VYPR

Vendor CVEs

Tenda

All CVEs

2,034 total · sorted by risk
  • CVE-2026-5962HigApr 9, 2026
    risk 0.47cvss 7.3epss 0.01

    A vulnerability was detected in Tenda CH22 1.0.0.6(468). This issue affects the function R7WebsSecurityHandlerfunction of the component httpd. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used.

  • CVE-2026-5849HigApr 9, 2026
    risk 0.47cvss 7.3epss 0.01

    A vulnerability was determined in Tenda i12 1.0.0.11(3862). The impacted element is an unknown function of the component HTTP Handler. Executing a manipulation can lead to path traversal. The attack may be launched remotely. The exploit has been publicly disclosed and may be…

  • CVE-2026-5841HigApr 9, 2026
    risk 0.47cvss 7.3epss 0.01

    A weakness has been identified in Tenda i3 1.0.0.6(2204). The affected element is the function R7WebsSecurityHandler of the component HTTP Handler. Executing a manipulation can lead to path traversal. The attack can be executed remotely. The exploit has been made available to…

  • CVE-2026-5526HigApr 4, 2026
    risk 0.47cvss 7.3epss 0.00

    A security flaw has been discovered in Tenda 4G03 Pro up to 1.0/1.1/04.03.01.53/192.168.0.1. Affected by this vulnerability is an unknown functionality of the file /bin/httpd. The manipulation results in improper access controls. The attack may be performed from remote. The…

  • CVE-2025-15076HigDec 25, 2025
    risk 0.47cvss 7.3epss 0.01

    A weakness has been identified in Tenda CH22 1.0.0.1. Impacted is an unknown function of the file /public/. Executing a manipulation can lead to path traversal. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.

  • CVE-2025-15048HigDec 23, 2025
    risk 0.47cvss 7.3epss 0.11

    A vulnerability was determined in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/CheckTools of the component HTTP Request Handler. Executing a manipulation of the argument ipaddress can lead to command injection. The attack can be launched remotely.…

  • CVE-2025-15008HigDec 22, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was detected in Tenda WH450 1.0.0.18. This affects an unknown part of the file /goform/L7Port of the component HTTP Request Handler. Performing a manipulation of the argument page results in stack-based buffer overflow. The attack may be initiated remotely. The…

  • CVE-2025-11666MedOct 13, 2025
    risk 0.44cvss 6.7epss 0.00

    A flaw has been found in Tenda RP3 Pro up to 22.5.7.93. This impacts an unknown function of the file force_upgrade.sh of the component Firmware Update Handler. Executing manipulation of the argument current_force_upgrade_pwd can lead to use of hard-coded password. The attack can…

  • CVE-2025-9090MedAug 17, 2025
    risk 0.44cvss 6.3epss 0.14

    A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed…

  • CVE-2026-36798MedJun 9, 2026
    risk 0.42cvss 6.5epss 0.00

    Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain multiple stack overflows in the formSetDebugCfgr function via the enable, level, and module parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP…

  • CVE-2026-36777MedJun 9, 2026
    risk 0.42cvss 6.5epss 0.00

    Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the param_1 parameter of the formSetCfm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

  • CVE-2026-36773MedJun 9, 2026
    risk 0.42cvss 6.5epss 0.00

    Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the Go parameter of the ask_to_reboot function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2026-36772MedJun 9, 2026
    risk 0.42cvss 6.5epss 0.00

    Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the wl_radio parameter of the formwrlSSIDget function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2026-10190MedMay 31, 2026
    risk 0.42cvss 6.5epss 0.00

    A vulnerability was found in Tenda W12 3.0.0.7(4763). This issue affects the function cgiSysWebTimeoutSet of the file /bin/httpd of the component Web Management Interface. The manipulation of the argument web_over_time results in denial of service. It is possible to launch the…

  • CVE-2025-11550MedOct 9, 2025
    risk 0.42cvss 6.5epss 0.01

    A vulnerability was found in Tenda W12 3.0.0.6(3948). The impacted element is the function wifiScheduledSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument wifiScheduledSet results in null pointer dereference. The attack may be…

  • CVE-2025-50641MedJul 1, 2025
    risk 0.42cvss 6.5epss 0.00

    Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the addWifiMacFilter function via the parameter deviceId.

  • CVE-2017-16936MedNov 24, 2017
    risk 0.42cvss 6.5epss 0.01

    Directory Traversal vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01,…

  • CVE-2026-8264MedMay 11, 2026
    risk 0.41cvss 6.3epss 0.03

    A weakness has been identified in Tenda AC6 15.03.06.23. Affected by this vulnerability is the function formWifiApScan of the file /goform/WifiApScan of the component httpd. Executing a manipulation of the argument wl2g.public.country/wl5g.public.country can lead to os command…

  • CVE-2026-7469MedApr 30, 2026
    risk 0.41cvss 6.3epss 0.01

    A vulnerability was detected in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. This impacts the function sub_425A28 of the file /goform/DelFil. The manipulation of the argument delflag results in command injection. The attack may be launched remotely. The exploit is now public…

  • CVE-2026-7102MedApr 27, 2026
    risk 0.41cvss 6.3epss 0.03

    A vulnerability was found in Tenda F456 1.0.0.5. This impacts the function FromWriteFacMac of the file /goform/WriteFacMac of the component httpd. The manipulation of the argument mac results in command injection. The attack can be executed remotely. The exploit has been made…

  • CVE-2026-6989MedApr 25, 2026
    risk 0.41cvss 6.3epss 0.03

    A vulnerability has been found in Tenda F453 up to 1.0.0.3. Impacted is the function TendaTelnet of the file /goform/telnet of the component Telnet Service. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed…

  • CVE-2026-5547MedApr 5, 2026
    risk 0.41cvss 6.3epss 0.02

    A vulnerability has been found in Tenda AC10 16.03.10.10_multi_TDE01. Affected is the function formAddMacfilterRule of the file /bin/httpd. Such manipulation leads to os command injection. It is possible to launch the attack remotely. Multiple endpoints might be affected.

  • CVE-2026-5153MedMar 30, 2026
    risk 0.41cvss 6.3epss 0.03

    A flaw has been found in Tenda CH22 1.0.0.1. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. Executing a manipulation of the argument mac can lead to command injection. The attack may be launched remotely. The exploit has been published and…

  • CVE-2026-4554MedMar 22, 2026
    risk 0.41cvss 6.3epss 0.03

    A security flaw has been discovered in Tenda F453 1.0.0.3. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac results in command injection. It is possible to launch the attack remotely. The exploit has been…

  • CVE-2026-2930MedFeb 22, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in Tenda A18 15.13.07.13. The affected element is the function webCgiGetUploadFile of the file /cgi-bin/UploadCfg of the component Httpd Service. Such manipulation of the argument boundary leads to stack-based buffer overflow. The attack can be…

  • CVE-2026-1638MedJan 30, 2026
    risk 0.41cvss 6.3epss 0.02

    A security flaw has been discovered in Tenda AC21 1.1.1.1/1.dmzip/16.03.08.16. The impacted element is the function mDMZSetCfg of the file /goform/mDMZSetCfg. The manipulation of the argument dmzIp results in command injection. The attack can be executed remotely. The exploit…

  • CVE-2026-0581MedJan 5, 2026
    risk 0.41cvss 6.3epss 0.08

    A vulnerability was determined in Tenda AC1206 15.03.06.23. Affected by this issue is the function formBehaviorManager of the file /goform/BehaviorManager of the component httpd. Executing a manipulation of the argument modulename/option/data/switch can lead to command…

  • CVE-2025-15254MedDec 30, 2025
    risk 0.41cvss 6.3epss 0.03

    A vulnerability was found in Tenda W6-S 1.0.0.4(510). This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing a manipulation results in os command injection. The attack may be initiated remotely. The exploit has been made public and…

  • CVE-2025-11523MedOct 9, 2025
    risk 0.41cvss 6.3epss 0.04

    A vulnerability was detected in Tenda AC7 15.03.06.44. This vulnerability affects unknown code of the file /goform/AdvSetLanip. The manipulation of the argument lanIp results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be…

  • CVE-2025-11121MedSep 28, 2025
    risk 0.41cvss 6.3epss 0.04

    A security vulnerability has been detected in Tenda AC18 15.03.05.19. The impacted element is an unknown function of the file /goform/AdvSetLanip. The manipulation of the argument lanIp leads to command injection. The attack can be initiated remotely. The exploit has been…

  • CVE-2025-10442MedSep 15, 2025
    risk 0.41cvss 6.3epss 0.08

    A vulnerability was determined in Tenda AC9 and AC15 15.03.05.14. This affects the function formexeCommand of the file /goform/exeCommand. This manipulation of the argument cmdinput causes os command injection. Remote exploitation of the attack is possible. The exploit has been…

  • CVE-2025-7415MedJul 10, 2025
    risk 0.41cvss 6.3epss 0.04

    A vulnerability, which was classified as critical, has been found in Tenda O3V2 1.0.0.12(3880). This issue affects the function fromTraceroutGet of the file /goform/getTraceroute of the component httpd. The manipulation of the argument dest leads to command injection. The attack…

  • CVE-2025-7414MedJul 10, 2025
    risk 0.41cvss 6.3epss 0.13

    A vulnerability classified as critical was found in Tenda O3V2 1.0.0.12(3880). This vulnerability affects the function fromNetToolGet of the file /goform/setPingInfo of the component httpd. The manipulation of the argument domain leads to os command injection. The attack can be…

  • CVE-2025-5836MedJun 7, 2025
    risk 0.41cvss 6.3epss 0.03

    A vulnerability was found in Tenda AC9 15.03.02.13. It has been rated as critical. This issue affects the function formSetIptv of the file /goform/SetIPTVCfg of the component POST Request Handler. The manipulation of the argument list leads to command injection. The attack may…

  • CVE-2018-14497MedAug 4, 2018
    risk 0.38cvss 5.4epss 0.02

    Tenda D152 ADSL routers allow XSS via a crafted SSID.

  • CVE-2026-5683MedApr 6, 2026
    risk 0.36cvss 5.5epss 0.01

    A vulnerability was found in Tenda CX12L 16.03.53.12. Affected by this vulnerability is the function fromP2pListFilter of the file /goform/P2pListFilter. Performing a manipulation of the argument page results in stack-based buffer overflow. The attack must originate from the…

  • CVE-2025-8182MedJul 26, 2025
    risk 0.36cvss 5.6epss 0.00

    A vulnerability has been found in Tenda AC18 15.03.05.19 and classified as problematic. This vulnerability affects unknown code of the file /etc_ro/smb.conf of the component Samba. The manipulation leads to weak password requirements. The attack can be initiated remotely. The…

  • CVE-2026-5549MedApr 5, 2026
    risk 0.34cvss 5.3epss 0.00

    A vulnerability was determined in Tenda AC10 16.03.10.10_multi_TDE01. Affected by this issue is some unknown functionality of the file /webroot_ro/pem/privkeySrv.pem of the component RSA 2048-bit Private Key Handler. Executing a manipulation can lead to use of hard-coded…

  • CVE-2026-5527MedApr 5, 2026
    risk 0.34cvss 5.3epss 0.00

    A weakness has been identified in Tenda 4G03 Pro 1.0/1.0re/01.bin/04.03.01.53. Affected by this issue is some unknown functionality of the file /etc/www/pem/server.key of the component ECDSA P-256 Private Key Handler. This manipulation causes use of hard-coded cryptographic key …

  • CVE-2026-11493MedJun 8, 2026
    risk 0.33cvss 5.0epss 0.00

    A weakness has been identified in Tenda AC15 15.03.05.19. The impacted element is an unknown function of the file /etc_ro/smb.conf of the component Samba. Executing a manipulation can lead to weak password requirements. The attack is only possible within the local network. A…

  • CVE-2026-36778MedJun 9, 2026
    risk 0.32cvss 4.9epss 0.00

    Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain a stack overflow in the username parameter of the R7WebsSecurityHandler function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP…

  • CVE-2026-8265MedMay 11, 2026
    risk 0.31cvss 4.7epss 0.04

    A security vulnerability has been detected in Tenda AC6 15.03.06.23. Affected by this issue is the function get_log_file of the file /goform/getLogFile of the component httpd. The manipulation of the argument wans.flag leads to os command injection. The attack can be initiated…

  • CVE-2026-8263MedMay 11, 2026
    risk 0.31cvss 4.7epss 0.05

    A security flaw has been discovered in Tenda AC6 15.03.06.49_multi_TDE01. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet of the component httpd. Performing a manipulation of the argument mac/ssid results in os command injection. It is possible to…

  • CVE-2026-8259MedMay 11, 2026
    risk 0.31cvss 4.7epss 0.04

    A vulnerability has been found in Tenda AC6 2.0/15.03.06.23. The affected element is an unknown function of the file /goform/telnet of the component httpd. The manipulation of the argument lan.ip leads to os command injection. Remote exploitation of the attack is possible. The…

  • CVE-2026-5339MedApr 2, 2026
    risk 0.31cvss 4.7epss 0.06

    A vulnerability was detected in Tenda G103 1.0.0.5. The impacted element is the function action_set_net_settings of the file gpon.lua of the component Setting Handler. Performing a manipulation of the argument authLoid/authLoidPassword/authPassword/authSerialNo/authType/oltType/u…

  • CVE-2026-5338MedApr 2, 2026
    risk 0.31cvss 4.7epss 0.04

    A security vulnerability has been detected in Tenda G103 1.0.0.5. The affected element is the function action_set_system_settings of the file system.lua of the component Setting Handler. Such manipulation of the argument lanIp leads to command injection. The attack may be…

  • CVE-2026-4253MedMar 16, 2026
    risk 0.31cvss 4.7epss 0.07

    A security flaw has been discovered in Tenda AC8 16.03.50.11. This affects the function route_set_user_policy_rule of the file /cgi-bin/UploadCfg of the component Web Interface. The manipulation of the argument wans.policy.list1 results in os command injection. It is possible to…

  • CVE-2026-1690MedJan 30, 2026
    risk 0.31cvss 4.7epss 0.04

    A flaw has been found in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon. This affects the function system of the file /boaform/formSysCmd. This manipulation of the argument sysCmd causes command injection. The attack may be initiated remotely. The exploit has been published and…

  • CVE-2025-5763MedJun 6, 2025
    risk 0.31cvss 4.7epss 0.05

    A vulnerability has been found in Tenda CP3 11.10.00.2311090948 and classified as critical. Affected by this vulnerability is the function sub_F3C8C of the file apollo. The manipulation leads to command injection. The attack can be launched remotely. The exploit has been…

  • CVE-2025-5900MedJun 9, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability, which was classified as problematic, was found in Tenda AC9 15.03.02.13. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be…

Page 5 of 41