Vendor CVEs
Tenda
All CVEs
2,034 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-3820 | 0.00 | — | 0.08 | Apr 19, 2025 | A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644) and classified as critical. Affected by this issue is the function cgiSysUplinkCheckSet of the file /bin/httpd. The manipulation of the argument hostIp1/hostIp2 leads to stack-based buffer overflow. The… | |||
| CVE-2025-3803 | 0.00 | — | 0.01 | Apr 19, 2025 | A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). It has been rated as critical. This issue affects the function cgiSysScheduleRebootSet of the file /bin/httpd. The manipulation of the argument rebootDate leads to stack-based buffer overflow. The attack… | |||
| CVE-2025-3802 | 0.00 | — | 0.01 | Apr 19, 2025 | A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). It has been declared as critical. This vulnerability affects the function cgiPingSet of the file /bin/httpd. The manipulation of the argument pingIP leads to stack-based buffer overflow. The attack can… | |||
| CVE-2025-3786 | 0.00 | — | 0.01 | Apr 18, 2025 | A vulnerability was found in Tenda AC15 up to 15.03.05.19 and classified as critical. This issue affects the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument mac leads to buffer overflow. The attack may be initiated remotely. The… | |||
| CVE-2025-25454 | 0.00 | — | 0.00 | Apr 17, 2025 | Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanSpeed2. | |||
| CVE-2025-25457 | 0.00 | — | 0.01 | Apr 17, 2025 | Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via cloneType2. | |||
| CVE-2025-25455 | 0.00 | — | 0.00 | Apr 17, 2025 | Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanMTU2. | |||
| CVE-2025-25458 | 0.00 | — | 0.00 | Apr 15, 2025 | Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via serverName2. | |||
| CVE-2025-25453 | 0.00 | — | 0.00 | Apr 15, 2025 | Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via serviceName2. | |||
| CVE-2025-25456 | 0.00 | — | 0.01 | Apr 15, 2025 | Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via mac2. | |||
| CVE-2025-3328 | 0.00 | — | 0.05 | Apr 7, 2025 | A vulnerability was found in Tenda AC1206 15.03.06.23. It has been classified as critical. Affected is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid/timeZone leads to buffer overflow. It is possible to… | |||
| CVE-2025-3259 | 0.00 | — | 0.01 | Apr 4, 2025 | A vulnerability, which was classified as critical, has been found in Tenda RX3 16.03.13.11. This issue affects the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be… | |||
| CVE-2025-3237 | 0.00 | — | 0.01 | Apr 4, 2025 | A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects some unknown processing of the file /goform/wrlwpsset. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been… | |||
| CVE-2025-3236 | 0.00 | — | 0.01 | Apr 4, 2025 | A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been declared as critical. This vulnerability affects unknown code of the file /goform/VirSerDMZ of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be… | |||
| CVE-2025-3203 | 0.00 | — | 0.01 | Apr 4, 2025 | A vulnerability classified as problematic was found in Tenda W18E 16.01.0.11. Affected by this vulnerability is the function formSetAccountList of the file /goform/setModules. The manipulation of the argument Password leads to stack-based buffer overflow. The attack can be… | |||
| CVE-2025-3167 | 0.00 | — | 0.01 | Apr 3, 2025 | A vulnerability, which was classified as problematic, has been found in Tenda AC23 16.03.07.52. This issue affects some unknown processing of the file /goform/VerAPIMant of the component API Interface. The manipulation of the argument getuid leads to denial of service. The… | |||
| CVE-2025-3161 | 0.00 | — | 0.01 | Apr 3, 2025 | A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. This issue affects the function ShutdownSetAdd of the file /goform/ShutdownSetAdd. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely.… | |||
| CVE-2025-29462 | 0.00 | — | 0.00 | Apr 3, 2025 | A buffer overflow vulnerability has been discovered in Tenda Ac15 V15.13.07.13. The vulnerability occurs when the webCgiGetUploadFile function calls the socketRead function to process HTTP request messages, resulting in the overwriting of a buffer on the stack. | |||
| CVE-2025-2996 | 0.00 | — | 0.01 | Mar 31, 2025 | A vulnerability was found in Tenda FH1202 1.2.0.14(408) and classified as critical. This issue affects some unknown processing of the file /goform/SysToolDDNS of the component Web Management Interface. The manipulation leads to improper access controls. The attack may be… | |||
| CVE-2025-2995 | 0.00 | — | 0.01 | Mar 31, 2025 | A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. This vulnerability affects unknown code of the file /goform/SysToolChangePwd of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be… | |||
| CVE-2025-2994 | 0.00 | — | 0.01 | Mar 31, 2025 | A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2.0.14(408). This affects an unknown part of the file /goform/qossetting of the component Web Management Interface. The manipulation leads to improper access controls. It is possible to initiate the… | |||
| CVE-2025-2993 | 0.00 | — | 0.08 | Mar 31, 2025 | A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). Affected by this issue is some unknown functionality of the file /default.cfg. The manipulation of the argument these leads to improper access controls. The attack may be launched… | |||
| CVE-2025-2992 | 0.00 | — | 0.01 | Mar 31, 2025 | A vulnerability classified as critical was found in Tenda FH1202 1.2.0.14(408). Affected by this vulnerability is an unknown functionality of the file /goform/AdvSetWrlsafeset of the component Web Management Interface. The manipulation leads to improper access controls. The… | |||
| CVE-2025-2991 | 0.00 | — | 0.01 | Mar 31, 2025 | A vulnerability classified as critical has been found in Tenda FH1202 1.2.0.14(408). Affected is an unknown function of the file /goform/AdvSetWrlmacfilter of the component Web Management Interface. The manipulation leads to improper access controls. It is possible to launch the… | |||
| CVE-2025-2990 | 0.00 | — | 0.01 | Mar 31, 2025 | A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects some unknown processing of the file /goform/AdvSetWrlGstset of the component Web Management Interface. The manipulation leads to improper access controls. The attack may be… | |||
| CVE-2025-2989 | 0.00 | — | 0.01 | Mar 31, 2025 | A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been declared as critical. This vulnerability affects unknown code of the file /goform/AdvSetWrl of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be… | |||
| CVE-2025-28220 | 0.00 | — | 0.00 | Mar 28, 2025 | Tenda W6_S v1.0.0.4_510 has a Buffer Overflow vulnerability in the setcfm function, which allows remote attackers to cause web server crash via parameter funcpara1 passed to the binary through a POST request. | |||
| CVE-2025-28221 | 0.00 | — | 0.00 | Mar 28, 2025 | Tenda W6_S v1.0.0.4_510 has a Buffer Overflow vulnerability in the set_local_time function, which allows remote attackers to cause web server crash via parameter time passed to the binary through a POST request. | |||
| CVE-2025-29135 | 0.00 | — | 0.01 | Mar 24, 2025 | A stack-based buffer overflow vulnerability in Tenda AC7 V15.03.06.44 allows a remote attacker to execute arbitrary code through a stack overflow attack using the security parameter of the formWifiBasicSet function. | |||
| CVE-2025-29100 | 0.00 | — | 0.01 | Mar 24, 2025 | Tenda AC8 V16.03.34.06 is vulnerable to Buffer Overflow in the fromSetRouteStatic function via the parameter list. | |||
| CVE-2025-29217 | 0.00 | — | 0.01 | Mar 20, 2025 | Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow in the wifiSSID parameter at /goform/setModules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||
| CVE-2025-29101 | 0.00 | — | 0.00 | Mar 20, 2025 | Tenda AC8V4.0 V16.03.34.06 was discovered to contain a stack overflow via the deviceid parameter in the get_parentControl_list_Info function. | |||
| CVE-2025-29218 | 0.00 | — | 0.00 | Mar 20, 2025 | Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow in the wifiPwd parameter at /goform/setModules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||
| CVE-2025-29215 | 0.00 | — | 0.01 | Mar 20, 2025 | Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow via the sub_43fdcc function at /goform/SetNetControlList. | |||
| CVE-2025-29149 | 0.00 | — | 0.00 | Mar 20, 2025 | Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the ping1 parameter in the formSetAutoPing function. | |||
| CVE-2025-29121 | 0.00 | — | 0.00 | Mar 20, 2025 | A vulnerability was found in Tenda AC6 V15.03.05.16. The vulnerability affects the functionality of the /goform/fast_setting_wifi_set file form_fast_setting_wifi_set. Using the timeZone parameter causes a stack-based buffer overflow. | |||
| CVE-2025-29214 | 0.00 | — | 0.01 | Mar 20, 2025 | Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow via the sub_42F69C function at /goform/setMacFilterCfg. | |||
| CVE-2025-29118 | 0.00 | — | 0.00 | Mar 19, 2025 | Tenda AC8 V16.03.34.06 was discovered to contain a stack overflow via the src parameter in the function sub_47D878. | |||
| CVE-2025-29137 | 0.00 | — | 0.01 | Mar 19, 2025 | Tenda AC7 V1.0 V15.03.06.44 found a buffer overflow caused by the timeZone parameter in the form_fast_setting_wifi_set function, which can cause RCE. | |||
| CVE-2025-29385 | 0.00 | — | 0.01 | Mar 14, 2025 | In Tenda AC9 v1.0 V15.03.05.14_multi, the cloneType parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. | |||
| CVE-2025-29386 | 0.00 | — | 0.01 | Mar 14, 2025 | In Tenda AC9 v1.0 V15.03.05.14_multi, the mac parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. | |||
| CVE-2025-29387 | 0.00 | — | 0.01 | Mar 14, 2025 | In Tenda AC9 v1.0 V15.03.05.14_multi, the wanSpeed parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. | |||
| CVE-2025-29031 | 0.00 | — | 0.00 | Mar 14, 2025 | Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the fromAddressNat function. | |||
| CVE-2025-29029 | 0.00 | — | 0.00 | Mar 14, 2025 | Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the formSetSpeedWan function. | |||
| CVE-2025-29030 | 0.00 | — | 0.00 | Mar 14, 2025 | Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the formWifiWpsOOB function. | |||
| CVE-2025-29032 | 0.00 | — | 0.04 | Mar 14, 2025 | Tenda AC9 v15.03.05.19(6318) was discovered to contain a buffer overflow via the formWifiWpsOOB function. | |||
| CVE-2025-29359 | 0.00 | — | 0.00 | Mar 13, 2025 | Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the deviceId parameter at /goform/saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | |||
| CVE-2025-29357 | 0.00 | — | 0.00 | Mar 13, 2025 | Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the startIp and endIp parameters at /goform/SetPptpServerCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | |||
| CVE-2025-29362 | 0.00 | — | 0.00 | Mar 13, 2025 | Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the list parameter at /goform/setPptpUserList. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | |||
| CVE-2025-29361 | 0.00 | — | 0.01 | Mar 13, 2025 | Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the list parameter at /goform/SetVirtualServerCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. |
- CVE-2025-3820Apr 19, 2025risk 0.00cvss —epss 0.08
A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644) and classified as critical. Affected by this issue is the function cgiSysUplinkCheckSet of the file /bin/httpd. The manipulation of the argument hostIp1/hostIp2 leads to stack-based buffer overflow. The…
- CVE-2025-3803Apr 19, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). It has been rated as critical. This issue affects the function cgiSysScheduleRebootSet of the file /bin/httpd. The manipulation of the argument rebootDate leads to stack-based buffer overflow. The attack…
- CVE-2025-3802Apr 19, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). It has been declared as critical. This vulnerability affects the function cgiPingSet of the file /bin/httpd. The manipulation of the argument pingIP leads to stack-based buffer overflow. The attack can…
- CVE-2025-3786Apr 18, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in Tenda AC15 up to 15.03.05.19 and classified as critical. This issue affects the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument mac leads to buffer overflow. The attack may be initiated remotely. The…
- CVE-2025-25454Apr 17, 2025risk 0.00cvss —epss 0.00
Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanSpeed2.
- CVE-2025-25457Apr 17, 2025risk 0.00cvss —epss 0.01
Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via cloneType2.
- CVE-2025-25455Apr 17, 2025risk 0.00cvss —epss 0.00
Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanMTU2.
- CVE-2025-25458Apr 15, 2025risk 0.00cvss —epss 0.00
Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via serverName2.
- CVE-2025-25453Apr 15, 2025risk 0.00cvss —epss 0.00
Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via serviceName2.
- CVE-2025-25456Apr 15, 2025risk 0.00cvss —epss 0.01
Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via mac2.
- CVE-2025-3328Apr 7, 2025risk 0.00cvss —epss 0.05
A vulnerability was found in Tenda AC1206 15.03.06.23. It has been classified as critical. Affected is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid/timeZone leads to buffer overflow. It is possible to…
- CVE-2025-3259Apr 4, 2025risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, has been found in Tenda RX3 16.03.13.11. This issue affects the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be…
- CVE-2025-3237Apr 4, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects some unknown processing of the file /goform/wrlwpsset. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been…
- CVE-2025-3236Apr 4, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been declared as critical. This vulnerability affects unknown code of the file /goform/VirSerDMZ of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be…
- CVE-2025-3203Apr 4, 2025risk 0.00cvss —epss 0.01
A vulnerability classified as problematic was found in Tenda W18E 16.01.0.11. Affected by this vulnerability is the function formSetAccountList of the file /goform/setModules. The manipulation of the argument Password leads to stack-based buffer overflow. The attack can be…
- CVE-2025-3167Apr 3, 2025risk 0.00cvss —epss 0.01
A vulnerability, which was classified as problematic, has been found in Tenda AC23 16.03.07.52. This issue affects some unknown processing of the file /goform/VerAPIMant of the component API Interface. The manipulation of the argument getuid leads to denial of service. The…
- CVE-2025-3161Apr 3, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. This issue affects the function ShutdownSetAdd of the file /goform/ShutdownSetAdd. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely.…
- CVE-2025-29462Apr 3, 2025risk 0.00cvss —epss 0.00
A buffer overflow vulnerability has been discovered in Tenda Ac15 V15.13.07.13. The vulnerability occurs when the webCgiGetUploadFile function calls the socketRead function to process HTTP request messages, resulting in the overwriting of a buffer on the stack.
- CVE-2025-2996Mar 31, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in Tenda FH1202 1.2.0.14(408) and classified as critical. This issue affects some unknown processing of the file /goform/SysToolDDNS of the component Web Management Interface. The manipulation leads to improper access controls. The attack may be…
- CVE-2025-2995Mar 31, 2025risk 0.00cvss —epss 0.01
A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. This vulnerability affects unknown code of the file /goform/SysToolChangePwd of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be…
- CVE-2025-2994Mar 31, 2025risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2.0.14(408). This affects an unknown part of the file /goform/qossetting of the component Web Management Interface. The manipulation leads to improper access controls. It is possible to initiate the…
- CVE-2025-2993Mar 31, 2025risk 0.00cvss —epss 0.08
A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). Affected by this issue is some unknown functionality of the file /default.cfg. The manipulation of the argument these leads to improper access controls. The attack may be launched…
- CVE-2025-2992Mar 31, 2025risk 0.00cvss —epss 0.01
A vulnerability classified as critical was found in Tenda FH1202 1.2.0.14(408). Affected by this vulnerability is an unknown functionality of the file /goform/AdvSetWrlsafeset of the component Web Management Interface. The manipulation leads to improper access controls. The…
- CVE-2025-2991Mar 31, 2025risk 0.00cvss —epss 0.01
A vulnerability classified as critical has been found in Tenda FH1202 1.2.0.14(408). Affected is an unknown function of the file /goform/AdvSetWrlmacfilter of the component Web Management Interface. The manipulation leads to improper access controls. It is possible to launch the…
- CVE-2025-2990Mar 31, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects some unknown processing of the file /goform/AdvSetWrlGstset of the component Web Management Interface. The manipulation leads to improper access controls. The attack may be…
- CVE-2025-2989Mar 31, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been declared as critical. This vulnerability affects unknown code of the file /goform/AdvSetWrl of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be…
- CVE-2025-28220Mar 28, 2025risk 0.00cvss —epss 0.00
Tenda W6_S v1.0.0.4_510 has a Buffer Overflow vulnerability in the setcfm function, which allows remote attackers to cause web server crash via parameter funcpara1 passed to the binary through a POST request.
- CVE-2025-28221Mar 28, 2025risk 0.00cvss —epss 0.00
Tenda W6_S v1.0.0.4_510 has a Buffer Overflow vulnerability in the set_local_time function, which allows remote attackers to cause web server crash via parameter time passed to the binary through a POST request.
- CVE-2025-29135Mar 24, 2025risk 0.00cvss —epss 0.01
A stack-based buffer overflow vulnerability in Tenda AC7 V15.03.06.44 allows a remote attacker to execute arbitrary code through a stack overflow attack using the security parameter of the formWifiBasicSet function.
- CVE-2025-29100Mar 24, 2025risk 0.00cvss —epss 0.01
Tenda AC8 V16.03.34.06 is vulnerable to Buffer Overflow in the fromSetRouteStatic function via the parameter list.
- CVE-2025-29217Mar 20, 2025risk 0.00cvss —epss 0.01
Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow in the wifiSSID parameter at /goform/setModules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
- CVE-2025-29101Mar 20, 2025risk 0.00cvss —epss 0.00
Tenda AC8V4.0 V16.03.34.06 was discovered to contain a stack overflow via the deviceid parameter in the get_parentControl_list_Info function.
- CVE-2025-29218Mar 20, 2025risk 0.00cvss —epss 0.00
Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow in the wifiPwd parameter at /goform/setModules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
- CVE-2025-29215Mar 20, 2025risk 0.00cvss —epss 0.01
Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow via the sub_43fdcc function at /goform/SetNetControlList.
- CVE-2025-29149Mar 20, 2025risk 0.00cvss —epss 0.00
Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the ping1 parameter in the formSetAutoPing function.
- CVE-2025-29121Mar 20, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in Tenda AC6 V15.03.05.16. The vulnerability affects the functionality of the /goform/fast_setting_wifi_set file form_fast_setting_wifi_set. Using the timeZone parameter causes a stack-based buffer overflow.
- CVE-2025-29214Mar 20, 2025risk 0.00cvss —epss 0.01
Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow via the sub_42F69C function at /goform/setMacFilterCfg.
- CVE-2025-29118Mar 19, 2025risk 0.00cvss —epss 0.00
Tenda AC8 V16.03.34.06 was discovered to contain a stack overflow via the src parameter in the function sub_47D878.
- CVE-2025-29137Mar 19, 2025risk 0.00cvss —epss 0.01
Tenda AC7 V1.0 V15.03.06.44 found a buffer overflow caused by the timeZone parameter in the form_fast_setting_wifi_set function, which can cause RCE.
- CVE-2025-29385Mar 14, 2025risk 0.00cvss —epss 0.01
In Tenda AC9 v1.0 V15.03.05.14_multi, the cloneType parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.
- CVE-2025-29386Mar 14, 2025risk 0.00cvss —epss 0.01
In Tenda AC9 v1.0 V15.03.05.14_multi, the mac parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.
- CVE-2025-29387Mar 14, 2025risk 0.00cvss —epss 0.01
In Tenda AC9 v1.0 V15.03.05.14_multi, the wanSpeed parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.
- CVE-2025-29031Mar 14, 2025risk 0.00cvss —epss 0.00
Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the fromAddressNat function.
- CVE-2025-29029Mar 14, 2025risk 0.00cvss —epss 0.00
Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the formSetSpeedWan function.
- CVE-2025-29030Mar 14, 2025risk 0.00cvss —epss 0.00
Tenda AC6 v15.03.05.16 was discovered to contain a buffer overflow via the formWifiWpsOOB function.
- CVE-2025-29032Mar 14, 2025risk 0.00cvss —epss 0.04
Tenda AC9 v15.03.05.19(6318) was discovered to contain a buffer overflow via the formWifiWpsOOB function.
- CVE-2025-29359Mar 13, 2025risk 0.00cvss —epss 0.00
Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the deviceId parameter at /goform/saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.
- CVE-2025-29357Mar 13, 2025risk 0.00cvss —epss 0.00
Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the startIp and endIp parameters at /goform/SetPptpServerCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.
- CVE-2025-29362Mar 13, 2025risk 0.00cvss —epss 0.00
Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the list parameter at /goform/setPptpUserList. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.
- CVE-2025-29361Mar 13, 2025risk 0.00cvss —epss 0.01
Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the list parameter at /goform/SetVirtualServerCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.
Page 17 of 41