VYPR

Vendor CVEs

Tenda

All CVEs

2,034 total · sorted by risk
  • CVE-2025-30256Aug 20, 2025
    risk 0.00cvss epss 0.00

    A denial of service vulnerability exists in the HTTP Header Parsing functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted series of HTTP requests can lead to a reboot. An attacker can send multiple network packets to trigger this vulnerability.

  • CVE-2025-32010Aug 20, 2025
    risk 0.00cvss epss 0.01

    A stack-based buffer overflow vulnerability exists in the Cloud API functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP response can lead to arbitrary code execution. An attacker can send an HTTP response to trigger this vulnerability.

  • CVE-2025-55498Aug 20, 2025
    risk 0.00cvss epss 0.00

    Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the time parameter in the fromSetSysTime function.

  • CVE-2025-55503Aug 20, 2025
    risk 0.00cvss epss 0.00

    Tenda AC6 V15.03.06.23_multi has a stack overflow vulnerability via the deviceName parameter in the saveParentControlInfo function.

  • CVE-2025-55499Aug 20, 2025
    risk 0.00cvss epss 0.00

    Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the ntpServer parameter in the fromSetSysTime function.

  • CVE-2025-55482Aug 20, 2025
    risk 0.00cvss epss 0.00

    Tenda AC6 V15.03.06.23_multi is vulnerable to Buffer Overflow in the formSetCfm function.

  • CVE-2025-55483Aug 20, 2025
    risk 0.00cvss epss 0.00

    Tenda AC6 V15.03.06.23_multi is vulnerable to Buffer Overflow in the function formSetMacFilterCfg via the parameters macFilterType and deviceList.

  • CVE-2025-9089Aug 16, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was determined in Tenda AC20 16.03.08.12. This issue affects the function sub_48E628 of the file /goform/SetIpMacBind. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed…

  • CVE-2025-9088Aug 16, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was found in Tenda AC20 16.03.08.12. This vulnerability affects the function save_virtualser_data of the file /goform/formSetVirtualSer. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit…

  • CVE-2025-9087Aug 16, 2025
    risk 0.00cvss epss 0.01

    A vulnerability has been found in Tenda AC20 16.03.08.12. This affects the function set_qosMib_list of the file /goform/SetNetControlList of the component SetNetControlList Endpoint. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to…

  • CVE-2025-9046Aug 15, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was identified in Tenda AC20 16.03.08.12. This issue affects the function sub_46A2AC of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been…

  • CVE-2025-9023Aug 15, 2025
    risk 0.00cvss epss 0.01

    A vulnerability has been found in Tenda AC7 and AC18 15.03.05.19/15.03.06.44. Affected is the function formSetSchedLed of the file /goform/SetLEDCfg. The manipulation of the argument Time leads to buffer overflow. It is possible to launch the attack remotely. The exploit has…

  • CVE-2025-9007Aug 15, 2025
    risk 0.00cvss epss 0.01

    A vulnerability has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function formeditFileName of the file /goform/editFileName. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be…

  • CVE-2025-9006Aug 15, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was identified in Tenda CH22 1.0.0.1. Affected by this vulnerability is the function formdelFileName of the file /goform/delFileName. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and…

  • CVE-2025-8979Aug 14, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was identified in Tenda AC15 15.13.07.13. Affected by this vulnerability is the function check_fw_type/split_fireware/check_fw of the component Firmware Update Handler. The manipulation leads to insufficient verification of data authenticity. The attack can be…

  • CVE-2025-8958Aug 14, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was identified in Tenda TX3 16.03.13.11_multi_TDE01. Affected by this vulnerability is an unknown functionality of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be launched…

  • CVE-2025-8940Aug 14, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Affected by this vulnerability is the function strcpy of the file /goform/saveParentControlInfo. The manipulation of the argument Time leads to buffer overflow. The attack can be launched remotely. The exploit has…

  • CVE-2025-8939Aug 14, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was determined in Tenda AC20 up to 16.03.08.12. Affected is an unknown function of the file /goform/WifiGuestSet. The manipulation of the argument shareSpeed leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to…

  • CVE-2025-8810Aug 10, 2025
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical was found in Tenda AC20 16.03.08.05. Affected by this vulnerability is the function strcpy of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. The attack can be launched…

  • CVE-2025-8180Jul 26, 2025
    risk 0.00cvss epss 0.07

    A vulnerability, which was classified as critical, has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function formdeleteUserName of the file /goform/deleteUserName. The manipulation of the argument old_account leads to buffer overflow. The attack may be…

  • CVE-2025-8178Jul 26, 2025
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /goform/RequestsProcessLaid. The manipulation of the argument device1D leads to heap-based buffer overflow. It is possible to launch the attack remotely.…

  • CVE-2025-8160Jul 25, 2025
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in Tenda AC20 up to 16.03.08.12. Affected is an unknown function of the file /goform/SetSysTimeCfg of the component httpd. The manipulation of the argument timeZone leads to buffer overflow. It is possible to launch the…

  • CVE-2025-8131Jul 25, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was found in Tenda AC20 16.03.08.05. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be…

  • CVE-2025-51087Jul 24, 2025
    risk 0.00cvss epss 0.08

    Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/saveParentControlInfo. The manipulation of the argument time leads to stack-based buffer overflow.

  • CVE-2025-51088Jul 24, 2025
    risk 0.00cvss epss 0.07

    Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/WifiGuestSet. The manipulation of the argument `shareSpeed` leads to stack-based buffer overflow.

  • CVE-2025-51085Jul 24, 2025
    risk 0.00cvss epss 0.07

    Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/SetSysTimeCfg. The manipulation of the argument `timeZone` and `timeType` leads to stack-based buffer overflow.

  • CVE-2025-51082Jul 24, 2025
    risk 0.00cvss epss 0.00

    Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/fast_setting_wifi_set. The manipulation of the argument `timeZone` leads to stack-based buffer overflow.

  • CVE-2025-51089Jul 24, 2025
    risk 0.00cvss epss 0.06

    Tenda AC8V4 V16.03.34.06` was discovered to contain heap overflow at /goform/GetParentControlInfo.The manipulation of the argument `mac` leads to heap-based buffer overflow.

  • CVE-2025-8060Jul 23, 2025
    risk 0.00cvss epss 0.01

    A vulnerability has been found in Tenda AC23 16.03.07.52 and classified as critical. Affected by this vulnerability is the function sub_46C940 of the file /goform/setMacFilterCfg of the component httpd. The manipulation of the argument deviceList leads to stack-based buffer…

  • CVE-2025-8017Jul 22, 2025
    risk 0.00cvss epss 0.08

    A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. Affected is the function formSetMacFilterCfg of the file /goform/setMacFilterCfg of the component httpd. The manipulation of the argument deviceList leads to stack-based buffer overflow. It…

  • CVE-2025-7914Jul 21, 2025
    risk 0.00cvss epss 0.01

    A vulnerability has been found in Tenda AC6 15.03.06.50 and classified as critical. Affected by this vulnerability is the function setparentcontrolinfo of the component httpd. The manipulation leads to buffer overflow. The attack can be launched remotely.

  • CVE-2025-7855Jul 19, 2025
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical was found in Tenda FH451 1.0.0.9. Affected by this vulnerability is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be launched remotely.

  • CVE-2025-7854Jul 19, 2025
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. Affected is the function fromVirtualSer of the file /goform/VirtualSer. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The…

  • CVE-2025-7853Jul 19, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was found in Tenda FH451 1.0.0.9. It has been rated as critical. This issue affects the function fromSetIpBind of the file /goform/SetIpBind. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The…

  • CVE-2025-7807Jul 18, 2025
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, has been found in Tenda FH451 1.0.0.9. This issue affects the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. The manipulation of the argument Go/page leads to stack-based buffer overflow. The attack may be…

  • CVE-2025-7806Jul 18, 2025
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical was found in Tenda FH451 1.0.0.9. This vulnerability affects the function fromSafeClientFilter of the file /goform/SafeClientFilter. The manipulation of the argument Go/page leads to stack-based buffer overflow. The attack can be initiated…

  • CVE-2025-7805Jul 18, 2025
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. This affects the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The manipulation of the argument delno leads to stack-based buffer overflow. It is possible to initiate the attack…

  • CVE-2025-7796Jul 18, 2025
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, was found in Tenda FH451 1.0.0.9. This affects the function fromPptpUserAdd of the file /goform/PPTPDClient. The manipulation of the argument Username leads to stack-based buffer overflow. It is possible to initiate the attack…

  • CVE-2025-7794Jul 18, 2025
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical was found in Tenda FH451 1.0.0.9. Affected by this vulnerability is the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be…

  • CVE-2025-7793Jul 18, 2025
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. Affected is the function formWebTypeLibrary of the file /goform/webtypelibrary. The manipulation of the argument webSiteId leads to stack-based buffer overflow. It is possible to launch the attack…

  • CVE-2025-7792Jul 18, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was found in Tenda FH451 1.0.0.9. It has been rated as critical. This issue affects the function formSafeEmailFilter of the file /goform/SafeEmailFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated…

  • CVE-2025-7747Jul 17, 2025
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. This affects the function fromWizardHandle of the file /goform/WizardHandle of the component POST Request Handler. The manipulation of the argument PPW leads to buffer overflow. It is possible to…

  • CVE-2025-7598Jul 14, 2025
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical was found in Tenda AX1803 1.0.0.1. Affected by this vulnerability is the function formSetWifiMacFilterCfg of the file /goform/setWifiFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack can…

  • CVE-2025-7597Jul 14, 2025
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in Tenda AX1803 1.0.0.1. Affected is the function formSetMacFilterCfg of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. It is possible to launch the attack…

  • CVE-2025-7596Jul 14, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has been rated as critical. This issue affects the function formWifiExtraSet of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. The attack may be…

  • CVE-2025-7586Jul 14, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been declared as critical. Affected by this vulnerability is the function formSetAPCfg of the file /goform/setWtpData. The manipulation of the argument radio_2g_1 leads to stack-based buffer overflow. The attack can…

  • CVE-2025-52363Jul 14, 2025
    risk 0.00cvss epss 0.00

    Tenda CP3 Pro Firmware V22.5.4.93 contains a hardcoded root password hash in the /etc/passwd file and /etc/passwd-. An attacker with access to the firmware image can extract and attempt to crack the root password hash, potentially obtaining administrative access

  • CVE-2025-7551Jul 13, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was found in Tenda FH1201 1.2.0.14(408). It has been declared as critical. Affected by this vulnerability is the function fromPptpUserAdd of the file /goform/PPTPDClient. The manipulation of the argument modino/username leads to stack-based buffer overflow. The…

  • CVE-2025-7550Jul 13, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was found in Tenda FH1201 1.2.0.14(408). It has been classified as critical. Affected is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer. The manipulation of the argument dips leads to stack-based buffer overflow. It is possible to launch the…

  • CVE-2025-7549Jul 13, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was found in Tenda FH1201 1.2.0.14(408) and classified as critical. This issue affects the function frmL7ProtForm of the file /goform/L7Prot. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The…

Page 14 of 41