AC21
by Tenda
CVEs (29)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-65220 | 0.00 | — | 0.00 | Nov 20, 2025 | Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow in: /goform/SetVirtualServerCfg via the list parameter. | |||
| CVE-2025-65221 | 0.00 | — | 0.00 | Nov 20, 2025 | Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the list parameter of /goform/setPptpUserList. | |||
| CVE-2025-65223 | 0.00 | — | 0.00 | Nov 20, 2025 | Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the urls parameter of /goform/saveParentControlInfo. | |||
| CVE-2025-65226 | 0.00 | — | 0.00 | Nov 20, 2025 | Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the deviceId parameter in /goform/saveParentControlInfo. | |||
| CVE-2025-12611 | 0.00 | — | 0.01 | Nov 3, 2025 | A vulnerability was identified in Tenda AC21 16.03.08.16. This vulnerability affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument startIp leads to buffer overflow. Remote exploitation of the attack is possible. The exploit… | |||
| CVE-2025-11091 | 0.00 | — | 0.01 | Sep 28, 2025 | A security flaw has been discovered in Tenda AC21 up to 16.03.08.16. Affected by this vulnerability is the function sscanf of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overflow. The attack can be launched remotely. The exploit… | |||
| CVE-2025-10838 | 0.00 | — | 0.01 | Sep 23, 2025 | A vulnerability was identified in Tenda AC21 16.03.08.16. The affected element is the function sub_45BB10 of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to buffer overflow. It is possible to initiate the attack remotely. The exploit is… | |||
| CVE-2025-9605 | 0.00 | — | 0.01 | Aug 29, 2025 | A security vulnerability has been detected in Tenda AC21 and AC23 16.03.08.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. Such manipulation of the argument mac leads to stack-based buffer overflow. The attack can be launched remotely.… | |||
| CVE-2023-24333 | 0.00 | — | 0.00 | Feb 21, 2024 | A stack overflow vulnerability in Tenda AC21 with firmware version US_AC21V1.0re_V16.03.08.15_cn_TDC01 allows attackers to run arbitrary commands via crafted POST request to /goform/openSchedWifi. |
- CVE-2025-65220Nov 20, 2025risk 0.00cvss —epss 0.00
Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow in: /goform/SetVirtualServerCfg via the list parameter.
- CVE-2025-65221Nov 20, 2025risk 0.00cvss —epss 0.00
Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the list parameter of /goform/setPptpUserList.
- CVE-2025-65223Nov 20, 2025risk 0.00cvss —epss 0.00
Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the urls parameter of /goform/saveParentControlInfo.
- CVE-2025-65226Nov 20, 2025risk 0.00cvss —epss 0.00
Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the deviceId parameter in /goform/saveParentControlInfo.
- CVE-2025-12611Nov 3, 2025risk 0.00cvss —epss 0.01
A vulnerability was identified in Tenda AC21 16.03.08.16. This vulnerability affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument startIp leads to buffer overflow. Remote exploitation of the attack is possible. The exploit…
- CVE-2025-11091Sep 28, 2025risk 0.00cvss —epss 0.01
A security flaw has been discovered in Tenda AC21 up to 16.03.08.16. Affected by this vulnerability is the function sscanf of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overflow. The attack can be launched remotely. The exploit…
- CVE-2025-10838Sep 23, 2025risk 0.00cvss —epss 0.01
A vulnerability was identified in Tenda AC21 16.03.08.16. The affected element is the function sub_45BB10 of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to buffer overflow. It is possible to initiate the attack remotely. The exploit is…
- CVE-2025-9605Aug 29, 2025risk 0.00cvss —epss 0.01
A security vulnerability has been detected in Tenda AC21 and AC23 16.03.08.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. Such manipulation of the argument mac leads to stack-based buffer overflow. The attack can be launched remotely.…
- CVE-2023-24333Feb 21, 2024risk 0.00cvss —epss 0.00
A stack overflow vulnerability in Tenda AC21 with firmware version US_AC21V1.0re_V16.03.08.15_cn_TDC01 allows attackers to run arbitrary commands via crafted POST request to /goform/openSchedWifi.
Page 2 of 2