VYPR

W12

by Tenda

CVEs (13)

  • CVE-2025-11549HigOct 9, 2025
    risk 0.58cvss 8.8epss 0.08

    A vulnerability has been found in Tenda W12 3.0.0.6(3948). The affected element is the function wifiMacFilterSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument mac leads to stack-based buffer overflow. The attack is possible…

  • CVE-2025-3820HigApr 19, 2025
    risk 0.58cvss 8.8epss 0.09

    A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644) and classified as critical. Affected by this issue is the function cgiSysUplinkCheckSet of the file /bin/httpd. The manipulation of the argument hostIp1/hostIp2 leads to stack-based buffer overflow. The…

  • CVE-2025-3693HigApr 16, 2025
    risk 0.58cvss 8.8epss 0.05

    A vulnerability was found in Tenda W12 3.0.0.5. It has been rated as critical. Affected by this issue is the function cgiWifiRadioSet of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been…

  • CVE-2026-10192HigMay 31, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was identified in Tenda W12 3.0.0.7(4763). The affected element is the function set_local_time_0 of the file /bin/httpd. Such manipulation of the argument Time leads to stack-based buffer overflow. The attack can be launched remotely. The exploit is publicly…

  • CVE-2026-10191HigMay 31, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability was determined in Tenda W12 3.0.0.7(4763). Impacted is the function cgiWifiMacFilterSet of the file /bin/httpd. This manipulation of the argument wifiMacFilterSet.macList.mac causes stack-based buffer overflow. The attack can be initiated remotely. The exploit…

  • CVE-2026-10189HigMay 31, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability has been found in Tenda W12 3.0.0.7(4763). This vulnerability affects the function cgiSysTimeInfoSet of the file /bin/httpd. The manipulation of the argument sec leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has…

  • CVE-2026-10188HigMay 31, 2026
    risk 0.57cvss 8.8epss 0.00

    A flaw has been found in Tenda W12 3.0.0.7(4763). This affects the function cgistaKickOff of the file /bin/httpd. Executing a manipulation of the argument staMac can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been published and…

  • CVE-2025-4007HigApr 28, 2025
    risk 0.57cvss 8.8epss 0.01

    A vulnerability classified as critical was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). Affected by this vulnerability is the function cgidhcpsCfgSet of the file /goform/modules of the component httpd. The manipulation of the argument json leads to stack-based buffer…

  • CVE-2025-3803HigApr 19, 2025
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). It has been rated as critical. This issue affects the function cgiSysScheduleRebootSet of the file /bin/httpd. The manipulation of the argument rebootDate leads to stack-based buffer overflow. The attack…

  • CVE-2025-3802HigApr 19, 2025
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). It has been declared as critical. This vulnerability affects the function cgiPingSet of the file /bin/httpd. The manipulation of the argument pingIP leads to stack-based buffer overflow. The attack can…

  • CVE-2026-10190MedMay 31, 2026
    risk 0.42cvss 6.5epss 0.00

    A vulnerability was found in Tenda W12 3.0.0.7(4763). This issue affects the function cgiSysWebTimeoutSet of the file /bin/httpd of the component Web Management Interface. The manipulation of the argument web_over_time results in denial of service. It is possible to launch the…

  • CVE-2025-11550MedOct 9, 2025
    risk 0.42cvss 6.5epss 0.01

    A vulnerability was found in Tenda W12 3.0.0.6(3948). The impacted element is the function wifiScheduledSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument wifiScheduledSet results in null pointer dereference. The attack may be…

  • CVE-2025-9778LowSep 1, 2025
    risk 0.12cvss 1.9epss 0.00

    A security vulnerability has been detected in Tenda W12 up to 3.0.0.6(3948). Affected is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. The manipulation leads to hard-coded credentials. An attack has to be approached locally. The…