AC10
by Tenda
Source repositories
CVEs (128)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-15218 | 0.00 | — | 0.03 | Dec 30, 2025 | A weakness has been identified in Tenda AC10U 15.03.06.48/15.03.06.49. Affected by this vulnerability is the function fromadvsetlanip of the file /goform/AdvSetLanip of the component POST Request Parameter Handler. Executing a manipulation of the argument lanMask can lead to… | |||
| CVE-2025-15215 | 0.00 | — | 0.01 | Dec 30, 2025 | A vulnerability was determined in Tenda AC10U 15.03.06.48/15.03.06.49. This affects the function formSetPPTPUserList of the file /goform/setPptpUserList of the component HTTP POST Request Handler. This manipulation of the argument list causes buffer overflow. It is possible to… | |||
| CVE-2025-12622 | 0.00 | — | 0.01 | Nov 3, 2025 | A vulnerability was determined in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function formSysRunCmd of the file /goform/SysRunCmd. This manipulation of the argument getui causes buffer overflow. The attack may be initiated remotely. The exploit has been… | |||
| CVE-2025-57217 | 0.00 | — | 0.00 | Aug 28, 2025 | Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the Password parameter in the function R7WebsSecurityHandler. | |||
| CVE-2025-57218 | 0.00 | — | 0.01 | Aug 28, 2025 | Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the security_5g parameter in the function sub_46284C. | |||
| CVE-2025-57220 | 0.00 | — | 0.01 | Aug 28, 2025 | An input validation flaw in the 'ate' service of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 to escalate privileges to root via a crafted UDP packet. | |||
| CVE-2025-57219 | 0.00 | — | 0.00 | Aug 28, 2025 | Incorrect access control in the endpoint /goform/ate of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 allows attackers to escalate privileges or access sensitive components via a crafted request. | |||
| CVE-2025-57215 | 0.00 | — | 0.00 | Aug 28, 2025 | Tenda AC10 v4.0 firmware v16.03.10.20 was discovered to contain a stack overflow via the function get_parentControl_list_Info. |
- CVE-2025-15218Dec 30, 2025risk 0.00cvss —epss 0.03
A weakness has been identified in Tenda AC10U 15.03.06.48/15.03.06.49. Affected by this vulnerability is the function fromadvsetlanip of the file /goform/AdvSetLanip of the component POST Request Parameter Handler. Executing a manipulation of the argument lanMask can lead to…
- CVE-2025-15215Dec 30, 2025risk 0.00cvss —epss 0.01
A vulnerability was determined in Tenda AC10U 15.03.06.48/15.03.06.49. This affects the function formSetPPTPUserList of the file /goform/setPptpUserList of the component HTTP POST Request Handler. This manipulation of the argument list causes buffer overflow. It is possible to…
- CVE-2025-12622Nov 3, 2025risk 0.00cvss —epss 0.01
A vulnerability was determined in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function formSysRunCmd of the file /goform/SysRunCmd. This manipulation of the argument getui causes buffer overflow. The attack may be initiated remotely. The exploit has been…
- CVE-2025-57217Aug 28, 2025risk 0.00cvss —epss 0.00
Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the Password parameter in the function R7WebsSecurityHandler.
- CVE-2025-57218Aug 28, 2025risk 0.00cvss —epss 0.01
Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the security_5g parameter in the function sub_46284C.
- CVE-2025-57220Aug 28, 2025risk 0.00cvss —epss 0.01
An input validation flaw in the 'ate' service of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 to escalate privileges to root via a crafted UDP packet.
- CVE-2025-57219Aug 28, 2025risk 0.00cvss —epss 0.00
Incorrect access control in the endpoint /goform/ate of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 allows attackers to escalate privileges or access sensitive components via a crafted request.
- CVE-2025-57215Aug 28, 2025risk 0.00cvss —epss 0.00
Tenda AC10 v4.0 firmware v16.03.10.20 was discovered to contain a stack overflow via the function get_parentControl_list_Info.
Page 7 of 7