VYPR

Vendor CVEs

Tenda

All CVEs

2,034 total · sorted by risk
  • CVE-2026-5609HigApr 6, 2026
    risk 0.57cvss 8.8epss 0.01

    A flaw has been found in Tenda i12 1.0.0.11(3862). Affected by this vulnerability is the function formwrlSSIDset of the file /goform/wifiSSIDset of the component Parameter Handler. This manipulation of the argument index/wl_radio causes stack-based buffer overflow. It is…

  • CVE-2026-5605HigApr 6, 2026
    risk 0.57cvss 8.8epss 0.01

    A weakness has been identified in Tenda CH22 1.0.0.1. This affects the function formWrlExtraSet of the file /goform/WrlExtraSet. Executing a manipulation of the argument GO can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been made…

  • CVE-2026-5604HigApr 5, 2026
    risk 0.57cvss 8.8epss 0.01

    A security flaw has been discovered in Tenda CH22 1.0.0.1. The impacted element is the function formCertLocalPrecreate of the file /goform/CertLocalPrecreate of the component Parameter Handler. Performing a manipulation of the argument standard results in stack-based buffer…

  • CVE-2026-5567HigApr 5, 2026
    risk 0.57cvss 8.8epss 0.01

    A flaw has been found in Tenda M3 1.0.0.10. This vulnerability affects the function setAdvPolicyData of the file /goform/setAdvPolicyData of the component Destination Handler. Executing a manipulation of the argument policyType can lead to buffer overflow. The attack can be…

  • CVE-2026-5550HigApr 5, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was identified in Tenda AC10 16.03.10.10_multi_TDE01. This affects the function fromSysToolChangePwd of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The attack may be initiated remotely. Multiple endpoints might be affected.

  • CVE-2026-5548HigApr 5, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was found in Tenda AC10 16.03.10.10_multi_TDE01. Affected by this vulnerability is the function fromSysToolChangePwd of the file /bin/httpd. Performing a manipulation of the argument sys.userpass results in stack-based buffer overflow. The attack can be initiated…

  • CVE-2026-5204HigMar 31, 2026
    risk 0.57cvss 8.8epss 0.02

    A vulnerability was determined in Tenda CH22 1.0.0.1. Affected is the function formWebTypeLibrary of the file /goform/webtypelibrary of the component Parameter Handler. This manipulation of the argument webSiteId causes stack-based buffer overflow. The attack can be initiated…

  • CVE-2026-5156HigMar 31, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was determined in Tenda CH22 1.0.0.1. This impacts the function formQuickIndex of the file /goform/QuickIndex of the component Parameter Handler. This manipulation of the argument mit_linktype causes stack-based buffer overflow. The attack is possible to be…

  • CVE-2026-5155HigMar 30, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was found in Tenda CH22 1.0.0.1. This affects the function fromAdvSetWan of the file /goform/AdvSetWan of the component Parameter Handler. The manipulation of the argument wanmode results in stack-based buffer overflow. The attack can be executed remotely. The…

  • CVE-2026-5154HigMar 30, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability has been found in Tenda CH22 1.0.0.1/1.If. The impacted element is the function fromSetCfm of the file /goform/setcfm of the component Parameter Handler. The manipulation of the argument funcname leads to stack-based buffer overflow. Remote exploitation of the…

  • CVE-2026-5152HigMar 30, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was detected in Tenda CH22 1.0.0.1. Impacted is the function formCreateFileName of the file /goform/createFileName. Performing a manipulation of the argument fileNameMit results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is…

  • CVE-2026-4975HigMar 27, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability has been found in Tenda AC15 15.03.05.19. This affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be initiated remotely.…

  • CVE-2026-4961HigMar 27, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was identified in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The…

  • CVE-2026-4960HigMar 27, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was determined in Tenda AC6 15.03.05.16. Affected is the function fromWizardHandle of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-based buffer overflow. The attack can…

  • CVE-2026-4906HigMar 27, 2026
    risk 0.57cvss 8.8epss 0.03

    A vulnerability was determined in Tenda AC5 15.03.06.47. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-based buffer overflow. The attack…

  • CVE-2026-4905HigMar 27, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was found in Tenda AC5 15.03.06.47. Impacted is the function formWifiWpsOOB of the file /goform/WifiWpsOOB of the component POST Request Handler. Performing a manipulation of the argument index results in stack-based buffer overflow. Remote exploitation of the…

  • CVE-2026-4904HigMar 27, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability has been found in Tenda AC5 15.03.06.47. This issue affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. Such manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack may be launched…

  • CVE-2026-4903HigMar 26, 2026
    risk 0.57cvss 8.8epss 0.05

    A flaw has been found in Tenda AC5 15.03.06.47. This vulnerability affects the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. This manipulation of the argument PPPOEPassword causes stack-based buffer overflow. The attack may be…

  • CVE-2026-4565HigMar 23, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was detected in Tenda AC21 16.03.08.16. Impacted is the function formSetQosBand of the file /goform/SetNetControlList. Performing a manipulation of the argument list results in buffer overflow. The attack can be initiated remotely. The exploit is now public and…

  • CVE-2026-4553HigMar 22, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was identified in Tenda F453 1.0.0.3. Impacted is the function fromNatlimit of the file /goform/Natlimit of the component Parameters Handler. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack…

  • CVE-2026-4552HigMar 22, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was determined in Tenda F453 1.0.0.3. This issue affects the function fromVirtualSer of the file /goform/VirtualSer of the component Parameters Handler. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be…

  • CVE-2026-4551HigMar 22, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was found in Tenda F453 1.0.0.3. This vulnerability affects the function fromSafeClientFilter of the file /goform/SafeClientFilter of the component Parameters Handler. Performing a manipulation of the argument menufacturer/Go results in stack-based buffer…

  • CVE-2026-4535HigMar 22, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability has been found in Tenda FH451 1.0.0.9. This vulnerability affects the function WrlclientSet of the file /goform/WrlclientSet. Such manipulation of the argument GO leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been…

  • CVE-2026-4534HigMar 22, 2026
    risk 0.57cvss 8.8epss 0.01

    A flaw has been found in Tenda FH451 1.0.0.9. This affects the function formWrlExtraSet of the file /goform/WrlExtraSet. This manipulation of the argument GO causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used.

  • CVE-2026-4493HigMar 20, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was determined in Tenda A18 Pro 02.03.02.28. The impacted element is the function sub_423B50 of the file /goform/setMacFilterCfg of the component MAC Filtering Configuration Endpoint. Executing a manipulation of the argument deviceList can lead to stack-based…

  • CVE-2026-4492HigMar 20, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was found in Tenda A18 Pro 02.03.02.28. The affected element is the function set_qosMib_list of the file /goform/formSetQosBand. Performing a manipulation of the argument list results in stack-based buffer overflow. The attack is possible to be carried out…

  • CVE-2026-4491HigMar 20, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability has been found in Tenda A18 Pro 02.03.02.28. Impacted is the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument list leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been…

  • CVE-2026-4490HigMar 20, 2026
    risk 0.57cvss 8.8epss 0.01

    A flaw has been found in Tenda A18 Pro 02.03.02.28. This issue affects the function setSchedWifi of the file /goform/openSchedWifi. This manipulation causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.

  • CVE-2026-4489HigMar 20, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was detected in Tenda A18 Pro 02.03.02.28. This vulnerability affects the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation results in stack-based buffer overflow. The attack may be launched remotely. The exploit is…

  • CVE-2026-4043HigMar 12, 2026
    risk 0.57cvss 8.8epss 0.01

    A security vulnerability has been detected in Tenda i12 1.0.0.6(2204). The impacted element is the function formwrlSSIDget of the file /goform/wifiSSIDget. Such manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The…

  • CVE-2026-4042HigMar 12, 2026
    risk 0.57cvss 8.8epss 0.01

    A weakness has been identified in Tenda i12 1.0.0.6(2204). The affected element is the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet. This manipulation of the argument index causes stack-based buffer overflow. The attack may be initiated remotely. The…

  • CVE-2026-4041HigMar 12, 2026
    risk 0.57cvss 8.8epss 0.01

    A security flaw has been discovered in Tenda i12 1.0.0.6(2204). Impacted is the function vos_strcpy of the file /goform/exeCommand. The manipulation of the argument cmdinput results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been…

  • CVE-2026-4008HigMar 12, 2026
    risk 0.57cvss 8.8epss 0.01

    A flaw has been found in Tenda W3 1.0.0.3(2204). This issue affects some unknown processing of the file /goform/wifiSSIDset of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to stack-based buffer overflow. It is possible to…

  • CVE-2026-4007HigMar 12, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was detected in Tenda W3 1.0.0.3(2204). This vulnerability affects unknown code of the file /goform/wifiSSIDget of the component POST Parameter Handler. Performing a manipulation of the argument index results in stack-based buffer overflow. It is possible to…

  • CVE-2026-3976HigMar 12, 2026
    risk 0.57cvss 8.8epss 0.01

    A weakness has been identified in Tenda W3 1.0.0.3(2204). Impacted is the function formWifiMacFilterSet of the file /goform/WifiMacFilterSet of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to stack-based buffer overflow. It is…

  • CVE-2026-3975HigMar 12, 2026
    risk 0.57cvss 8.8epss 0.01

    A security flaw has been discovered in Tenda W3 1.0.0.3(2204). This issue affects the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet of the component POST Parameter Handler. Performing a manipulation of the argument wl_radio results in stack-based buffer…

  • CVE-2026-3974HigMar 12, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was identified in Tenda W3 1.0.0.3(2204). This vulnerability affects the function formexeCommand of the file /goform/exeCommand of the component HTTP Handler. Such manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be…

  • CVE-2026-3973HigMar 12, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was determined in Tenda W3 1.0.0.3(2204). This affects the function formSetAutoPing of the file /goform/setAutoPing of the component POST Parameter Handler. This manipulation of the argument ping1/ping2 causes stack-based buffer overflow. The attack is possible…

  • CVE-2026-3972HigMar 12, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was found in Tenda W3 1.0.0.3(2204). Affected by this issue is the function formSetCfm of the file /goform/setcfm of the component HTTP Handler. The manipulation of the argument funcpara1 results in stack-based buffer overflow. The attack can only be performed…

  • CVE-2026-3971HigMar 12, 2026
    risk 0.57cvss 8.8epss 0.01

    A vulnerability has been found in Tenda i3 1.0.0.6(2204). Affected by this vulnerability is the function formwrlSSIDset of the file /goform/wifiSSIDset. The manipulation of the argument index/GO leads to stack-based buffer overflow. Remote exploitation of the attack is possible.…

  • CVE-2026-3970HigMar 12, 2026
    risk 0.57cvss 8.8epss 0.01

    A flaw has been found in Tenda i3 1.0.0.6(2204). Affected is the function formwrlSSIDget of the file /goform/wifiSSIDget. Executing a manipulation of the argument index can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been published…

  • CVE-2026-22082HigJan 9, 2026
    risk 0.57cvss epss 0.00

    This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the use of login credentials as the session ID through its web-based administrative interface. A remote attacker could exploit this vulnerability by intercepting…

  • CVE-2026-22081HigJan 9, 2026
    risk 0.57cvss epss 0.00

    This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the missing HTTPOnly flag for session cookies associated with the web-based administrative interface. A remote at-tacker could exploit this vulnerability by…

  • CVE-2026-22080HigJan 9, 2026
    risk 0.57cvss epss 0.00

    This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the transmission of credentials encoded using reversible Base64 encoding through the web-based administrative interface. An attacker on the same network could…

  • CVE-2026-22079HigJan 9, 2026
    risk 0.57cvss epss 0.00

    This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the plaintext transmission of login credentials during the initial login or post-factory reset setup through the web-based administrative interface. An attacker on…

  • CVE-2018-16334HigSep 2, 2018
    risk 0.57cvss 8.8epss 0.04

    An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection.

  • CVE-2017-16923HigNov 21, 2017
    risk 0.57cvss 8.8epss 0.03

    Command Injection vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01,…

  • CVE-2025-70802HigMar 10, 2026
    risk 0.55cvss 8.4epss 0.00

    Tenda G1V3.1si V16.01.7.8 Firmware V16.01.7.8 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root.

  • CVE-2025-70798HigMar 10, 2026
    risk 0.55cvss 8.4epss 0.00

    Tenda i24V3.0si V3.0.0.5 Firmware V3.0.0.5 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root.

  • CVE-2026-5684HigApr 6, 2026
    risk 0.52cvss 8.0epss 0.01

    A vulnerability was determined in Tenda CX12L 16.03.53.12. Affected by this issue is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack requires access…

Page 3 of 41