VYPR

Vendor CVEs

Tenda

All CVEs

2,034 total · sorted by risk
  • CVE-2025-11123Sep 28, 2025
    risk 0.00cvss epss 0.01

    A flaw has been found in Tenda AC18 15.03.05.19. This impacts an unknown function of the file /goform/saveAutoQos. This manipulation of the argument enable causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used.

  • CVE-2025-11122Sep 28, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was detected in Tenda AC18 15.03.05.19. This affects an unknown function of the file /goform/WizardHandle. The manipulation of the argument WANT/mtuvalue results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and…

  • CVE-2025-11120Sep 28, 2025
    risk 0.00cvss epss 0.03

    A weakness has been identified in Tenda AC8 16.03.34.06. The affected element is the function formSetServerConfig of the file /goform/SetServerConfig. Executing manipulation can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been made…

  • CVE-2025-11117Sep 28, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was determined in Tenda CH22 1.0.0.1. This vulnerability affects the function formWrlExtraGet of the file /goform/GstDhcpSetSer. This manipulation of the argument dips causes buffer overflow. The attack is possible to be carried out remotely. The exploit has been…

  • CVE-2025-11091Sep 28, 2025
    risk 0.00cvss epss 0.01

    A security flaw has been discovered in Tenda AC21 up to 16.03.08.16. Affected by this vulnerability is the function sscanf of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overflow. The attack can be launched remotely. The exploit…

  • CVE-2025-10838Sep 23, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was identified in Tenda AC21 16.03.08.16. The affected element is the function sub_45BB10 of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to buffer overflow. It is possible to initiate the attack remotely. The exploit is…

  • CVE-2025-57639Sep 23, 2025
    risk 0.00cvss epss 0.01

    OS Command injection vulnerability in Tenda AC9 1.0 was discovered to contain a command injection vulnerability via the usb.samba.guest.user parameter in the formSetSambaConf function of the httpd file.

  • CVE-2025-57638Sep 23, 2025
    risk 0.00cvss epss 0.00

    Buffer overflow vulnerability in Tenda AC9 1.0 via the user supplied sys.vendor configuration value.

  • CVE-2025-10815Sep 22, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Affected by this issue is the function strcpy of the file /goform/SetPptpServerCfg of the component HTTP POST Request Handler. Such manipulation of the argument startIp leads to buffer overflow. The attack can be…

  • CVE-2025-10803Sep 22, 2025
    risk 0.00cvss epss 0.01

    A vulnerability has been found in Tenda AC23 up to 16.03.07.52. Affected by this vulnerability is the function sscanf of the file /goform/SetPptpServerCfg of the component HTTP POST Request Handler. Such manipulation of the argument startIp leads to buffer overflow. It is…

  • CVE-2025-57296Sep 19, 2025
    risk 0.00cvss epss 0.03

    Tenda AC6 router firmware 15.03.05.19 contains a command injection vulnerability in the formSetIptv function, which processes requests to the /goform/SetIPTVCfg web interface. When handling the list and vlanId parameters, the sub_ADBC0 helper function concatenates these…

  • CVE-2025-57528Sep 19, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01 allowing attackers to cause a denial of service via the funcname, funcpara1, funcpara2 parameters to the formSetCfm function (uri path: SetCfm).

  • CVE-2025-10443Sep 15, 2025
    risk 0.00cvss epss 0.04

    A vulnerability was identified in Tenda AC9 and AC15 15.03.05.14/15.03.05.18. This vulnerability affects the function formexeCommand of the file /goform/exeCommand. Such manipulation of the argument cmdinput leads to buffer overflow. The attack can be executed remotely. The…

  • CVE-2025-10432Sep 15, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was found in Tenda AC1206 15.03.06.23. This vulnerability affects the function check_param_changed of the file /goform/AdvSetMacMtuWa of the component HTTP Request Handler. Performing manipulation of the argument wanMTU results in stack-based buffer overflow.…

  • CVE-2025-57570Sep 10, 2025
    risk 0.00cvss epss 0.00

    Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the QosList parameter in goform/setQoS.

  • CVE-2025-57573Sep 10, 2025
    risk 0.00cvss epss 0.00

    Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the wifiTimeClose parameter in goform/setWifi.

  • CVE-2025-57571Sep 10, 2025
    risk 0.00cvss epss 0.00

    Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow. via the macFilterList parameter in goform/setNAT.

  • CVE-2025-57569Sep 10, 2025
    risk 0.00cvss epss 0.00

    Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the portList parameter in /goform/setNAT.

  • CVE-2025-57572Sep 10, 2025
    risk 0.00cvss epss 0.00

    Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the onlineList parameter in goform/setParentControl.

  • CVE-2025-10120Sep 9, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was detected in Tenda AC20 up to 16.03.08.12. The impacted element is the function strcpy of the file /goform/GetParentControlInfo. The manipulation of the argument mac results in buffer overflow. The attack may be performed from remote. The exploit is now public…

  • CVE-2025-57085Sep 9, 2025
    risk 0.00cvss epss 0.00

    Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the v17 parameter in the UploadCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

  • CVE-2025-57087Sep 9, 2025
    risk 0.00cvss epss 0.00

    Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the countryCode parameter in the werlessAdvancedSet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

  • CVE-2025-57086Sep 9, 2025
    risk 0.00cvss epss 0.00

    Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the String parameter in the formDeleteMeshNode function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

  • CVE-2025-55852Sep 3, 2025
    risk 0.00cvss epss 0.00

    Tenda AC8 v16.03.34.06 is vulnerable to Buffer Overflow in the formWifiBasicSet function via the parameter security or security_5g.

  • CVE-2025-9813Sep 2, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was identified in Tenda CH22 1.0.0.1. This issue affects the function formSetSambaConf of the file /goform/SetSambaConf. The manipulation of the argument samba_userNameSda leads to buffer overflow. It is possible to initiate the attack remotely. The exploit is…

  • CVE-2025-9812Sep 2, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was determined in Tenda CH22 1.0.0.1. This vulnerability affects the function formexeCommand of the file /goform/exeCommand. Executing manipulation of the argument cmdinput can lead to buffer overflow. The attack may be performed from remote. The exploit has been…

  • CVE-2025-9791Sep 1, 2025
    risk 0.00cvss epss 0.01

    A weakness has been identified in Tenda AC20 16.03.08.05. This vulnerability affects unknown code of the file /goform/fromAdvSetMacMtuWan. This manipulation of the argument wanMTU causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has…

  • CVE-2025-9748Aug 31, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was determined in Tenda CH22 1.0.0.1. Affected by this issue is the function fromIpsecitem of the file /goform/IPSECsave of the component httpd. Executing manipulation of the argument ipsecno can lead to stack-based buffer overflow. The attack may be performed…

  • CVE-2025-9605Aug 29, 2025
    risk 0.00cvss epss 0.01

    A security vulnerability has been detected in Tenda AC21 and AC23 16.03.08.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. Such manipulation of the argument mac leads to stack-based buffer overflow. The attack can be launched remotely.…

  • CVE-2025-57217Aug 28, 2025
    risk 0.00cvss epss 0.00

    Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the Password parameter in the function R7WebsSecurityHandler.

  • CVE-2025-52054Aug 28, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in Tenda AC8 v4.0 AC1200 Dual-band Gigabit Wireless Router AC8v4.0 Firmware 16.03.33.05. The root password of the device is calculated with a static string and the last two octets of the MAC address of the device. This allows an unauthenticated attacker…

  • CVE-2025-57219Aug 28, 2025
    risk 0.00cvss epss 0.00

    Incorrect access control in the endpoint /goform/ate of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 allows attackers to escalate privileges or access sensitive components via a crafted request.

  • CVE-2025-57215Aug 28, 2025
    risk 0.00cvss epss 0.00

    Tenda AC10 v4.0 firmware v16.03.10.20 was discovered to contain a stack overflow via the function get_parentControl_list_Info.

  • CVE-2025-57220Aug 28, 2025
    risk 0.00cvss epss 0.01

    An input validation flaw in the 'ate' service of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 to escalate privileges to root via a crafted UDP packet.

  • CVE-2025-57218Aug 28, 2025
    risk 0.00cvss epss 0.01

    Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the security_5g parameter in the function sub_46284C.

  • CVE-2025-9523Aug 27, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was detected in Tenda AC1206 15.03.06.23. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac results in stack-based buffer overflow. It is possible to launch the attack remotely. The…

  • CVE-2025-55495Aug 27, 2025
    risk 0.00cvss epss 0.00

    Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function.

  • CVE-2025-9443Aug 26, 2025
    risk 0.00cvss epss 0.01

    A flaw has been found in Tenda CH22 1.0.0.1. This vulnerability affects the function formeditUserName of the file /goform/editUserName. Executing manipulation of the argument new_account can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has…

  • CVE-2025-55605Aug 22, 2025
    risk 0.00cvss epss 0.00

    Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the saveParentControlInfo function via the deviceName parameter.

  • CVE-2025-55606Aug 22, 2025
    risk 0.00cvss epss 0.00

    Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromAdvSetMacMtuWan function via the serverName parameter.

  • CVE-2025-55613Aug 22, 2025
    risk 0.00cvss epss 0.01

    Tenda O3V2 1.0.0.12(3880) is vulnerable to Buffer Overflow in the fromSafeSetMacFilter function via the mac parameter.

  • CVE-2025-55603Aug 22, 2025
    risk 0.00cvss epss 0.00

    Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromSetSysTime function via the ntpServer parameter.

  • CVE-2025-9299Aug 21, 2025
    risk 0.00cvss epss 0.04

    A vulnerability has been found in Tenda M3 1.0.0.12. Affected by this vulnerability is the function formGetMasterPassengerAnalyseData of the file /goform/getMasterPassengerAnalyseData. The manipulation of the argument Time leads to stack-based buffer overflow. The attack may be…

  • CVE-2025-9298Aug 21, 2025
    risk 0.00cvss epss 0.01

    A flaw has been found in Tenda M3 1.0.0.12. Affected is the function formQuickIndex of the file /goform/QuickIndex. Executing manipulation of the argument PPPOEPassword can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published…

  • CVE-2025-9297Aug 21, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was detected in Tenda i22 1.0.0.3(4687). This impacts the function formWeixinAuthInfoGet of the file /goform/wxportalauth. Performing manipulation of the argument Type results in stack-based buffer overflow. The attack can be initiated remotely. The exploit is…

  • CVE-2025-55564Aug 21, 2025
    risk 0.00cvss epss 0.00

    Tenda AC15 v15.03.05.19_multi_TD01 has a stack overflow via the list parameter in the fromSetIpMacBind function.

  • CVE-2025-31355Aug 20, 2025
    risk 0.00cvss epss 0.00

    A firmware update vulnerability exists in the Firmware Signature Validation functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted malicious file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

  • CVE-2025-24322Aug 20, 2025
    risk 0.00cvss epss 0.01

    An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted network request can lead to arbitrary code execution. An attacker can browse to the device to trigger this vulnerability.

  • CVE-2025-24496Aug 20, 2025
    risk 0.00cvss epss 0.00

    An information disclosure vulnerability exists in the /goform/getproductInfo functionality of Tenda AC6 V5.0 V02.03.01.110. Specially crafted network packets can lead to a disclosure of sensitive information. An attacker can send packets to trigger this vulnerability.

  • CVE-2025-27129Aug 20, 2025
    risk 0.00cvss epss 0.02

    An authentication bypass vulnerability exists in the HTTP authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send packets to trigger this vulnerability.

Page 13 of 41