Tenda
Products
193- 187 CVEs
- 133 CVEs
- 130 CVEs
- 110 CVEs
- 104 CVEs
- 104 CVEs
- 97 CVEs
- 66 CVEs
- 61 CVEs
- 53 CVEs
- 48 CVEs
- 46 CVEs
- 45 CVEs
- 44 CVEs
- 38 CVEs
- 33 CVEs
- 32 CVEs
- 32 CVEs
- 31 CVEs
- 31 CVEs
- 30 CVEs
- 29 CVEs
- 29 CVEs
- 28 CVEs
- 28 CVEs
- 27 CVEs
- 26 CVEs
- 26 CVEs
- 25 CVEs
- 24 CVEs
- View all 193 products →
Recent CVEs
2,034| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-5767 | Cri | 0.70 | 9.8 | 0.41 | Feb 15, 2018 | An issue was discovered on Tenda AC15 V15.03.1.16_multi devices. A remote, unauthenticated attacker can gain remote code execution on the device with a crafted password parameter for the COOKIE header. | ||
| CVE-2015-5995 | Cri | 0.68 | 9.8 | 0.19 | Dec 31, 2015 | Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote attackers to obtain administrative access via a certain admin substring in an HTTP Cookie header. | ||
| CVE-2026-38065 | Cri | 0.64 | 9.8 | 0.01 | Jun 15, 2026 | Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_ims_on_with_apn via the ims_apn parameter. | ||
| CVE-2026-38064 | Cri | 0.64 | 9.8 | 0.01 | Jun 15, 2026 | Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_dial_call via the dialNumber parameter. | ||
| CVE-2026-38063 | Cri | 0.64 | 9.8 | 0.01 | Jun 15, 2026 | Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_radio_on_with_ia_apn via the ia parameter. | ||
| CVE-2026-38062 | Cri | 0.64 | 9.8 | 0.01 | Jun 15, 2026 | Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_rat_mode via the ratMode parameter. | ||
| CVE-2026-38061 | Cri | 0.64 | 9.8 | 0.01 | Jun 15, 2026 | Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_volume via the volume parameter. | ||
| CVE-2026-38060 | Cri | 0.64 | 9.8 | 0.01 | Jun 15, 2026 | Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_unlock_sim via the pin parameter. | ||
| CVE-2026-11499 | Cri | 0.64 | 9.8 | 0.07 | Jun 8, 2026 | A vulnerability was determined in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formDOMAINBLK of the file /boaform/formDOMAINBLK. Executing a manipulation of the argument blkDomain can lead to stack-based buffer overflow. The attack may be performed from… | ||
| CVE-2018-25318 | Cri | 0.64 | 9.8 | 0.01 | Apr 29, 2026 | Tenda FH303/A300 firmware V5.07.68_EN contains a session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient cookie validation. Attackers can send GET requests to the /goform/AdvSetDns endpoint with a crafted admin… | ||
| CVE-2018-25317 | Cri | 0.64 | 9.8 | 0.01 | Apr 29, 2026 | Tenda W3002R/A302/W309R wireless routers version V5.07.64_en contain a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the /goform/AdvSetDns… | ||
| CVE-2018-25316 | Cri | 0.64 | 9.8 | 0.01 | Apr 29, 2026 | Tenda W308R v2 V5.07.48 contains a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the goform/AdvSetDns endpoint with a crafted admin language… | ||
| CVE-2026-31255 | Cri | 0.64 | 9.8 | 0.01 | Apr 27, 2026 | A command injection vulnerability exists in Tenda AC18 V15.03.05.05_multi. The vulnerability is located in the /goform/SetSambaCfg interface, where improper handling of the guestuser parameter allows attackers to execute arbitrary system commands. | ||
| CVE-2026-38835 | Cri | 0.64 | 9.8 | 0.02 | Apr 21, 2026 | Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the formSetUSBPartitionUmount function via the usbPartitionName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||
| CVE-2025-52221 | Cri | 0.64 | 9.8 | 0.00 | Apr 8, 2026 | Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetCfm function via the funcname, funcpara1, and funcpara2 parameters. | ||
| CVE-2026-4567 | Cri | 0.64 | 9.8 | 0.04 | Mar 23, 2026 | A vulnerability has been found in Tenda A15 15.13.07.13. The impacted element is the function UploadCfg of the file /cgi-bin/UploadCfg. The manipulation of the argument File leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been… | ||
| CVE-2026-4252 | Cri | 0.64 | 9.8 | 0.01 | Mar 16, 2026 | A vulnerability was identified in Tenda AC8 16.03.50.11. Affected by this issue is the function check_is_ipv6 of the component IPv6 Handler. The manipulation leads to reliance on ip address for authentication. It is possible to initiate the attack remotely. The exploit is… | ||
| CVE-2026-1364 | Cri | 0.64 | 9.8 | 0.01 | Jan 23, 2026 | IAQS and I6 developed by JNC has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly operate system administrative functionalities. | ||
| CVE-2026-1363 | Cri | 0.64 | 9.8 | 0.01 | Jan 23, 2026 | IAQS and I6 developed by JNC has a Client-Side Enforcement of Server-Side Security vulnerability, allowing unauthenticated remote attackers to gain administrator privileges by manipulating the web front-end. | ||
| CVE-2018-5768 | Cri | 0.64 | 9.8 | 0.04 | Mar 20, 2018 | A remote, unauthenticated attacker can gain remote code execution on the the Tenda AC15 router with a specially crafted password parameter for the COOKIE header. |
- risk 0.70cvss 9.8epss 0.41
An issue was discovered on Tenda AC15 V15.03.1.16_multi devices. A remote, unauthenticated attacker can gain remote code execution on the device with a crafted password parameter for the COOKIE header.
- risk 0.68cvss 9.8epss 0.19
Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote attackers to obtain administrative access via a certain admin substring in an HTTP Cookie header.
- risk 0.64cvss 9.8epss 0.01
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_ims_on_with_apn via the ims_apn parameter.
- risk 0.64cvss 9.8epss 0.01
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_dial_call via the dialNumber parameter.
- risk 0.64cvss 9.8epss 0.01
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_radio_on_with_ia_apn via the ia parameter.
- risk 0.64cvss 9.8epss 0.01
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_rat_mode via the ratMode parameter.
- risk 0.64cvss 9.8epss 0.01
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_volume via the volume parameter.
- risk 0.64cvss 9.8epss 0.01
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_unlock_sim via the pin parameter.
- risk 0.64cvss 9.8epss 0.07
A vulnerability was determined in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formDOMAINBLK of the file /boaform/formDOMAINBLK. Executing a manipulation of the argument blkDomain can lead to stack-based buffer overflow. The attack may be performed from…
- risk 0.64cvss 9.8epss 0.01
Tenda FH303/A300 firmware V5.07.68_EN contains a session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient cookie validation. Attackers can send GET requests to the /goform/AdvSetDns endpoint with a crafted admin…
- risk 0.64cvss 9.8epss 0.01
Tenda W3002R/A302/W309R wireless routers version V5.07.64_en contain a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the /goform/AdvSetDns…
- risk 0.64cvss 9.8epss 0.01
Tenda W308R v2 V5.07.48 contains a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the goform/AdvSetDns endpoint with a crafted admin language…
- risk 0.64cvss 9.8epss 0.01
A command injection vulnerability exists in Tenda AC18 V15.03.05.05_multi. The vulnerability is located in the /goform/SetSambaCfg interface, where improper handling of the guestuser parameter allows attackers to execute arbitrary system commands.
- risk 0.64cvss 9.8epss 0.02
Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the formSetUSBPartitionUmount function via the usbPartitionName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
- risk 0.64cvss 9.8epss 0.00
Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetCfm function via the funcname, funcpara1, and funcpara2 parameters.
- risk 0.64cvss 9.8epss 0.04
A vulnerability has been found in Tenda A15 15.13.07.13. The impacted element is the function UploadCfg of the file /cgi-bin/UploadCfg. The manipulation of the argument File leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been…
- risk 0.64cvss 9.8epss 0.01
A vulnerability was identified in Tenda AC8 16.03.50.11. Affected by this issue is the function check_is_ipv6 of the component IPv6 Handler. The manipulation leads to reliance on ip address for authentication. It is possible to initiate the attack remotely. The exploit is…
- risk 0.64cvss 9.8epss 0.01
IAQS and I6 developed by JNC has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly operate system administrative functionalities.
- risk 0.64cvss 9.8epss 0.01
IAQS and I6 developed by JNC has a Client-Side Enforcement of Server-Side Security vulnerability, allowing unauthenticated remote attackers to gain administrator privileges by manipulating the web front-end.
- risk 0.64cvss 9.8epss 0.04
A remote, unauthenticated attacker can gain remote code execution on the the Tenda AC15 router with a specially crafted password parameter for the COOKIE header.