VYPR

Vendor CVEs

Tenda

All CVEs

2,034 total · sorted by risk
  • CVE-2025-29360Mar 13, 2025
    risk 0.00cvss epss 0.00

    Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the time and timeZone parameters at /goform/SetSysTimeCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.

  • CVE-2025-29357Mar 13, 2025
    risk 0.00cvss epss 0.00

    Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the startIp and endIp parameters at /goform/SetPptpServerCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.

  • CVE-2025-29358Mar 13, 2025
    risk 0.00cvss epss 0.01

    Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the firewallEn parameter at /goform/SetFirewallCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.

  • CVE-2025-25632Mar 5, 2025
    risk 0.00cvss epss 0.02

    Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet.

  • CVE-2025-25634Mar 5, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been found in Tenda AC15 15.03.05.19 in the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument src leads to stack-based buffer overflow.

  • CVE-2025-1899Mar 4, 2025
    risk 0.00cvss epss 0.01

    A vulnerability has been found in Tenda TX3 16.03.13.11_multi and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. The attack can be launched…

  • CVE-2025-1898Mar 4, 2025
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, was found in Tenda TX3 16.03.13.11_multi. Affected is an unknown function of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to buffer overflow. It is possible to launch the…

  • CVE-2025-1897Mar 4, 2025
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, has been found in Tenda TX3 16.03.13.11_multi. This issue affects some unknown processing of the file /goform/SetNetControlList. The manipulation of the argument list leads to buffer overflow. The attack may be initiated…

  • CVE-2025-1896Mar 4, 2025
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical was found in Tenda TX3 16.03.13.11_multi. This vulnerability affects unknown code of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to buffer overflow. The attack can be initiated remotely. The exploit has…

  • CVE-2025-1895Mar 4, 2025
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in Tenda TX3 16.03.13.11_multi. This affects an unknown part of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to buffer overflow. It is possible to initiate the attack remotely. The…

  • CVE-2025-1881Mar 3, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in i-Drive i11 and i12 up to 20250227. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Video Footage/Live Video Stream. The manipulation leads to improper access controls. The attack can…

  • CVE-2025-1880Mar 3, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in i-Drive i11 and i12 up to 20250227. It has been classified as problematic. Affected is an unknown function of the component Device Pairing. The manipulation leads to authentication bypass by primary weakness. It is possible to launch the attack on…

  • CVE-2025-1879Mar 3, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in i-Drive i11 and i12 up to 20250227 and classified as problematic. This issue affects some unknown processing of the component APK. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the physical device. It was…

  • CVE-2025-1878Mar 3, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been found in i-Drive i11 and i12 up to 20250227 and classified as problematic. This vulnerability affects unknown code of the component WiFi. The manipulation leads to use of default password. Access to the local network is required for this attack to…

  • CVE-2025-1853Mar 3, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was found in Tenda AC8 16.03.34.06 and classified as critical. This issue affects the function sub_49E098 of the file /goform/SetIpMacBind of the component Parameter Handler. The manipulation of the argument list leads to stack-based buffer overflow. The attack…

  • CVE-2025-1851Mar 3, 2025
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, was found in Tenda AC7 up to 15.03.06.44. This affects the function formSetFirewallCfg of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. It is possible to…

  • CVE-2025-1819Mar 2, 2025
    risk 0.00cvss epss 0.02

    A vulnerability, which was classified as critical, was found in Tenda AC7 1200M 15.03.06.44. Affected is the function TendaTelnet of the file /goform/telnet. The manipulation of the argument lan_ip leads to os command injection. It is possible to launch the attack remotely. The…

  • CVE-2025-1814Mar 2, 2025
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, has been found in Tenda AC6 15.03.05.16. Affected by this issue is some unknown functionality of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. The attack may…

  • CVE-2025-25507Feb 21, 2025
    risk 0.00cvss epss 0.00

    There is a RCE vulnerability in Tenda AC6 15.03.05.16_multi. In the formexeCommand function, the parameter cmdinput will cause remote command execution.

  • CVE-2025-25505Feb 21, 2025
    risk 0.00cvss epss 0.00

    Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the sub_452A4 function.

  • CVE-2025-25510Feb 21, 2025
    risk 0.00cvss epss 0.00

    Tenda AC8 V16.03.34.06 is vulnerable to Buffer Overflow in the get_parentControl_list_Info function.

  • CVE-2025-25674Feb 20, 2025
    risk 0.00cvss epss 0.00

    Tenda AC10 V1.0 V15.03.06.23 is vulnerable to Buffer Overflow in form_fast_setting_wifi_set via the parameter ssid.

  • CVE-2025-25678Feb 20, 2025
    risk 0.00cvss epss 0.00

    Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the funcpara1 parameter in the formSetCfm function.

  • CVE-2025-25664Feb 20, 2025
    risk 0.00cvss epss 0.01

    Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the sub_49E098 function.

  • CVE-2025-25675Feb 20, 2025
    risk 0.00cvss epss 0.01

    Tenda AC10 V1.0 V15.03.06.23 has a command injection vulnerablility located in the formexeCommand function. The str variable receives the cmdinput parameter from a POST request and is later assigned to the cmd_buf variable, which is directly used in the doSystemCmd function,…

  • CVE-2025-25663Feb 20, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was found in Tenda AC8V4 V16.03.34.06. Affected is the function SUB_0046AC38 of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow.

  • CVE-2025-25662Feb 20, 2025
    risk 0.00cvss epss 0.00

    Tenda O4 V3.0 V1.0.0.10(2936) is vulnerable to Buffer Overflow in the function SafeSetMacFilter of the file /goform/setMacFilterList via the argument remark/type/time.

  • CVE-2025-25667Feb 20, 2025
    risk 0.00cvss epss 0.01

    Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the urls parameter in the function get_parentControl_list_Info.

  • CVE-2025-25676Feb 20, 2025
    risk 0.00cvss epss 0.00

    Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the list parameter in the formwrlSSIDset function.

  • CVE-2025-25679Feb 20, 2025
    risk 0.00cvss epss 0.00

    Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterSet function.

  • CVE-2025-25668Feb 20, 2025
    risk 0.00cvss epss 0.01

    Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the sub_47D878 function.

  • CVE-2025-25343Feb 12, 2025
    risk 0.00cvss epss 0.01

    Tenda AC6 V15.03.05.16 firmware has a buffer overflow vulnerability in the formexeCommand function.

  • CVE-2024-46433Feb 10, 2025
    risk 0.00cvss epss 0.01

    A default credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using the default rzadmin account with administrative privileges.

  • CVE-2024-46435Feb 10, 2025
    risk 0.00cvss epss 0.01

    A stack overflow vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an authenticated remote attacker to cause a denial of service or potentially execute arbitrary code. This vulnerability occurs due to improper input validation when handling…

  • CVE-2024-46430Feb 10, 2025
    risk 0.00cvss epss 0.01

    Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. Unauthorized password change via the web management portal allows an unauthenticated remote attacker to change the administrator password by sending a specially crafted HTTP POST request to the…

  • CVE-2024-46429Feb 10, 2025
    risk 0.00cvss epss 0.01

    A hardcoded credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using a default guest account with administrative privileges.

  • CVE-2024-46432Feb 10, 2025
    risk 0.00cvss epss 0.01

    Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. An attacker can send a specially crafted HTTP POST request to the setQuickCfgWifiAndLogin function, which allows unauthorized changes to WiFi configuration settings and administrative credentials.

  • CVE-2024-46437Feb 10, 2025
    risk 0.00cvss epss 0.01

    A sensitive information disclosure vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an unauthenticated remote attacker to retrieve sensitive configuration information, including WiFi SSID, WiFi password, and base64-encoded administrator credentials,…

  • CVE-2024-46436Feb 10, 2025
    risk 0.00cvss epss 0.00

    Hardcoded credentials in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to gain root access to the device over the telnet service.

  • CVE-2024-46431Feb 10, 2025
    risk 0.00cvss epss 0.00

    Tenda W18E V16.01.0.8(1625) is vulnerable to Buffer Overflow. An attacker with access to the web management portal can exploit this vulnerability by sending specially crafted data to the delWewifiPic function.

  • CVE-2024-46434Feb 10, 2025
    risk 0.00cvss epss 0.01

    Tenda W18E V16.01.0.8(1625) suffers from authentication bypass in the web management portal allowing an unauthorized remote attacker to gain administrative access by sending a specially crafted HTTP request.

  • CVE-2025-0848Jan 30, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was found in Tenda A18 up to 15.13.07.09. It has been rated as critical. This issue affects the function SetCmdlineRun of the file /goform/SetCmdlineRun of the component HTTP POST Request Handler. The manipulation of the argument wpapsk_crypto5g leads to…

  • CVE-2025-0528Jan 17, 2025
    risk 0.00cvss epss 0.06

    A vulnerability, which was classified as critical, has been found in Tenda AC8, AC10 and AC18 16.03.10.20. Affected by this issue is some unknown functionality of the file /goform/telnet of the component HTTP Request Handler. The manipulation leads to command injection. The…

  • CVE-2024-57575Jan 16, 2025
    risk 0.00cvss epss 0.01

    Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.

  • CVE-2024-57577Jan 16, 2025
    risk 0.00cvss epss 0.00

    Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function.

  • CVE-2024-57578Jan 16, 2025
    risk 0.00cvss epss 0.01

    Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the funcpara1 parameter in the formSetCfm function.

  • CVE-2024-57579Jan 16, 2025
    risk 0.00cvss epss 0.01

    Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the limitSpeedUp parameter in the formSetClientState function.

  • CVE-2024-57583Jan 16, 2025
    risk 0.00cvss epss 0.01

    Tenda AC18 V15.03.05.19 was discovered to contain a command injection vulnerability via the usbName parameter in the formSetSambaConf function.

  • CVE-2024-46450Jan 16, 2025
    risk 0.00cvss epss 0.00

    Incorrect access control in Tenda AC1200 Smart Dual-Band WiFi Router Model AC6 v2.0 Firmware v15.03.06.50 allows attackers to bypass authentication via a crafted web request.

  • CVE-2024-57703Jan 16, 2025
    risk 0.00cvss epss 0.01

    Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability. Affected by this vulnerability is the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedEndTime leads to stack-based buffer overflow.

Page 18 of 41