Vendor CVEs
Tenda
All CVEs
2,034 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-15161 | 0.00 | — | 0.01 | Dec 28, 2025 | A vulnerability was found in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/PPTPUserSetting. Performing a manipulation of the argument delno results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been… | |||
| CVE-2025-15160 | 0.00 | — | 0.01 | Dec 28, 2025 | A vulnerability has been found in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/PPTPServer. Such manipulation of the argument ip1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public… | |||
| CVE-2025-15047 | 0.00 | — | 0.01 | Dec 23, 2025 | A vulnerability was found in Tenda WH450 1.0.0.18. This affects an unknown function of the file /goform/PPTPDClient of the component HTTP Request Handler. Performing a manipulation of the argument Username results in stack-based buffer overflow. The attack can be initiated… | |||
| CVE-2025-15046 | 0.00 | — | 0.01 | Dec 23, 2025 | A vulnerability has been found in Tenda WH450 1.0.0.18. The impacted element is an unknown function of the file /goform/PPTPClient of the component HTTP Request Handler. Such manipulation of the argument netmsk leads to stack-based buffer overflow. It is possible to launch the… | |||
| CVE-2025-15045 | 0.00 | — | 0.01 | Dec 23, 2025 | A flaw has been found in Tenda WH450 1.0.0.18. The affected element is an unknown function of the file /goform/Natlimit of the component HTTP Request Handler. This manipulation of the argument page causes stack-based buffer overflow. It is possible to initiate the attack… | |||
| CVE-2025-15044 | 0.00 | — | 0.01 | Dec 23, 2025 | A vulnerability was detected in Tenda WH450 1.0.0.18. Impacted is an unknown function of the file /goform/NatStaticSetting. The manipulation of the argument page results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public and may be… | |||
| CVE-2025-15010 | 0.00 | — | 0.01 | Dec 22, 2025 | A vulnerability has been found in Tenda WH450 1.0.0.18. This issue affects some unknown processing of the file /goform/SafeUrlFilter. The manipulation of the argument page leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been… | |||
| CVE-2025-15007 | 0.00 | — | 0.01 | Dec 22, 2025 | A security vulnerability has been detected in Tenda WH450 1.0.0.18. Affected by this issue is some unknown functionality of the file /goform/L7Im of the component HTTP Request Handler. Such manipulation of the argument page leads to stack-based buffer overflow. The attack can be… | |||
| CVE-2025-15006 | 0.00 | — | 0.01 | Dec 22, 2025 | A weakness has been identified in Tenda WH450 1.0.0.18. Affected by this vulnerability is an unknown functionality of the file /goform/CheckTools of the component HTTP Request Handler. This manipulation of the argument ipaddress causes stack-based buffer overflow. The attack can… | |||
| CVE-2025-14995 | 0.00 | — | 0.01 | Dec 21, 2025 | A vulnerability has been found in Tenda FH1201 1.2.0.14(408). Affected is the function sprintf of the file /goform/SetIpBind. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed to… | |||
| CVE-2025-14994 | 0.00 | — | 0.01 | Dec 21, 2025 | A flaw has been found in Tenda FH1201 and FH1206 1.2.0.14(408)/1.2.0.8(8155). This impacts the function strcat of the file /goform/webtypelibrary of the component HTTP Request Handler. This manipulation of the argument webSiteId causes stack-based buffer overflow. The attack is… | |||
| CVE-2025-14993 | 0.00 | — | 0.01 | Dec 21, 2025 | A vulnerability was detected in Tenda AC18 15.03.05.05. This affects the function sprintf of the file /goform/SetDlnaCfg of the component HTTP Request Handler. The manipulation of the argument scanList results in stack-based buffer overflow. The attack can be executed remotely.… | |||
| CVE-2025-14992 | 0.00 | — | 0.01 | Dec 21, 2025 | A security vulnerability has been detected in Tenda AC18 15.03.05.05. The impacted element is the function strcpy of the file /goform/GetParentControlInfo of the component HTTP Request Handler. The manipulation of the argument mac leads to stack-based buffer overflow. Remote… | |||
| CVE-2025-14879 | 0.00 | — | 0.06 | Dec 18, 2025 | A weakness has been identified in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/onSSIDChange of the component HTTP Request Handler. This manipulation of the argument ssid_index causes stack-based buffer overflow. It is possible to initiate the attack… | |||
| CVE-2025-14878 | 0.00 | — | 0.01 | Dec 18, 2025 | A security flaw has been discovered in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/wirelessRestart of the component HTTP Request Handler. The manipulation of the argument GO results in stack-based buffer overflow. The attack may be performed from… | |||
| CVE-2025-67073 | 0.00 | — | 0.01 | Dec 17, 2025 | A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serviceName`) to… | |||
| CVE-2025-67074 | 0.00 | — | 0.00 | Dec 17, 2025 | A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serverName`) to… | |||
| CVE-2025-14665 | 0.00 | — | 0.01 | Dec 14, 2025 | A security flaw has been discovered in Tenda WH450 1.0.0.18. Impacted is an unknown function of the file /goform/DhcpListClient of the component HTTP Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The attack can be executed… | |||
| CVE-2025-14656 | 0.00 | — | 0.01 | Dec 14, 2025 | A weakness has been identified in Tenda AC20 16.03.08.12. This affects the function httpd of the file /goform/openSchedWifi. Executing a manipulation of the argument schedStartTime/schedEndTime can lead to buffer overflow. The attack may be performed from remote. The exploit has… | |||
| CVE-2025-14655 | 0.00 | — | 0.03 | Dec 14, 2025 | A security flaw has been discovered in Tenda AC20 16.03.08.12. The impacted element is the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg of the component httpd. Performing a manipulation of the argument rebootTime results in stack-based buffer overflow. The… | |||
| CVE-2025-14654 | 0.00 | — | 0.03 | Dec 14, 2025 | A vulnerability was identified in Tenda AC20 16.03.08.12. The affected element is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component httpd. Such manipulation of the argument list leads to stack-based buffer overflow. The attack can be executed… | |||
| CVE-2025-14526 | 0.00 | — | 0.01 | Dec 11, 2025 | A security flaw has been discovered in Tenda CH22 1.0.0.1. This affects the function frmL7ImForm of the file /goform/L7Im. Performing a manipulation of the argument page results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been released to… | |||
| CVE-2025-14286 | 0.00 | — | 0.01 | Dec 9, 2025 | A vulnerability was determined in Tenda AC9 15.03.05.14_multi. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/DownloadCfg.jpg of the component Configuration File Handler. This manipulation causes information disclosure. The attack may be… | |||
| CVE-2025-65804 | 0.00 | — | 0.00 | Dec 8, 2025 | Tenda AX3 v16.03.12.11 contains a stack overflow in formSetIptv via the iptvType parameter, which can cause memory corruption and enable remote code execution (RCE). | |||
| CVE-2025-13446 | 0.00 | — | 0.03 | Nov 20, 2025 | A vulnerability has been found in Tenda AC21 16.03.08.16. This vulnerability affects unknown code of the file /goform/SetSysTimeCfg. The manipulation of the argument timeZone/time leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The… | |||
| CVE-2025-13445 | 0.00 | — | 0.03 | Nov 20, 2025 | A flaw has been found in Tenda AC21 16.03.08.16. This affects an unknown part of the file /goform/SetIpMacBind. Executing a manipulation of the argument list can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been published and may be… | |||
| CVE-2025-65221 | 0.00 | — | 0.00 | Nov 20, 2025 | Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the list parameter of /goform/setPptpUserList. | |||
| CVE-2025-65220 | 0.00 | — | 0.00 | Nov 20, 2025 | Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow in: /goform/SetVirtualServerCfg via the list parameter. | |||
| CVE-2025-65223 | 0.00 | — | 0.00 | Nov 20, 2025 | Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the urls parameter of /goform/saveParentControlInfo. | |||
| CVE-2025-65222 | 0.00 | — | 0.02 | Nov 20, 2025 | Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the rebootTime parameter of /goform/SetSysAutoRebbotCfg. | |||
| CVE-2025-65226 | 0.00 | — | 0.00 | Nov 20, 2025 | Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the deviceId parameter in /goform/saveParentControlInfo. | |||
| CVE-2025-13400 | 0.00 | — | 0.01 | Nov 19, 2025 | A vulnerability was detected in Tenda CH22 1.0.0.1. Affected is the function formWrlExtraGet of the file /goform/WrlExtraGet. Performing a manipulation of the argument chkHz results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and… | |||
| CVE-2025-13288 | 0.00 | — | 0.01 | Nov 17, 2025 | A security vulnerability has been detected in Tenda CH22 1.0.0.1. This impacts the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The manipulation of the argument delno leads to buffer overflow. The attack is possible to be carried out remotely. The exploit… | |||
| CVE-2025-13258 | 0.00 | — | 0.01 | Nov 17, 2025 | A vulnerability was detected in Tenda AC20 up to 16.03.08.12. The impacted element is an unknown function of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto results in buffer overflow. The attack can be launched remotely. The exploit is now public… | |||
| CVE-2025-63666 | 0.00 | — | 0.00 | Nov 12, 2025 | Tenda AC15 v15.03.05.18_multi) issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. An attacker with network access or the ability to run JS in a victim browser can steal the cookie… | |||
| CVE-2025-63149 | 0.00 | — | 0.00 | Nov 10, 2025 | Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the urls parameter of the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||
| CVE-2025-63835 | 0.00 | — | 0.01 | Nov 10, 2025 | A stack-based buffer overflow vulnerability was discovered in Tenda AC18 v15.03.05.05_multi. The vulnerability exists in the guestSsid parameter of the /goform/WifiGuestSet interface. Remote attackers can exploit this vulnerability by sending oversized data to the guestSsid… | |||
| CVE-2025-63147 | 0.00 | — | 0.00 | Nov 10, 2025 | Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the deviceId parameter of the saveParentControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||
| CVE-2025-63456 | 0.00 | — | 0.00 | Nov 10, 2025 | Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the time parameter in the SetSysTimeCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||
| CVE-2025-63455 | 0.00 | — | 0.00 | Nov 10, 2025 | Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||
| CVE-2025-63834 | 0.00 | — | 0.00 | Nov 10, 2025 | A stored cross-site scripting (XSS) vulnerability was discovered in Tenda AC18 v15.03.05.05_multi. The vulnerability exists in the ssid parameter of the wireless settings. Remote attackers can inject malicious payloads that execute when any user visits the router's homepage. | |||
| CVE-2025-63457 | 0.00 | — | 0.00 | Nov 10, 2025 | Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the wanMTU parameter in the sub_4F55C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||
| CVE-2025-63152 | 0.00 | — | 0.00 | Nov 10, 2025 | Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the wpapsk_crypto parameter of the wlSetExternParameter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||
| CVE-2025-12622 | 0.00 | — | 0.01 | Nov 3, 2025 | A vulnerability was determined in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function formSysRunCmd of the file /goform/SysRunCmd. This manipulation of the argument getui causes buffer overflow. The attack may be initiated remotely. The exploit has been… | |||
| CVE-2025-12619 | 0.00 | — | 0.01 | Nov 3, 2025 | A vulnerability was found in Tenda A15 15.13.07.13. Affected is the function fromSetWirelessRepeat of the file /goform/openNetworkGateway. The manipulation of the argument wpapsk_crypto2_4g results in buffer overflow. The attack can be launched remotely. The exploit has been… | |||
| CVE-2025-12618 | 0.00 | — | 0.05 | Nov 3, 2025 | A vulnerability has been found in Tenda AC8 16.03.34.06. This impacts an unknown function of the file /goform/DatabaseIniSet. The manipulation of the argument Time leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and… | |||
| CVE-2025-12611 | 0.00 | — | 0.01 | Nov 3, 2025 | A vulnerability was identified in Tenda AC21 16.03.08.16. This vulnerability affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument startIp leads to buffer overflow. Remote exploitation of the attack is possible. The exploit… | |||
| CVE-2025-12596 | 0.00 | — | 0.01 | Nov 2, 2025 | A security vulnerability has been detected in Tenda AC23 16.03.07.52. Affected is the function saveParentControlInfo of the file /goform/saveParentControlInfo. Such manipulation of the argument Time leads to buffer overflow. It is possible to launch the attack remotely. The… | |||
| CVE-2025-12595 | 0.00 | — | 0.01 | Nov 2, 2025 | A weakness has been identified in Tenda AC23 16.03.07.52. This impacts the function formSetVirtualSer of the file /goform/SetVirtualServerCfg. This manipulation of the argument list causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made… | |||
| CVE-2025-63458 | 0.00 | — | 0.00 | Oct 31, 2025 | Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the timeZone parameter in the form_fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. |
- CVE-2025-15161Dec 28, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/PPTPUserSetting. Performing a manipulation of the argument delno results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been…
- CVE-2025-15160Dec 28, 2025risk 0.00cvss —epss 0.01
A vulnerability has been found in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/PPTPServer. Such manipulation of the argument ip1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public…
- CVE-2025-15047Dec 23, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in Tenda WH450 1.0.0.18. This affects an unknown function of the file /goform/PPTPDClient of the component HTTP Request Handler. Performing a manipulation of the argument Username results in stack-based buffer overflow. The attack can be initiated…
- CVE-2025-15046Dec 23, 2025risk 0.00cvss —epss 0.01
A vulnerability has been found in Tenda WH450 1.0.0.18. The impacted element is an unknown function of the file /goform/PPTPClient of the component HTTP Request Handler. Such manipulation of the argument netmsk leads to stack-based buffer overflow. It is possible to launch the…
- CVE-2025-15045Dec 23, 2025risk 0.00cvss —epss 0.01
A flaw has been found in Tenda WH450 1.0.0.18. The affected element is an unknown function of the file /goform/Natlimit of the component HTTP Request Handler. This manipulation of the argument page causes stack-based buffer overflow. It is possible to initiate the attack…
- CVE-2025-15044Dec 23, 2025risk 0.00cvss —epss 0.01
A vulnerability was detected in Tenda WH450 1.0.0.18. Impacted is an unknown function of the file /goform/NatStaticSetting. The manipulation of the argument page results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public and may be…
- CVE-2025-15010Dec 22, 2025risk 0.00cvss —epss 0.01
A vulnerability has been found in Tenda WH450 1.0.0.18. This issue affects some unknown processing of the file /goform/SafeUrlFilter. The manipulation of the argument page leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been…
- CVE-2025-15007Dec 22, 2025risk 0.00cvss —epss 0.01
A security vulnerability has been detected in Tenda WH450 1.0.0.18. Affected by this issue is some unknown functionality of the file /goform/L7Im of the component HTTP Request Handler. Such manipulation of the argument page leads to stack-based buffer overflow. The attack can be…
- CVE-2025-15006Dec 22, 2025risk 0.00cvss —epss 0.01
A weakness has been identified in Tenda WH450 1.0.0.18. Affected by this vulnerability is an unknown functionality of the file /goform/CheckTools of the component HTTP Request Handler. This manipulation of the argument ipaddress causes stack-based buffer overflow. The attack can…
- CVE-2025-14995Dec 21, 2025risk 0.00cvss —epss 0.01
A vulnerability has been found in Tenda FH1201 1.2.0.14(408). Affected is the function sprintf of the file /goform/SetIpBind. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed to…
- CVE-2025-14994Dec 21, 2025risk 0.00cvss —epss 0.01
A flaw has been found in Tenda FH1201 and FH1206 1.2.0.14(408)/1.2.0.8(8155). This impacts the function strcat of the file /goform/webtypelibrary of the component HTTP Request Handler. This manipulation of the argument webSiteId causes stack-based buffer overflow. The attack is…
- CVE-2025-14993Dec 21, 2025risk 0.00cvss —epss 0.01
A vulnerability was detected in Tenda AC18 15.03.05.05. This affects the function sprintf of the file /goform/SetDlnaCfg of the component HTTP Request Handler. The manipulation of the argument scanList results in stack-based buffer overflow. The attack can be executed remotely.…
- CVE-2025-14992Dec 21, 2025risk 0.00cvss —epss 0.01
A security vulnerability has been detected in Tenda AC18 15.03.05.05. The impacted element is the function strcpy of the file /goform/GetParentControlInfo of the component HTTP Request Handler. The manipulation of the argument mac leads to stack-based buffer overflow. Remote…
- CVE-2025-14879Dec 18, 2025risk 0.00cvss —epss 0.06
A weakness has been identified in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/onSSIDChange of the component HTTP Request Handler. This manipulation of the argument ssid_index causes stack-based buffer overflow. It is possible to initiate the attack…
- CVE-2025-14878Dec 18, 2025risk 0.00cvss —epss 0.01
A security flaw has been discovered in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/wirelessRestart of the component HTTP Request Handler. The manipulation of the argument GO results in stack-based buffer overflow. The attack may be performed from…
- CVE-2025-67073Dec 17, 2025risk 0.00cvss —epss 0.01
A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serviceName`) to…
- CVE-2025-67074Dec 17, 2025risk 0.00cvss —epss 0.00
A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serverName`) to…
- CVE-2025-14665Dec 14, 2025risk 0.00cvss —epss 0.01
A security flaw has been discovered in Tenda WH450 1.0.0.18. Impacted is an unknown function of the file /goform/DhcpListClient of the component HTTP Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The attack can be executed…
- CVE-2025-14656Dec 14, 2025risk 0.00cvss —epss 0.01
A weakness has been identified in Tenda AC20 16.03.08.12. This affects the function httpd of the file /goform/openSchedWifi. Executing a manipulation of the argument schedStartTime/schedEndTime can lead to buffer overflow. The attack may be performed from remote. The exploit has…
- CVE-2025-14655Dec 14, 2025risk 0.00cvss —epss 0.03
A security flaw has been discovered in Tenda AC20 16.03.08.12. The impacted element is the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg of the component httpd. Performing a manipulation of the argument rebootTime results in stack-based buffer overflow. The…
- CVE-2025-14654Dec 14, 2025risk 0.00cvss —epss 0.03
A vulnerability was identified in Tenda AC20 16.03.08.12. The affected element is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component httpd. Such manipulation of the argument list leads to stack-based buffer overflow. The attack can be executed…
- CVE-2025-14526Dec 11, 2025risk 0.00cvss —epss 0.01
A security flaw has been discovered in Tenda CH22 1.0.0.1. This affects the function frmL7ImForm of the file /goform/L7Im. Performing a manipulation of the argument page results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been released to…
- CVE-2025-14286Dec 9, 2025risk 0.00cvss —epss 0.01
A vulnerability was determined in Tenda AC9 15.03.05.14_multi. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/DownloadCfg.jpg of the component Configuration File Handler. This manipulation causes information disclosure. The attack may be…
- CVE-2025-65804Dec 8, 2025risk 0.00cvss —epss 0.00
Tenda AX3 v16.03.12.11 contains a stack overflow in formSetIptv via the iptvType parameter, which can cause memory corruption and enable remote code execution (RCE).
- CVE-2025-13446Nov 20, 2025risk 0.00cvss —epss 0.03
A vulnerability has been found in Tenda AC21 16.03.08.16. This vulnerability affects unknown code of the file /goform/SetSysTimeCfg. The manipulation of the argument timeZone/time leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The…
- CVE-2025-13445Nov 20, 2025risk 0.00cvss —epss 0.03
A flaw has been found in Tenda AC21 16.03.08.16. This affects an unknown part of the file /goform/SetIpMacBind. Executing a manipulation of the argument list can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been published and may be…
- CVE-2025-65221Nov 20, 2025risk 0.00cvss —epss 0.00
Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the list parameter of /goform/setPptpUserList.
- CVE-2025-65220Nov 20, 2025risk 0.00cvss —epss 0.00
Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow in: /goform/SetVirtualServerCfg via the list parameter.
- CVE-2025-65223Nov 20, 2025risk 0.00cvss —epss 0.00
Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the urls parameter of /goform/saveParentControlInfo.
- CVE-2025-65222Nov 20, 2025risk 0.00cvss —epss 0.02
Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the rebootTime parameter of /goform/SetSysAutoRebbotCfg.
- CVE-2025-65226Nov 20, 2025risk 0.00cvss —epss 0.00
Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the deviceId parameter in /goform/saveParentControlInfo.
- CVE-2025-13400Nov 19, 2025risk 0.00cvss —epss 0.01
A vulnerability was detected in Tenda CH22 1.0.0.1. Affected is the function formWrlExtraGet of the file /goform/WrlExtraGet. Performing a manipulation of the argument chkHz results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and…
- CVE-2025-13288Nov 17, 2025risk 0.00cvss —epss 0.01
A security vulnerability has been detected in Tenda CH22 1.0.0.1. This impacts the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The manipulation of the argument delno leads to buffer overflow. The attack is possible to be carried out remotely. The exploit…
- CVE-2025-13258Nov 17, 2025risk 0.00cvss —epss 0.01
A vulnerability was detected in Tenda AC20 up to 16.03.08.12. The impacted element is an unknown function of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto results in buffer overflow. The attack can be launched remotely. The exploit is now public…
- CVE-2025-63666Nov 12, 2025risk 0.00cvss —epss 0.00
Tenda AC15 v15.03.05.18_multi) issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. An attacker with network access or the ability to run JS in a victim browser can steal the cookie…
- CVE-2025-63149Nov 10, 2025risk 0.00cvss —epss 0.00
Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the urls parameter of the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
- CVE-2025-63835Nov 10, 2025risk 0.00cvss —epss 0.01
A stack-based buffer overflow vulnerability was discovered in Tenda AC18 v15.03.05.05_multi. The vulnerability exists in the guestSsid parameter of the /goform/WifiGuestSet interface. Remote attackers can exploit this vulnerability by sending oversized data to the guestSsid…
- CVE-2025-63147Nov 10, 2025risk 0.00cvss —epss 0.00
Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the deviceId parameter of the saveParentControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
- CVE-2025-63456Nov 10, 2025risk 0.00cvss —epss 0.00
Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the time parameter in the SetSysTimeCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
- CVE-2025-63455Nov 10, 2025risk 0.00cvss —epss 0.00
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
- CVE-2025-63834Nov 10, 2025risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability was discovered in Tenda AC18 v15.03.05.05_multi. The vulnerability exists in the ssid parameter of the wireless settings. Remote attackers can inject malicious payloads that execute when any user visits the router's homepage.
- CVE-2025-63457Nov 10, 2025risk 0.00cvss —epss 0.00
Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the wanMTU parameter in the sub_4F55C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
- CVE-2025-63152Nov 10, 2025risk 0.00cvss —epss 0.00
Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the wpapsk_crypto parameter of the wlSetExternParameter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
- CVE-2025-12622Nov 3, 2025risk 0.00cvss —epss 0.01
A vulnerability was determined in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function formSysRunCmd of the file /goform/SysRunCmd. This manipulation of the argument getui causes buffer overflow. The attack may be initiated remotely. The exploit has been…
- CVE-2025-12619Nov 3, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in Tenda A15 15.13.07.13. Affected is the function fromSetWirelessRepeat of the file /goform/openNetworkGateway. The manipulation of the argument wpapsk_crypto2_4g results in buffer overflow. The attack can be launched remotely. The exploit has been…
- CVE-2025-12618Nov 3, 2025risk 0.00cvss —epss 0.05
A vulnerability has been found in Tenda AC8 16.03.34.06. This impacts an unknown function of the file /goform/DatabaseIniSet. The manipulation of the argument Time leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and…
- CVE-2025-12611Nov 3, 2025risk 0.00cvss —epss 0.01
A vulnerability was identified in Tenda AC21 16.03.08.16. This vulnerability affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument startIp leads to buffer overflow. Remote exploitation of the attack is possible. The exploit…
- CVE-2025-12596Nov 2, 2025risk 0.00cvss —epss 0.01
A security vulnerability has been detected in Tenda AC23 16.03.07.52. Affected is the function saveParentControlInfo of the file /goform/saveParentControlInfo. Such manipulation of the argument Time leads to buffer overflow. It is possible to launch the attack remotely. The…
- CVE-2025-12595Nov 2, 2025risk 0.00cvss —epss 0.01
A weakness has been identified in Tenda AC23 16.03.07.52. This impacts the function formSetVirtualSer of the file /goform/SetVirtualServerCfg. This manipulation of the argument list causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made…
- CVE-2025-63458Oct 31, 2025risk 0.00cvss —epss 0.00
Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the timeZone parameter in the form_fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Page 11 of 41