Vendor CVEs
Tenda
All CVEs
2,034 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-29360 | 0.00 | — | 0.00 | Mar 13, 2025 | Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the time and timeZone parameters at /goform/SetSysTimeCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | |||
| CVE-2025-29357 | 0.00 | — | 0.00 | Mar 13, 2025 | Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the startIp and endIp parameters at /goform/SetPptpServerCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | |||
| CVE-2025-29358 | 0.00 | — | 0.01 | Mar 13, 2025 | Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the firewallEn parameter at /goform/SetFirewallCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | |||
| CVE-2025-25632 | 0.00 | — | 0.02 | Mar 5, 2025 | Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet. | |||
| CVE-2025-25634 | 0.00 | — | 0.00 | Mar 5, 2025 | A vulnerability has been found in Tenda AC15 15.03.05.19 in the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument src leads to stack-based buffer overflow. | |||
| CVE-2025-1899 | 0.00 | — | 0.01 | Mar 4, 2025 | A vulnerability has been found in Tenda TX3 16.03.13.11_multi and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. The attack can be launched… | |||
| CVE-2025-1898 | 0.00 | — | 0.01 | Mar 4, 2025 | A vulnerability, which was classified as critical, was found in Tenda TX3 16.03.13.11_multi. Affected is an unknown function of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to buffer overflow. It is possible to launch the… | |||
| CVE-2025-1897 | 0.00 | — | 0.01 | Mar 4, 2025 | A vulnerability, which was classified as critical, has been found in Tenda TX3 16.03.13.11_multi. This issue affects some unknown processing of the file /goform/SetNetControlList. The manipulation of the argument list leads to buffer overflow. The attack may be initiated… | |||
| CVE-2025-1896 | 0.00 | — | 0.01 | Mar 4, 2025 | A vulnerability classified as critical was found in Tenda TX3 16.03.13.11_multi. This vulnerability affects unknown code of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to buffer overflow. The attack can be initiated remotely. The exploit has… | |||
| CVE-2025-1895 | 0.00 | — | 0.01 | Mar 4, 2025 | A vulnerability classified as critical has been found in Tenda TX3 16.03.13.11_multi. This affects an unknown part of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to buffer overflow. It is possible to initiate the attack remotely. The… | |||
| CVE-2025-1881 | 0.00 | — | 0.00 | Mar 3, 2025 | A vulnerability was found in i-Drive i11 and i12 up to 20250227. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Video Footage/Live Video Stream. The manipulation leads to improper access controls. The attack can… | |||
| CVE-2025-1880 | 0.00 | — | 0.00 | Mar 3, 2025 | A vulnerability was found in i-Drive i11 and i12 up to 20250227. It has been classified as problematic. Affected is an unknown function of the component Device Pairing. The manipulation leads to authentication bypass by primary weakness. It is possible to launch the attack on… | |||
| CVE-2025-1879 | 0.00 | — | 0.00 | Mar 3, 2025 | A vulnerability was found in i-Drive i11 and i12 up to 20250227 and classified as problematic. This issue affects some unknown processing of the component APK. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the physical device. It was… | |||
| CVE-2025-1878 | 0.00 | — | 0.00 | Mar 3, 2025 | A vulnerability has been found in i-Drive i11 and i12 up to 20250227 and classified as problematic. This vulnerability affects unknown code of the component WiFi. The manipulation leads to use of default password. Access to the local network is required for this attack to… | |||
| CVE-2025-1853 | 0.00 | — | 0.01 | Mar 3, 2025 | A vulnerability was found in Tenda AC8 16.03.34.06 and classified as critical. This issue affects the function sub_49E098 of the file /goform/SetIpMacBind of the component Parameter Handler. The manipulation of the argument list leads to stack-based buffer overflow. The attack… | |||
| CVE-2025-1851 | 0.00 | — | 0.01 | Mar 3, 2025 | A vulnerability, which was classified as critical, was found in Tenda AC7 up to 15.03.06.44. This affects the function formSetFirewallCfg of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. It is possible to… | |||
| CVE-2025-1819 | 0.00 | — | 0.02 | Mar 2, 2025 | A vulnerability, which was classified as critical, was found in Tenda AC7 1200M 15.03.06.44. Affected is the function TendaTelnet of the file /goform/telnet. The manipulation of the argument lan_ip leads to os command injection. It is possible to launch the attack remotely. The… | |||
| CVE-2025-1814 | 0.00 | — | 0.01 | Mar 2, 2025 | A vulnerability, which was classified as critical, has been found in Tenda AC6 15.03.05.16. Affected by this issue is some unknown functionality of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. The attack may… | |||
| CVE-2025-25507 | 0.00 | — | 0.00 | Feb 21, 2025 | There is a RCE vulnerability in Tenda AC6 15.03.05.16_multi. In the formexeCommand function, the parameter cmdinput will cause remote command execution. | |||
| CVE-2025-25505 | 0.00 | — | 0.00 | Feb 21, 2025 | Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the sub_452A4 function. | |||
| CVE-2025-25510 | 0.00 | — | 0.00 | Feb 21, 2025 | Tenda AC8 V16.03.34.06 is vulnerable to Buffer Overflow in the get_parentControl_list_Info function. | |||
| CVE-2025-25674 | 0.00 | — | 0.00 | Feb 20, 2025 | Tenda AC10 V1.0 V15.03.06.23 is vulnerable to Buffer Overflow in form_fast_setting_wifi_set via the parameter ssid. | |||
| CVE-2025-25678 | 0.00 | — | 0.00 | Feb 20, 2025 | Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the funcpara1 parameter in the formSetCfm function. | |||
| CVE-2025-25664 | 0.00 | — | 0.01 | Feb 20, 2025 | Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the sub_49E098 function. | |||
| CVE-2025-25675 | 0.00 | — | 0.01 | Feb 20, 2025 | Tenda AC10 V1.0 V15.03.06.23 has a command injection vulnerablility located in the formexeCommand function. The str variable receives the cmdinput parameter from a POST request and is later assigned to the cmd_buf variable, which is directly used in the doSystemCmd function,… | |||
| CVE-2025-25663 | 0.00 | — | 0.01 | Feb 20, 2025 | A vulnerability was found in Tenda AC8V4 V16.03.34.06. Affected is the function SUB_0046AC38 of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. | |||
| CVE-2025-25662 | 0.00 | — | 0.00 | Feb 20, 2025 | Tenda O4 V3.0 V1.0.0.10(2936) is vulnerable to Buffer Overflow in the function SafeSetMacFilter of the file /goform/setMacFilterList via the argument remark/type/time. | |||
| CVE-2025-25667 | 0.00 | — | 0.01 | Feb 20, 2025 | Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the urls parameter in the function get_parentControl_list_Info. | |||
| CVE-2025-25676 | 0.00 | — | 0.00 | Feb 20, 2025 | Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the list parameter in the formwrlSSIDset function. | |||
| CVE-2025-25679 | 0.00 | — | 0.00 | Feb 20, 2025 | Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterSet function. | |||
| CVE-2025-25668 | 0.00 | — | 0.01 | Feb 20, 2025 | Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the sub_47D878 function. | |||
| CVE-2025-25343 | 0.00 | — | 0.01 | Feb 12, 2025 | Tenda AC6 V15.03.05.16 firmware has a buffer overflow vulnerability in the formexeCommand function. | |||
| CVE-2024-46433 | 0.00 | — | 0.01 | Feb 10, 2025 | A default credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using the default rzadmin account with administrative privileges. | |||
| CVE-2024-46435 | 0.00 | — | 0.01 | Feb 10, 2025 | A stack overflow vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an authenticated remote attacker to cause a denial of service or potentially execute arbitrary code. This vulnerability occurs due to improper input validation when handling… | |||
| CVE-2024-46430 | 0.00 | — | 0.01 | Feb 10, 2025 | Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. Unauthorized password change via the web management portal allows an unauthenticated remote attacker to change the administrator password by sending a specially crafted HTTP POST request to the… | |||
| CVE-2024-46429 | 0.00 | — | 0.01 | Feb 10, 2025 | A hardcoded credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using a default guest account with administrative privileges. | |||
| CVE-2024-46432 | 0.00 | — | 0.01 | Feb 10, 2025 | Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. An attacker can send a specially crafted HTTP POST request to the setQuickCfgWifiAndLogin function, which allows unauthorized changes to WiFi configuration settings and administrative credentials. | |||
| CVE-2024-46437 | 0.00 | — | 0.01 | Feb 10, 2025 | A sensitive information disclosure vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an unauthenticated remote attacker to retrieve sensitive configuration information, including WiFi SSID, WiFi password, and base64-encoded administrator credentials,… | |||
| CVE-2024-46436 | 0.00 | — | 0.00 | Feb 10, 2025 | Hardcoded credentials in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to gain root access to the device over the telnet service. | |||
| CVE-2024-46431 | 0.00 | — | 0.00 | Feb 10, 2025 | Tenda W18E V16.01.0.8(1625) is vulnerable to Buffer Overflow. An attacker with access to the web management portal can exploit this vulnerability by sending specially crafted data to the delWewifiPic function. | |||
| CVE-2024-46434 | 0.00 | — | 0.01 | Feb 10, 2025 | Tenda W18E V16.01.0.8(1625) suffers from authentication bypass in the web management portal allowing an unauthorized remote attacker to gain administrative access by sending a specially crafted HTTP request. | |||
| CVE-2025-0848 | 0.00 | — | 0.01 | Jan 30, 2025 | A vulnerability was found in Tenda A18 up to 15.13.07.09. It has been rated as critical. This issue affects the function SetCmdlineRun of the file /goform/SetCmdlineRun of the component HTTP POST Request Handler. The manipulation of the argument wpapsk_crypto5g leads to… | |||
| CVE-2025-0528 | 0.00 | — | 0.06 | Jan 17, 2025 | A vulnerability, which was classified as critical, has been found in Tenda AC8, AC10 and AC18 16.03.10.20. Affected by this issue is some unknown functionality of the file /goform/telnet of the component HTTP Request Handler. The manipulation leads to command injection. The… | |||
| CVE-2024-57575 | 0.00 | — | 0.01 | Jan 16, 2025 | Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function. | |||
| CVE-2024-57577 | 0.00 | — | 0.00 | Jan 16, 2025 | Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function. | |||
| CVE-2024-57578 | 0.00 | — | 0.01 | Jan 16, 2025 | Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the funcpara1 parameter in the formSetCfm function. | |||
| CVE-2024-57579 | 0.00 | — | 0.01 | Jan 16, 2025 | Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the limitSpeedUp parameter in the formSetClientState function. | |||
| CVE-2024-57583 | 0.00 | — | 0.01 | Jan 16, 2025 | Tenda AC18 V15.03.05.19 was discovered to contain a command injection vulnerability via the usbName parameter in the formSetSambaConf function. | |||
| CVE-2024-46450 | 0.00 | — | 0.00 | Jan 16, 2025 | Incorrect access control in Tenda AC1200 Smart Dual-Band WiFi Router Model AC6 v2.0 Firmware v15.03.06.50 allows attackers to bypass authentication via a crafted web request. | |||
| CVE-2024-57703 | 0.00 | — | 0.01 | Jan 16, 2025 | Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability. Affected by this vulnerability is the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedEndTime leads to stack-based buffer overflow. |
- CVE-2025-29360Mar 13, 2025risk 0.00cvss —epss 0.00
Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the time and timeZone parameters at /goform/SetSysTimeCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.
- CVE-2025-29357Mar 13, 2025risk 0.00cvss —epss 0.00
Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the startIp and endIp parameters at /goform/SetPptpServerCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.
- CVE-2025-29358Mar 13, 2025risk 0.00cvss —epss 0.01
Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the firewallEn parameter at /goform/SetFirewallCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.
- CVE-2025-25632Mar 5, 2025risk 0.00cvss —epss 0.02
Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet.
- CVE-2025-25634Mar 5, 2025risk 0.00cvss —epss 0.00
A vulnerability has been found in Tenda AC15 15.03.05.19 in the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument src leads to stack-based buffer overflow.
- CVE-2025-1899Mar 4, 2025risk 0.00cvss —epss 0.01
A vulnerability has been found in Tenda TX3 16.03.13.11_multi and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. The attack can be launched…
- CVE-2025-1898Mar 4, 2025risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, was found in Tenda TX3 16.03.13.11_multi. Affected is an unknown function of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to buffer overflow. It is possible to launch the…
- CVE-2025-1897Mar 4, 2025risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, has been found in Tenda TX3 16.03.13.11_multi. This issue affects some unknown processing of the file /goform/SetNetControlList. The manipulation of the argument list leads to buffer overflow. The attack may be initiated…
- CVE-2025-1896Mar 4, 2025risk 0.00cvss —epss 0.01
A vulnerability classified as critical was found in Tenda TX3 16.03.13.11_multi. This vulnerability affects unknown code of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to buffer overflow. The attack can be initiated remotely. The exploit has…
- CVE-2025-1895Mar 4, 2025risk 0.00cvss —epss 0.01
A vulnerability classified as critical has been found in Tenda TX3 16.03.13.11_multi. This affects an unknown part of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to buffer overflow. It is possible to initiate the attack remotely. The…
- CVE-2025-1881Mar 3, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in i-Drive i11 and i12 up to 20250227. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Video Footage/Live Video Stream. The manipulation leads to improper access controls. The attack can…
- CVE-2025-1880Mar 3, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in i-Drive i11 and i12 up to 20250227. It has been classified as problematic. Affected is an unknown function of the component Device Pairing. The manipulation leads to authentication bypass by primary weakness. It is possible to launch the attack on…
- CVE-2025-1879Mar 3, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in i-Drive i11 and i12 up to 20250227 and classified as problematic. This issue affects some unknown processing of the component APK. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the physical device. It was…
- CVE-2025-1878Mar 3, 2025risk 0.00cvss —epss 0.00
A vulnerability has been found in i-Drive i11 and i12 up to 20250227 and classified as problematic. This vulnerability affects unknown code of the component WiFi. The manipulation leads to use of default password. Access to the local network is required for this attack to…
- CVE-2025-1853Mar 3, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in Tenda AC8 16.03.34.06 and classified as critical. This issue affects the function sub_49E098 of the file /goform/SetIpMacBind of the component Parameter Handler. The manipulation of the argument list leads to stack-based buffer overflow. The attack…
- CVE-2025-1851Mar 3, 2025risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, was found in Tenda AC7 up to 15.03.06.44. This affects the function formSetFirewallCfg of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. It is possible to…
- CVE-2025-1819Mar 2, 2025risk 0.00cvss —epss 0.02
A vulnerability, which was classified as critical, was found in Tenda AC7 1200M 15.03.06.44. Affected is the function TendaTelnet of the file /goform/telnet. The manipulation of the argument lan_ip leads to os command injection. It is possible to launch the attack remotely. The…
- CVE-2025-1814Mar 2, 2025risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, has been found in Tenda AC6 15.03.05.16. Affected by this issue is some unknown functionality of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. The attack may…
- CVE-2025-25507Feb 21, 2025risk 0.00cvss —epss 0.00
There is a RCE vulnerability in Tenda AC6 15.03.05.16_multi. In the formexeCommand function, the parameter cmdinput will cause remote command execution.
- CVE-2025-25505Feb 21, 2025risk 0.00cvss —epss 0.00
Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the sub_452A4 function.
- CVE-2025-25510Feb 21, 2025risk 0.00cvss —epss 0.00
Tenda AC8 V16.03.34.06 is vulnerable to Buffer Overflow in the get_parentControl_list_Info function.
- CVE-2025-25674Feb 20, 2025risk 0.00cvss —epss 0.00
Tenda AC10 V1.0 V15.03.06.23 is vulnerable to Buffer Overflow in form_fast_setting_wifi_set via the parameter ssid.
- CVE-2025-25678Feb 20, 2025risk 0.00cvss —epss 0.00
Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the funcpara1 parameter in the formSetCfm function.
- CVE-2025-25664Feb 20, 2025risk 0.00cvss —epss 0.01
Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the sub_49E098 function.
- CVE-2025-25675Feb 20, 2025risk 0.00cvss —epss 0.01
Tenda AC10 V1.0 V15.03.06.23 has a command injection vulnerablility located in the formexeCommand function. The str variable receives the cmdinput parameter from a POST request and is later assigned to the cmd_buf variable, which is directly used in the doSystemCmd function,…
- CVE-2025-25663Feb 20, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in Tenda AC8V4 V16.03.34.06. Affected is the function SUB_0046AC38 of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow.
- CVE-2025-25662Feb 20, 2025risk 0.00cvss —epss 0.00
Tenda O4 V3.0 V1.0.0.10(2936) is vulnerable to Buffer Overflow in the function SafeSetMacFilter of the file /goform/setMacFilterList via the argument remark/type/time.
- CVE-2025-25667Feb 20, 2025risk 0.00cvss —epss 0.01
Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the urls parameter in the function get_parentControl_list_Info.
- CVE-2025-25676Feb 20, 2025risk 0.00cvss —epss 0.00
Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the list parameter in the formwrlSSIDset function.
- CVE-2025-25679Feb 20, 2025risk 0.00cvss —epss 0.00
Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterSet function.
- CVE-2025-25668Feb 20, 2025risk 0.00cvss —epss 0.01
Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the sub_47D878 function.
- CVE-2025-25343Feb 12, 2025risk 0.00cvss —epss 0.01
Tenda AC6 V15.03.05.16 firmware has a buffer overflow vulnerability in the formexeCommand function.
- CVE-2024-46433Feb 10, 2025risk 0.00cvss —epss 0.01
A default credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using the default rzadmin account with administrative privileges.
- CVE-2024-46435Feb 10, 2025risk 0.00cvss —epss 0.01
A stack overflow vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an authenticated remote attacker to cause a denial of service or potentially execute arbitrary code. This vulnerability occurs due to improper input validation when handling…
- CVE-2024-46430Feb 10, 2025risk 0.00cvss —epss 0.01
Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. Unauthorized password change via the web management portal allows an unauthenticated remote attacker to change the administrator password by sending a specially crafted HTTP POST request to the…
- CVE-2024-46429Feb 10, 2025risk 0.00cvss —epss 0.01
A hardcoded credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using a default guest account with administrative privileges.
- CVE-2024-46432Feb 10, 2025risk 0.00cvss —epss 0.01
Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. An attacker can send a specially crafted HTTP POST request to the setQuickCfgWifiAndLogin function, which allows unauthorized changes to WiFi configuration settings and administrative credentials.
- CVE-2024-46437Feb 10, 2025risk 0.00cvss —epss 0.01
A sensitive information disclosure vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an unauthenticated remote attacker to retrieve sensitive configuration information, including WiFi SSID, WiFi password, and base64-encoded administrator credentials,…
- CVE-2024-46436Feb 10, 2025risk 0.00cvss —epss 0.00
Hardcoded credentials in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to gain root access to the device over the telnet service.
- CVE-2024-46431Feb 10, 2025risk 0.00cvss —epss 0.00
Tenda W18E V16.01.0.8(1625) is vulnerable to Buffer Overflow. An attacker with access to the web management portal can exploit this vulnerability by sending specially crafted data to the delWewifiPic function.
- CVE-2024-46434Feb 10, 2025risk 0.00cvss —epss 0.01
Tenda W18E V16.01.0.8(1625) suffers from authentication bypass in the web management portal allowing an unauthorized remote attacker to gain administrative access by sending a specially crafted HTTP request.
- CVE-2025-0848Jan 30, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in Tenda A18 up to 15.13.07.09. It has been rated as critical. This issue affects the function SetCmdlineRun of the file /goform/SetCmdlineRun of the component HTTP POST Request Handler. The manipulation of the argument wpapsk_crypto5g leads to…
- CVE-2025-0528Jan 17, 2025risk 0.00cvss —epss 0.06
A vulnerability, which was classified as critical, has been found in Tenda AC8, AC10 and AC18 16.03.10.20. Affected by this issue is some unknown functionality of the file /goform/telnet of the component HTTP Request Handler. The manipulation leads to command injection. The…
- CVE-2024-57575Jan 16, 2025risk 0.00cvss —epss 0.01
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.
- CVE-2024-57577Jan 16, 2025risk 0.00cvss —epss 0.00
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function.
- CVE-2024-57578Jan 16, 2025risk 0.00cvss —epss 0.01
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the funcpara1 parameter in the formSetCfm function.
- CVE-2024-57579Jan 16, 2025risk 0.00cvss —epss 0.01
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the limitSpeedUp parameter in the formSetClientState function.
- CVE-2024-57583Jan 16, 2025risk 0.00cvss —epss 0.01
Tenda AC18 V15.03.05.19 was discovered to contain a command injection vulnerability via the usbName parameter in the formSetSambaConf function.
- CVE-2024-46450Jan 16, 2025risk 0.00cvss —epss 0.00
Incorrect access control in Tenda AC1200 Smart Dual-Band WiFi Router Model AC6 v2.0 Firmware v15.03.06.50 allows attackers to bypass authentication via a crafted web request.
- CVE-2024-57703Jan 16, 2025risk 0.00cvss —epss 0.01
Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability. Affected by this vulnerability is the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedEndTime leads to stack-based buffer overflow.
Page 18 of 41