AC8

Source repositories

https://github.com/digitalandrew/tenda_ac8_v5

CVEs (13)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2026-4252	Tenda Ac8 Firmware	Cri	0.64	9.8	0.00	Mar 16, 2026	A vulnerability was identified in Tenda AC8 16.03.50.11. Affected by this issue is the function check_is_ipv6 of the component IPv6 Handler. The manipulation leads to reliance on ip address for authentication. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
CVE-2026-4253	Tenda Ac8 Firmware	Med	0.31	4.7	0.00	Mar 16, 2026	A security flaw has been discovered in Tenda AC8 16.03.50.11. This affects the function route_set_user_policy_rule of the file /cgi-bin/UploadCfg of the component Web Interface. The manipulation of the argument wans.policy.list1 results in os command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.
CVE-2026-4254	Tenda Ac8 Firmware		0.00	—	0.00	Mar 16, 2026	A weakness has been identified in Tenda AC8 up to 16.03.50.11. This vulnerability affects the function doSystemCmd of the file /goform/SysToolChangePwd of the component HTTP Endpoint. This manipulation of the argument local_2c causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.
CVE-2026-3044	Tenda Ac8 Firmware		0.00	—	0.00	Feb 23, 2026	A vulnerability has been found in Tenda AC8 16.03.34.06. This affects the function webCgiGetUploadFile of the file /cgi-bin/UploadCfg of the component Httpd Service. The manipulation of the argument boundary leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2026-2203	Tenda Ac8 Firmware		0.00	—	0.00	Feb 9, 2026	A flaw has been found in Tenda AC8 16.03.33.05. Affected by this vulnerability is an unknown functionality of the file /goform/fast_setting_wifi_set of the component Embedded Httpd Service. This manipulation of the argument timeZone causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.
CVE-2026-2202	Tenda Ac8 Firmware		0.00	—	0.00	Feb 9, 2026	A vulnerability was detected in Tenda AC8 16.03.33.05. Affected is the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet of the component httpd. The manipulation of the argument shareSpeed results in buffer overflow. The attack may be launched remotely. The exploit is now public and may be used.
CVE-2025-12618	Tenda Ac8 Firmware		0.00	—	0.00	Nov 3, 2025	A vulnerability has been found in Tenda AC8 16.03.34.06. This impacts an unknown function of the file /goform/DatabaseIniSet. The manipulation of the argument Time leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-61498	Tenda AC8		0.00	—	0.00	Oct 30, 2025	A buffer overflow in the UPnP service of Tenda AC8 Hardware v03.03.10.01 allows attackers to cause a Denial of Service (DoS) via supplying a crafted packet.
CVE-2025-11120	Tenda AC8		0.00	—	0.00	Sep 28, 2025	A weakness has been identified in Tenda AC8 16.03.34.06. The affected element is the function formSetServerConfig of the file /goform/SetServerConfig. Executing manipulation can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited.
CVE-2025-55852	Tenda AC8		0.00	—	0.00	Sep 3, 2025	Tenda AC8 v16.03.34.06 is vulnerable to Buffer Overflow in the formWifiBasicSet function via the parameter security or security_5g.
CVE-2025-52054	Tenda AC8		0.00	—	0.00	Aug 28, 2025	An issue was discovered in Tenda AC8 v4.0 AC1200 Dual-band Gigabit Wireless Router AC8v4.0 Firmware 16.03.33.05. The root password of the device is calculated with a static string and the last two octets of the MAC address of the device. This allows an unauthenticated attacker to authenticate with network services on the device.
CVE-2025-5799	Tenda AC8		0.00	—	0.02	Jun 6, 2025	A vulnerability was found in Tenda AC8 16.03.34.09. It has been declared as critical. Affected by this vulnerability is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5798	Tenda AC8		0.00	—	0.02	Jun 6, 2025	A vulnerability was found in Tenda AC8 16.03.34.09. It has been classified as critical. Affected is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument timeType leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2026-4252CriMar 16, 2026
Tenda
Ac8 Firmware
risk 0.64cvss 9.8epss 0.00
A vulnerability was identified in Tenda AC8 16.03.50.11. Affected by this issue is the function check_is_ipv6 of the component IPv6 Handler. The manipulation leads to reliance on ip address for authentication. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
CVE-2026-4253MedMar 16, 2026
Tenda
Ac8 Firmware
risk 0.31cvss 4.7epss 0.00
A security flaw has been discovered in Tenda AC8 16.03.50.11. This affects the function route_set_user_policy_rule of the file /cgi-bin/UploadCfg of the component Web Interface. The manipulation of the argument wans.policy.list1 results in os command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.
CVE-2026-4254Mar 16, 2026
Tenda
Ac8 Firmware
risk 0.00cvss —epss 0.00
A weakness has been identified in Tenda AC8 up to 16.03.50.11. This vulnerability affects the function doSystemCmd of the file /goform/SysToolChangePwd of the component HTTP Endpoint. This manipulation of the argument local_2c causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.
CVE-2026-3044Feb 23, 2026
Tenda
Ac8 Firmware
risk 0.00cvss —epss 0.00
A vulnerability has been found in Tenda AC8 16.03.34.06. This affects the function webCgiGetUploadFile of the file /cgi-bin/UploadCfg of the component Httpd Service. The manipulation of the argument boundary leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2026-2203Feb 9, 2026
Tenda
Ac8 Firmware
risk 0.00cvss —epss 0.00
A flaw has been found in Tenda AC8 16.03.33.05. Affected by this vulnerability is an unknown functionality of the file /goform/fast_setting_wifi_set of the component Embedded Httpd Service. This manipulation of the argument timeZone causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.
CVE-2026-2202Feb 9, 2026
Tenda
Ac8 Firmware
risk 0.00cvss —epss 0.00
A vulnerability was detected in Tenda AC8 16.03.33.05. Affected is the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet of the component httpd. The manipulation of the argument shareSpeed results in buffer overflow. The attack may be launched remotely. The exploit is now public and may be used.
CVE-2025-12618Nov 3, 2025
Tenda
Ac8 Firmware
risk 0.00cvss —epss 0.00
A vulnerability has been found in Tenda AC8 16.03.34.06. This impacts an unknown function of the file /goform/DatabaseIniSet. The manipulation of the argument Time leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-61498Oct 30, 2025
Tenda
AC8
risk 0.00cvss —epss 0.00
A buffer overflow in the UPnP service of Tenda AC8 Hardware v03.03.10.01 allows attackers to cause a Denial of Service (DoS) via supplying a crafted packet.
CVE-2025-11120Sep 28, 2025
Tenda
AC8
risk 0.00cvss —epss 0.00
A weakness has been identified in Tenda AC8 16.03.34.06. The affected element is the function formSetServerConfig of the file /goform/SetServerConfig. Executing manipulation can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited.
CVE-2025-55852Sep 3, 2025
Tenda
AC8
risk 0.00cvss —epss 0.00
Tenda AC8 v16.03.34.06 is vulnerable to Buffer Overflow in the formWifiBasicSet function via the parameter security or security_5g.
CVE-2025-52054Aug 28, 2025
Tenda
AC8
risk 0.00cvss —epss 0.00
An issue was discovered in Tenda AC8 v4.0 AC1200 Dual-band Gigabit Wireless Router AC8v4.0 Firmware 16.03.33.05. The root password of the device is calculated with a static string and the last two octets of the MAC address of the device. This allows an unauthenticated attacker to authenticate with network services on the device.
CVE-2025-5799Jun 6, 2025
Tenda
AC8
risk 0.00cvss —epss 0.02
A vulnerability was found in Tenda AC8 16.03.34.09. It has been declared as critical. Affected by this vulnerability is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5798Jun 6, 2025
Tenda
AC8
risk 0.00cvss —epss 0.02
A vulnerability was found in Tenda AC8 16.03.34.09. It has been classified as critical. Affected is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument timeType leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.