src leads to stack-based buffer overflow.

  • CVE-2024-10662Nov 1, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in Tenda AC15 15.03.05.19 and classified as critical. This issue affects the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be initiated…

  • CVE-2024-10661Nov 1, 2024
    risk 0.00cvss epss 0.01

    A vulnerability has been found in Tenda AC15 15.03.05.19 and classified as critical. This vulnerability affects the function SetDlnaCfg of the file /goform/SetDlnaCfg. The manipulation of the argument scanList leads to stack-based buffer overflow. The attack can be initiated…

  • CVE-2024-10280Oct 23, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to…

  • CVE-2024-32303Apr 17, 2024
    risk 0.00cvss epss 0.00

    Tenda AC15 v15.03.20_multi, v15.03.05.19, and v15.03.05.18 firmware has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function.

  • CVE-2024-30840Apr 15, 2024
    risk 0.00cvss epss 0.00

    A Stack Overflow vulnerability in Tenda AC15 v15.03.05.18 allows attackers to cause a denial of service via the LISTEN parameter in the fromDhcpListClient function.

  • CVE-2024-30645Mar 29, 2024
    risk 0.00cvss epss 0.01

    Tenda AC15V1.0 V15.03.20_multi has a command injection vulnerability via the deviceName parameter.

  • CVE-2024-30613Mar 29, 2024
    risk 0.00cvss epss 0.00

    Tenda AC15 v15.03.05.18 has a stack overflow vulnerability in the time parameter from the setSmartPowerManagement function.

Page 4 of 5