Vendor CVEs
Tenda
All CVEs
2,034 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-5962 | Hig | 0.47 | 7.3 | 0.01 | Apr 9, 2026 | A vulnerability was detected in Tenda CH22 1.0.0.6(468). This issue affects the function R7WebsSecurityHandlerfunction of the component httpd. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used. | ||
| CVE-2026-5849 | Hig | 0.47 | 7.3 | 0.01 | Apr 9, 2026 | A vulnerability was determined in Tenda i12 1.0.0.11(3862). The impacted element is an unknown function of the component HTTP Handler. Executing a manipulation can lead to path traversal. The attack may be launched remotely. The exploit has been publicly disclosed and may be… | ||
| CVE-2026-5841 | Hig | 0.47 | 7.3 | 0.01 | Apr 9, 2026 | A weakness has been identified in Tenda i3 1.0.0.6(2204). The affected element is the function R7WebsSecurityHandler of the component HTTP Handler. Executing a manipulation can lead to path traversal. The attack can be executed remotely. The exploit has been made available to… | ||
| CVE-2026-5526 | Hig | 0.47 | 7.3 | 0.00 | Apr 4, 2026 | A security flaw has been discovered in Tenda 4G03 Pro up to 1.0/1.1/04.03.01.53/192.168.0.1. Affected by this vulnerability is an unknown functionality of the file /bin/httpd. The manipulation results in improper access controls. The attack may be performed from remote. The… | ||
| CVE-2025-15076 | Hig | 0.47 | 7.3 | 0.01 | Dec 25, 2025 | A weakness has been identified in Tenda CH22 1.0.0.1. Impacted is an unknown function of the file /public/. Executing a manipulation can lead to path traversal. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. | ||
| CVE-2025-15048 | Hig | 0.47 | 7.3 | 0.11 | Dec 23, 2025 | A vulnerability was determined in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/CheckTools of the component HTTP Request Handler. Executing a manipulation of the argument ipaddress can lead to command injection. The attack can be launched remotely.… | ||
| CVE-2025-15008 | Hig | 0.47 | 7.3 | 0.00 | Dec 22, 2025 | A vulnerability was detected in Tenda WH450 1.0.0.18. This affects an unknown part of the file /goform/L7Port of the component HTTP Request Handler. Performing a manipulation of the argument page results in stack-based buffer overflow. The attack may be initiated remotely. The… | ||
| CVE-2025-11666 | Med | 0.44 | 6.7 | 0.00 | Oct 13, 2025 | A flaw has been found in Tenda RP3 Pro up to 22.5.7.93. This impacts an unknown function of the file force_upgrade.sh of the component Firmware Update Handler. Executing manipulation of the argument current_force_upgrade_pwd can lead to use of hard-coded password. The attack can… | ||
| CVE-2025-9090 | Med | 0.44 | 6.3 | 0.14 | Aug 17, 2025 | A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed… | ||
| CVE-2026-36798 | Med | 0.42 | 6.5 | 0.00 | Jun 9, 2026 | Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain multiple stack overflows in the formSetDebugCfgr function via the enable, level, and module parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP… | ||
| CVE-2026-36777 | Med | 0.42 | 6.5 | 0.00 | Jun 9, 2026 | Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the param_1 parameter of the formSetCfm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | ||
| CVE-2026-36773 | Med | 0.42 | 6.5 | 0.00 | Jun 9, 2026 | Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the Go parameter of the ask_to_reboot function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||
| CVE-2026-36772 | Med | 0.42 | 6.5 | 0.00 | Jun 9, 2026 | Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the wl_radio parameter of the formwrlSSIDget function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||
| CVE-2026-10190 | Med | 0.42 | 6.5 | 0.00 | May 31, 2026 | A vulnerability was found in Tenda W12 3.0.0.7(4763). This issue affects the function cgiSysWebTimeoutSet of the file /bin/httpd of the component Web Management Interface. The manipulation of the argument web_over_time results in denial of service. It is possible to launch the… | ||
| CVE-2025-11550 | Med | 0.42 | 6.5 | 0.01 | Oct 9, 2025 | A vulnerability was found in Tenda W12 3.0.0.6(3948). The impacted element is the function wifiScheduledSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument wifiScheduledSet results in null pointer dereference. The attack may be… | ||
| CVE-2025-50641 | Med | 0.42 | 6.5 | 0.00 | Jul 1, 2025 | Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the addWifiMacFilter function via the parameter deviceId. | ||
| CVE-2017-16936 | Med | 0.42 | 6.5 | 0.01 | Nov 24, 2017 | Directory Traversal vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01,… | ||
| CVE-2026-8264 | Med | 0.41 | 6.3 | 0.03 | May 11, 2026 | A weakness has been identified in Tenda AC6 15.03.06.23. Affected by this vulnerability is the function formWifiApScan of the file /goform/WifiApScan of the component httpd. Executing a manipulation of the argument wl2g.public.country/wl5g.public.country can lead to os command… | ||
| CVE-2026-7469 | Med | 0.41 | 6.3 | 0.01 | Apr 30, 2026 | A vulnerability was detected in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. This impacts the function sub_425A28 of the file /goform/DelFil. The manipulation of the argument delflag results in command injection. The attack may be launched remotely. The exploit is now public… | ||
| CVE-2026-7102 | Med | 0.41 | 6.3 | 0.03 | Apr 27, 2026 | A vulnerability was found in Tenda F456 1.0.0.5. This impacts the function FromWriteFacMac of the file /goform/WriteFacMac of the component httpd. The manipulation of the argument mac results in command injection. The attack can be executed remotely. The exploit has been made… | ||
| CVE-2026-6989 | Med | 0.41 | 6.3 | 0.03 | Apr 25, 2026 | A vulnerability has been found in Tenda F453 up to 1.0.0.3. Impacted is the function TendaTelnet of the file /goform/telnet of the component Telnet Service. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed… | ||
| CVE-2026-5547 | Med | 0.41 | 6.3 | 0.02 | Apr 5, 2026 | A vulnerability has been found in Tenda AC10 16.03.10.10_multi_TDE01. Affected is the function formAddMacfilterRule of the file /bin/httpd. Such manipulation leads to os command injection. It is possible to launch the attack remotely. Multiple endpoints might be affected. | ||
| CVE-2026-5153 | Med | 0.41 | 6.3 | 0.03 | Mar 30, 2026 | A flaw has been found in Tenda CH22 1.0.0.1. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. Executing a manipulation of the argument mac can lead to command injection. The attack may be launched remotely. The exploit has been published and… | ||
| CVE-2026-4554 | Med | 0.41 | 6.3 | 0.03 | Mar 22, 2026 | A security flaw has been discovered in Tenda F453 1.0.0.3. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac results in command injection. It is possible to launch the attack remotely. The exploit has been… | ||
| CVE-2026-2930 | Med | 0.41 | 6.3 | 0.00 | Feb 22, 2026 | A vulnerability was identified in Tenda A18 15.13.07.13. The affected element is the function webCgiGetUploadFile of the file /cgi-bin/UploadCfg of the component Httpd Service. Such manipulation of the argument boundary leads to stack-based buffer overflow. The attack can be… | ||
| CVE-2026-1638 | Med | 0.41 | 6.3 | 0.02 | Jan 30, 2026 | A security flaw has been discovered in Tenda AC21 1.1.1.1/1.dmzip/16.03.08.16. The impacted element is the function mDMZSetCfg of the file /goform/mDMZSetCfg. The manipulation of the argument dmzIp results in command injection. The attack can be executed remotely. The exploit… | ||
| CVE-2026-0581 | Med | 0.41 | 6.3 | 0.08 | Jan 5, 2026 | A vulnerability was determined in Tenda AC1206 15.03.06.23. Affected by this issue is the function formBehaviorManager of the file /goform/BehaviorManager of the component httpd. Executing a manipulation of the argument modulename/option/data/switch can lead to command… | ||
| CVE-2025-15254 | Med | 0.41 | 6.3 | 0.03 | Dec 30, 2025 | A vulnerability was found in Tenda W6-S 1.0.0.4(510). This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing a manipulation results in os command injection. The attack may be initiated remotely. The exploit has been made public and… | ||
| CVE-2025-11523 | Med | 0.41 | 6.3 | 0.04 | Oct 9, 2025 | A vulnerability was detected in Tenda AC7 15.03.06.44. This vulnerability affects unknown code of the file /goform/AdvSetLanip. The manipulation of the argument lanIp results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be… | ||
| CVE-2025-11121 | Med | 0.41 | 6.3 | 0.04 | Sep 28, 2025 | A security vulnerability has been detected in Tenda AC18 15.03.05.19. The impacted element is an unknown function of the file /goform/AdvSetLanip. The manipulation of the argument lanIp leads to command injection. The attack can be initiated remotely. The exploit has been… | ||
| CVE-2025-10442 | Med | 0.41 | 6.3 | 0.08 | Sep 15, 2025 | A vulnerability was determined in Tenda AC9 and AC15 15.03.05.14. This affects the function formexeCommand of the file /goform/exeCommand. This manipulation of the argument cmdinput causes os command injection. Remote exploitation of the attack is possible. The exploit has been… | ||
| CVE-2025-7415 | Med | 0.41 | 6.3 | 0.04 | Jul 10, 2025 | A vulnerability, which was classified as critical, has been found in Tenda O3V2 1.0.0.12(3880). This issue affects the function fromTraceroutGet of the file /goform/getTraceroute of the component httpd. The manipulation of the argument dest leads to command injection. The attack… | ||
| CVE-2025-7414 | Med | 0.41 | 6.3 | 0.13 | Jul 10, 2025 | A vulnerability classified as critical was found in Tenda O3V2 1.0.0.12(3880). This vulnerability affects the function fromNetToolGet of the file /goform/setPingInfo of the component httpd. The manipulation of the argument domain leads to os command injection. The attack can be… | ||
| CVE-2025-5836 | Med | 0.41 | 6.3 | 0.03 | Jun 7, 2025 | A vulnerability was found in Tenda AC9 15.03.02.13. It has been rated as critical. This issue affects the function formSetIptv of the file /goform/SetIPTVCfg of the component POST Request Handler. The manipulation of the argument list leads to command injection. The attack may… | ||
| CVE-2018-14497 | Med | 0.38 | 5.4 | 0.02 | Aug 4, 2018 | Tenda D152 ADSL routers allow XSS via a crafted SSID. | ||
| CVE-2026-5683 | Med | 0.36 | 5.5 | 0.01 | Apr 6, 2026 | A vulnerability was found in Tenda CX12L 16.03.53.12. Affected by this vulnerability is the function fromP2pListFilter of the file /goform/P2pListFilter. Performing a manipulation of the argument page results in stack-based buffer overflow. The attack must originate from the… | ||
| CVE-2025-8182 | Med | 0.36 | 5.6 | 0.00 | Jul 26, 2025 | A vulnerability has been found in Tenda AC18 15.03.05.19 and classified as problematic. This vulnerability affects unknown code of the file /etc_ro/smb.conf of the component Samba. The manipulation leads to weak password requirements. The attack can be initiated remotely. The… | ||
| CVE-2026-5549 | Med | 0.34 | 5.3 | 0.00 | Apr 5, 2026 | A vulnerability was determined in Tenda AC10 16.03.10.10_multi_TDE01. Affected by this issue is some unknown functionality of the file /webroot_ro/pem/privkeySrv.pem of the component RSA 2048-bit Private Key Handler. Executing a manipulation can lead to use of hard-coded… | ||
| CVE-2026-5527 | Med | 0.34 | 5.3 | 0.00 | Apr 5, 2026 | A weakness has been identified in Tenda 4G03 Pro 1.0/1.0re/01.bin/04.03.01.53. Affected by this issue is some unknown functionality of the file /etc/www/pem/server.key of the component ECDSA P-256 Private Key Handler. This manipulation causes use of hard-coded cryptographic key … | ||
| CVE-2026-11493 | Med | 0.33 | 5.0 | 0.00 | Jun 8, 2026 | A weakness has been identified in Tenda AC15 15.03.05.19. The impacted element is an unknown function of the file /etc_ro/smb.conf of the component Samba. Executing a manipulation can lead to weak password requirements. The attack is only possible within the local network. A… | ||
| CVE-2026-36778 | Med | 0.32 | 4.9 | 0.00 | Jun 9, 2026 | Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain a stack overflow in the username parameter of the R7WebsSecurityHandler function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP… | ||
| CVE-2026-8265 | Med | 0.31 | 4.7 | 0.04 | May 11, 2026 | A security vulnerability has been detected in Tenda AC6 15.03.06.23. Affected by this issue is the function get_log_file of the file /goform/getLogFile of the component httpd. The manipulation of the argument wans.flag leads to os command injection. The attack can be initiated… | ||
| CVE-2026-8263 | Med | 0.31 | 4.7 | 0.05 | May 11, 2026 | A security flaw has been discovered in Tenda AC6 15.03.06.49_multi_TDE01. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet of the component httpd. Performing a manipulation of the argument mac/ssid results in os command injection. It is possible to… | ||
| CVE-2026-8259 | Med | 0.31 | 4.7 | 0.04 | May 11, 2026 | A vulnerability has been found in Tenda AC6 2.0/15.03.06.23. The affected element is an unknown function of the file /goform/telnet of the component httpd. The manipulation of the argument lan.ip leads to os command injection. Remote exploitation of the attack is possible. The… | ||
| CVE-2026-5339 | Med | 0.31 | 4.7 | 0.06 | Apr 2, 2026 | A vulnerability was detected in Tenda G103 1.0.0.5. The impacted element is the function action_set_net_settings of the file gpon.lua of the component Setting Handler. Performing a manipulation of the argument authLoid/authLoidPassword/authPassword/authSerialNo/authType/oltType/u… | ||
| CVE-2026-5338 | Med | 0.31 | 4.7 | 0.04 | Apr 2, 2026 | A security vulnerability has been detected in Tenda G103 1.0.0.5. The affected element is the function action_set_system_settings of the file system.lua of the component Setting Handler. Such manipulation of the argument lanIp leads to command injection. The attack may be… | ||
| CVE-2026-4253 | Med | 0.31 | 4.7 | 0.07 | Mar 16, 2026 | A security flaw has been discovered in Tenda AC8 16.03.50.11. This affects the function route_set_user_policy_rule of the file /cgi-bin/UploadCfg of the component Web Interface. The manipulation of the argument wans.policy.list1 results in os command injection. It is possible to… | ||
| CVE-2026-1690 | Med | 0.31 | 4.7 | 0.04 | Jan 30, 2026 | A flaw has been found in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon. This affects the function system of the file /boaform/formSysCmd. This manipulation of the argument sysCmd causes command injection. The attack may be initiated remotely. The exploit has been published and… | ||
| CVE-2025-5763 | Med | 0.31 | 4.7 | 0.05 | Jun 6, 2025 | A vulnerability has been found in Tenda CP3 11.10.00.2311090948 and classified as critical. Affected by this vulnerability is the function sub_F3C8C of the file apollo. The manipulation leads to command injection. The attack can be launched remotely. The exploit has been… | ||
| CVE-2025-5900 | Med | 0.28 | 4.3 | 0.00 | Jun 9, 2025 | A vulnerability, which was classified as problematic, was found in Tenda AC9 15.03.02.13. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be… |
- risk 0.47cvss 7.3epss 0.01
A vulnerability was detected in Tenda CH22 1.0.0.6(468). This issue affects the function R7WebsSecurityHandlerfunction of the component httpd. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used.
- risk 0.47cvss 7.3epss 0.01
A vulnerability was determined in Tenda i12 1.0.0.11(3862). The impacted element is an unknown function of the component HTTP Handler. Executing a manipulation can lead to path traversal. The attack may be launched remotely. The exploit has been publicly disclosed and may be…
- risk 0.47cvss 7.3epss 0.01
A weakness has been identified in Tenda i3 1.0.0.6(2204). The affected element is the function R7WebsSecurityHandler of the component HTTP Handler. Executing a manipulation can lead to path traversal. The attack can be executed remotely. The exploit has been made available to…
- risk 0.47cvss 7.3epss 0.00
A security flaw has been discovered in Tenda 4G03 Pro up to 1.0/1.1/04.03.01.53/192.168.0.1. Affected by this vulnerability is an unknown functionality of the file /bin/httpd. The manipulation results in improper access controls. The attack may be performed from remote. The…
- risk 0.47cvss 7.3epss 0.01
A weakness has been identified in Tenda CH22 1.0.0.1. Impacted is an unknown function of the file /public/. Executing a manipulation can lead to path traversal. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
- risk 0.47cvss 7.3epss 0.11
A vulnerability was determined in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/CheckTools of the component HTTP Request Handler. Executing a manipulation of the argument ipaddress can lead to command injection. The attack can be launched remotely.…
- risk 0.47cvss 7.3epss 0.00
A vulnerability was detected in Tenda WH450 1.0.0.18. This affects an unknown part of the file /goform/L7Port of the component HTTP Request Handler. Performing a manipulation of the argument page results in stack-based buffer overflow. The attack may be initiated remotely. The…
- risk 0.44cvss 6.7epss 0.00
A flaw has been found in Tenda RP3 Pro up to 22.5.7.93. This impacts an unknown function of the file force_upgrade.sh of the component Firmware Update Handler. Executing manipulation of the argument current_force_upgrade_pwd can lead to use of hard-coded password. The attack can…
- risk 0.44cvss 6.3epss 0.14
A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed…
- risk 0.42cvss 6.5epss 0.00
Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain multiple stack overflows in the formSetDebugCfgr function via the enable, level, and module parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP…
- risk 0.42cvss 6.5epss 0.00
Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the param_1 parameter of the formSetCfm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
- risk 0.42cvss 6.5epss 0.00
Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the Go parameter of the ask_to_reboot function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
- risk 0.42cvss 6.5epss 0.00
Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the wl_radio parameter of the formwrlSSIDget function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
- risk 0.42cvss 6.5epss 0.00
A vulnerability was found in Tenda W12 3.0.0.7(4763). This issue affects the function cgiSysWebTimeoutSet of the file /bin/httpd of the component Web Management Interface. The manipulation of the argument web_over_time results in denial of service. It is possible to launch the…
- risk 0.42cvss 6.5epss 0.01
A vulnerability was found in Tenda W12 3.0.0.6(3948). The impacted element is the function wifiScheduledSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument wifiScheduledSet results in null pointer dereference. The attack may be…
- risk 0.42cvss 6.5epss 0.00
Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the addWifiMacFilter function via the parameter deviceId.
- risk 0.42cvss 6.5epss 0.01
Directory Traversal vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01,…
- risk 0.41cvss 6.3epss 0.03
A weakness has been identified in Tenda AC6 15.03.06.23. Affected by this vulnerability is the function formWifiApScan of the file /goform/WifiApScan of the component httpd. Executing a manipulation of the argument wl2g.public.country/wl5g.public.country can lead to os command…
- risk 0.41cvss 6.3epss 0.01
A vulnerability was detected in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. This impacts the function sub_425A28 of the file /goform/DelFil. The manipulation of the argument delflag results in command injection. The attack may be launched remotely. The exploit is now public…
- risk 0.41cvss 6.3epss 0.03
A vulnerability was found in Tenda F456 1.0.0.5. This impacts the function FromWriteFacMac of the file /goform/WriteFacMac of the component httpd. The manipulation of the argument mac results in command injection. The attack can be executed remotely. The exploit has been made…
- risk 0.41cvss 6.3epss 0.03
A vulnerability has been found in Tenda F453 up to 1.0.0.3. Impacted is the function TendaTelnet of the file /goform/telnet of the component Telnet Service. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed…
- risk 0.41cvss 6.3epss 0.02
A vulnerability has been found in Tenda AC10 16.03.10.10_multi_TDE01. Affected is the function formAddMacfilterRule of the file /bin/httpd. Such manipulation leads to os command injection. It is possible to launch the attack remotely. Multiple endpoints might be affected.
- risk 0.41cvss 6.3epss 0.03
A flaw has been found in Tenda CH22 1.0.0.1. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. Executing a manipulation of the argument mac can lead to command injection. The attack may be launched remotely. The exploit has been published and…
- risk 0.41cvss 6.3epss 0.03
A security flaw has been discovered in Tenda F453 1.0.0.3. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac results in command injection. It is possible to launch the attack remotely. The exploit has been…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was identified in Tenda A18 15.13.07.13. The affected element is the function webCgiGetUploadFile of the file /cgi-bin/UploadCfg of the component Httpd Service. Such manipulation of the argument boundary leads to stack-based buffer overflow. The attack can be…
- risk 0.41cvss 6.3epss 0.02
A security flaw has been discovered in Tenda AC21 1.1.1.1/1.dmzip/16.03.08.16. The impacted element is the function mDMZSetCfg of the file /goform/mDMZSetCfg. The manipulation of the argument dmzIp results in command injection. The attack can be executed remotely. The exploit…
- risk 0.41cvss 6.3epss 0.08
A vulnerability was determined in Tenda AC1206 15.03.06.23. Affected by this issue is the function formBehaviorManager of the file /goform/BehaviorManager of the component httpd. Executing a manipulation of the argument modulename/option/data/switch can lead to command…
- risk 0.41cvss 6.3epss 0.03
A vulnerability was found in Tenda W6-S 1.0.0.4(510). This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing a manipulation results in os command injection. The attack may be initiated remotely. The exploit has been made public and…
- risk 0.41cvss 6.3epss 0.04
A vulnerability was detected in Tenda AC7 15.03.06.44. This vulnerability affects unknown code of the file /goform/AdvSetLanip. The manipulation of the argument lanIp results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be…
- risk 0.41cvss 6.3epss 0.04
A security vulnerability has been detected in Tenda AC18 15.03.05.19. The impacted element is an unknown function of the file /goform/AdvSetLanip. The manipulation of the argument lanIp leads to command injection. The attack can be initiated remotely. The exploit has been…
- risk 0.41cvss 6.3epss 0.08
A vulnerability was determined in Tenda AC9 and AC15 15.03.05.14. This affects the function formexeCommand of the file /goform/exeCommand. This manipulation of the argument cmdinput causes os command injection. Remote exploitation of the attack is possible. The exploit has been…
- risk 0.41cvss 6.3epss 0.04
A vulnerability, which was classified as critical, has been found in Tenda O3V2 1.0.0.12(3880). This issue affects the function fromTraceroutGet of the file /goform/getTraceroute of the component httpd. The manipulation of the argument dest leads to command injection. The attack…
- risk 0.41cvss 6.3epss 0.13
A vulnerability classified as critical was found in Tenda O3V2 1.0.0.12(3880). This vulnerability affects the function fromNetToolGet of the file /goform/setPingInfo of the component httpd. The manipulation of the argument domain leads to os command injection. The attack can be…
- risk 0.41cvss 6.3epss 0.03
A vulnerability was found in Tenda AC9 15.03.02.13. It has been rated as critical. This issue affects the function formSetIptv of the file /goform/SetIPTVCfg of the component POST Request Handler. The manipulation of the argument list leads to command injection. The attack may…
- risk 0.38cvss 5.4epss 0.02
Tenda D152 ADSL routers allow XSS via a crafted SSID.
- risk 0.36cvss 5.5epss 0.01
A vulnerability was found in Tenda CX12L 16.03.53.12. Affected by this vulnerability is the function fromP2pListFilter of the file /goform/P2pListFilter. Performing a manipulation of the argument page results in stack-based buffer overflow. The attack must originate from the…
- risk 0.36cvss 5.6epss 0.00
A vulnerability has been found in Tenda AC18 15.03.05.19 and classified as problematic. This vulnerability affects unknown code of the file /etc_ro/smb.conf of the component Samba. The manipulation leads to weak password requirements. The attack can be initiated remotely. The…
- risk 0.34cvss 5.3epss 0.00
A vulnerability was determined in Tenda AC10 16.03.10.10_multi_TDE01. Affected by this issue is some unknown functionality of the file /webroot_ro/pem/privkeySrv.pem of the component RSA 2048-bit Private Key Handler. Executing a manipulation can lead to use of hard-coded…
- risk 0.34cvss 5.3epss 0.00
A weakness has been identified in Tenda 4G03 Pro 1.0/1.0re/01.bin/04.03.01.53. Affected by this issue is some unknown functionality of the file /etc/www/pem/server.key of the component ECDSA P-256 Private Key Handler. This manipulation causes use of hard-coded cryptographic key …
- risk 0.33cvss 5.0epss 0.00
A weakness has been identified in Tenda AC15 15.03.05.19. The impacted element is an unknown function of the file /etc_ro/smb.conf of the component Samba. Executing a manipulation can lead to weak password requirements. The attack is only possible within the local network. A…
- risk 0.32cvss 4.9epss 0.00
Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain a stack overflow in the username parameter of the R7WebsSecurityHandler function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP…
- risk 0.31cvss 4.7epss 0.04
A security vulnerability has been detected in Tenda AC6 15.03.06.23. Affected by this issue is the function get_log_file of the file /goform/getLogFile of the component httpd. The manipulation of the argument wans.flag leads to os command injection. The attack can be initiated…
- risk 0.31cvss 4.7epss 0.05
A security flaw has been discovered in Tenda AC6 15.03.06.49_multi_TDE01. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet of the component httpd. Performing a manipulation of the argument mac/ssid results in os command injection. It is possible to…
- risk 0.31cvss 4.7epss 0.04
A vulnerability has been found in Tenda AC6 2.0/15.03.06.23. The affected element is an unknown function of the file /goform/telnet of the component httpd. The manipulation of the argument lan.ip leads to os command injection. Remote exploitation of the attack is possible. The…
- risk 0.31cvss 4.7epss 0.06
A vulnerability was detected in Tenda G103 1.0.0.5. The impacted element is the function action_set_net_settings of the file gpon.lua of the component Setting Handler. Performing a manipulation of the argument authLoid/authLoidPassword/authPassword/authSerialNo/authType/oltType/u…
- risk 0.31cvss 4.7epss 0.04
A security vulnerability has been detected in Tenda G103 1.0.0.5. The affected element is the function action_set_system_settings of the file system.lua of the component Setting Handler. Such manipulation of the argument lanIp leads to command injection. The attack may be…
- risk 0.31cvss 4.7epss 0.07
A security flaw has been discovered in Tenda AC8 16.03.50.11. This affects the function route_set_user_policy_rule of the file /cgi-bin/UploadCfg of the component Web Interface. The manipulation of the argument wans.policy.list1 results in os command injection. It is possible to…
- risk 0.31cvss 4.7epss 0.04
A flaw has been found in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon. This affects the function system of the file /boaform/formSysCmd. This manipulation of the argument sysCmd causes command injection. The attack may be initiated remotely. The exploit has been published and…
- risk 0.31cvss 4.7epss 0.05
A vulnerability has been found in Tenda CP3 11.10.00.2311090948 and classified as critical. Affected by this vulnerability is the function sub_F3C8C of the file apollo. The manipulation leads to command injection. The attack can be launched remotely. The exploit has been…
- risk 0.28cvss 4.3epss 0.00
A vulnerability, which was classified as problematic, was found in Tenda AC9 15.03.02.13. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be…
Page 5 of 41