Vendor CVEs
Tenda
All CVEs
2,034 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-14636 | Low | 0.24 | 3.7 | 0.00 | Dec 13, 2025 | A security flaw has been discovered in Tenda AX9 22.03.01.46. This affects the function image_check of the component httpd. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high complexity level is associated with this attack. It is… | ||
| CVE-2025-9828 | Low | 0.24 | 3.7 | 0.00 | Sep 2, 2025 | A vulnerability was determined in Tenda CP6 11.10.00.243. The affected element is the function sub_2B7D04 of the component uhttp. Executing manipulation can lead to risky cryptographic algorithm. The attack may be launched remotely. This attack is characterized by high… | ||
| CVE-2025-5864 | Low | 0.24 | 3.7 | 0.00 | Jun 9, 2025 | A vulnerability was found in Tenda TDSEE App up to 1.7.12. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /app/ConfirmSmsCode of the component Password Reset Confirmation Code Handler. The manipulation leads to… | ||
| CVE-2017-9139 | Low | 0.23 | 3.5 | 0.00 | May 21, 2017 | There is a stack-based buffer overflow on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). Crafted POST requests to an unspecified URL result in DoS, interrupting the HTTP service (used to login to the web UI of a router) for 1 to 2 seconds. | ||
| CVE-2021-31755 | 0.20 | — | 0.86 | KEV | May 7, 2021 | An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request. | ||
| CVE-2020-10987 | 0.19 | — | 0.80 | KEV | Jul 13, 2020 | The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter. | ||
| CVE-2018-14558 | 0.18 | — | 0.09 | KEV | Oct 30, 2018 | An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute… | ||
| CVE-2025-9731 | Low | 0.16 | 2.5 | 0.00 | Aug 31, 2025 | A vulnerability was determined in Tenda AC9 15.03.05.19. The impacted element is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation causes hard-coded credentials. It is possible to launch the attack on the local host. The… | ||
| CVE-2025-9309 | Low | 0.16 | 2.5 | 0.00 | Aug 21, 2025 | A vulnerability was found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /etc_ro/shadow of the component MD5 Hash Handler. Performing manipulation results in hard-coded credentials. The attack needs to be approached locally. A high degree of complexity is… | ||
| CVE-2025-9091 | Low | 0.16 | 2.5 | 0.00 | Aug 17, 2025 | A security flaw has been discovered in Tenda AC20 16.03.08.12. Affected by this vulnerability is an unknown functionality of the file /etc_ro/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an… | ||
| CVE-2025-9806 | Low | 0.12 | 1.9 | 0.00 | Sep 2, 2025 | A vulnerability was determined in Tenda F1202 1.2.0.9/1.2.0.14/1.2.0.20. Impacted is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation with the input Fireitup causes hard-coded credentials. The attack can only be executed… | ||
| CVE-2025-9778 | Low | 0.12 | 1.9 | 0.00 | Sep 1, 2025 | A security vulnerability has been detected in Tenda W12 up to 3.0.0.6(3948). Affected is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. The manipulation leads to hard-coded credentials. An attack has to be approached locally. The… | ||
| CVE-2024-10697 | 0.07 | — | 0.26 | Nov 2, 2024 | A vulnerability has been found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac of the component API Endpoint. The manipulation of the argument mac leads to command injection. The… | |||
| CVE-2024-41468 | 0.07 | — | 0.05 | Jul 25, 2024 | Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the cmdinput parameter at /goform/exeCommand | |||
| CVE-2024-41473 | 0.07 | — | 0.07 | Jul 25, 2024 | Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the mac parameter at ip/goform/WriteFacMac | |||
| CVE-2022-42233 | 0.07 | — | 0.43 | Oct 20, 2022 | Tenda 11N with firmware version V5.07.33_cn suffers from an Authentication Bypass vulnerability. | |||
| CVE-2020-35391 | 0.07 | — | 0.35 | Jan 1, 2021 | Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_passwd line) via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related issue to CVE-2017-14942. NOTE: the vulnerability report may suggest that either… | |||
| CVE-2024-46048 | 0.05 | — | 0.11 | Sep 13, 2024 | Tenda FH451 v1.0.0.9 has a command injection vulnerability in the formexeCommand function i | |||
| CVE-2023-46370 | 0.05 | — | 0.18 | Oct 24, 2023 | Tenda W18E V16.01.0.8(1576) has a command injection vulnerability via the hostName parameter in the formSetNetCheckTools function. | |||
| CVE-2025-7795 | 0.04 | — | 0.03 | Jul 18, 2025 | A vulnerability, which was classified as critical, has been found in Tenda FH451 1.0.0.9. Affected by this issue is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be… | |||
| CVE-2014-5246 | 0.04 | — | 0.12 | Aug 22, 2014 | The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_CN allows remote attackers to bypass authentication and gain administrator access by setting the admin:language cookie to zh-cn. | |||
| CVE-2023-49043 | 0.03 | — | 0.13 | Nov 27, 2023 | Buffer Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the wpapsk_crypto parameter in the function fromSetWirelessRepeat. | |||
| CVE-2023-25234 | 0.03 | — | 0.17 | Feb 27, 2023 | Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function fromAddressNat via parameters entrys and mitInterface. | |||
| CVE-2022-40843 | 0.03 | — | 0.29 | Nov 15, 2022 | The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to improper authorization / improper session management that allows the router login page to be bypassed. This leads to authenticated attackers having the ability to read the routers syslog.log file which contains… | |||
| CVE-2021-31758 | 0.03 | — | 0.07 | May 7, 2021 | An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request. | |||
| CVE-2021-31152 | 0.03 | — | 0.04 | Apr 14, 2021 | Multilaser Router AC1200 V02.03.01.45_pt contains a cross-site request forgery (CSRF) vulnerability. An attacker can enable remote access, change passwords, and perform other actions through misconfigured requests, entries, and headers. | |||
| CVE-2014-7281 | 0.03 | — | 0.03 | Oct 23, 2014 | Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for requests that reboot the device via a request to goform/SysToolReboot. | |||
| CVE-2023-33669 | 0.02 | — | 0.02 | Jun 2, 2023 | Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the timeZone parameter in the sub_44db3c function. | |||
| CVE-2023-30135 | 0.02 | — | 0.02 | May 5, 2023 | Tenda AC18 v15.03.05.19(6318_)_cn was discovered to contain a command injection vulnerability via the deviceName parameter in the setUsbUnload function. | |||
| CVE-2022-30023 | 0.02 | — | 0.44 | Jun 16, 2022 | Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function. | |||
| CVE-2025-5606 | 0.01 | — | 0.04 | Jun 4, 2025 | A vulnerability was found in Tenda AC18 15.03.05.05. It has been declared as critical. This vulnerability affects the function formSetIptv of the file /goform/SetIPTVCfg. The manipulation of the argument list leads to command injection. The attack can be initiated remotely. The… | |||
| CVE-2025-4357 | 0.01 | — | 0.12 | May 6, 2025 | A vulnerability was found in Tenda RX3 16.03.13.11_multi. It has been rated as critical. This issue affects some unknown processing of the file /goform/telnet. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to… | |||
| CVE-2025-45042 | 0.01 | — | 0.02 | May 5, 2025 | Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet function. | |||
| CVE-2025-44877 | 0.01 | — | 0.02 | May 2, 2025 | Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSambaConf function via the usbname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||
| CVE-2025-44872 | 0.01 | — | 0.02 | May 2, 2025 | Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via the deviceName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||
| CVE-2025-3693 | 0.01 | — | 0.05 | Apr 16, 2025 | A vulnerability was found in Tenda W12 3.0.0.5. It has been rated as critical. Affected by this issue is the function cgiWifiRadioSet of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been… | |||
| CVE-2025-3346 | 0.01 | — | 0.05 | Apr 7, 2025 | A vulnerability was found in Tenda AC7 15.03.06.44. It has been rated as critical. Affected by this issue is the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument pptp_server_start_ip/pptp_server_end_ip leads to buffer overflow.… | |||
| CVE-2025-29384 | 0.01 | — | 0.02 | Mar 14, 2025 | In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. | |||
| CVE-2025-0566 | 0.01 | — | 0.09 | Jan 19, 2025 | A vulnerability classified as critical has been found in Tenda AC15 15.13.07.13. This affects the function formSetDevNetName of the file /goform/SetDevNetName. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to initiate the attack… | |||
| CVE-2025-22949 | 0.01 | — | 0.02 | Jan 10, 2025 | Tenda ac9 v1.0 firmware v15.03.05.19 is vulnerable to command injection in /goform/SetSambaCfg, which may lead to remote arbitrary code execution. | |||
| CVE-2024-9793 | 0.01 | — | 0.21 | Oct 10, 2024 | A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. This vulnerability affects the function ate_iwpriv_set/ate_ifconfig_set of the file /goform/ate. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has… | |||
| CVE-2023-36103 | 0.01 | — | 0.01 | Sep 10, 2024 | Command Injection vulnerability in goform/SetIPTVCfg interface of Tenda AC15 V15.03.05.20 allows remote attackers to run arbitrary commands via crafted POST request. | |||
| CVE-2024-42987 | 0.01 | — | 0.01 | Aug 15, 2024 | Tenda FH1206 v02.03.01.35 was discovered to contain a stack-based buffer overflow vulnerability in the fromPptpUserAdd function. The vulnerability can be triggered via the modino, username, newpwd, or pptpdnetseg parameters, all of which are passed via HTTP POST and used in… | |||
| CVE-2024-40515 | 0.01 | — | 0.01 | Jul 16, 2024 | An issue in SHENZHEN TENDA TECHNOLOGY CO.,LTD Tenda AX2pro V16.03.29.48_cn allows a remote attacker to execute arbitrary code via the Routing functionality. | |||
| CVE-2024-3908 | 0.01 | — | 0.09 | Apr 17, 2024 | A vulnerability classified as critical has been found in Tenda AC500 2.0.1.9(1307). Affected is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. It is possible to launch the attack remotely. The… | |||
| CVE-2024-0930 | 0.01 | — | 0.15 | Jan 26, 2024 | A vulnerability classified as critical has been found in Tenda AC10U 15.03.06.49_multi_TDE01. This affects the function fromSetWirelessRepeat. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The… | |||
| CVE-2023-50991 | 0.01 | — | 0.09 | Jan 5, 2024 | Buffer Overflow vulnerability in Tenda i29 versions 1.0 V1.0.0.5 and 1.0 V1.0.0.2, allows remote attackers to cause a denial of service (DoS) via the pingIp parameter in the pingSet function. | |||
| CVE-2023-51091 | 0.01 | — | 0.08 | Dec 26, 2023 | Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function R7WebsSecurityHandler. | |||
| CVE-2023-51092 | 0.01 | — | 0.13 | Dec 26, 2023 | Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function upgrade. | |||
| CVE-2023-33530 | 0.01 | — | 0.01 | Jun 6, 2023 | There is a command injection vulnerability in the Tenda G103 Gigabit GPON Terminal with firmware version V1.0.0.5. If an attacker gains web management privileges, they can inject commands gaining shell privileges. |
- risk 0.24cvss 3.7epss 0.00
A security flaw has been discovered in Tenda AX9 22.03.01.46. This affects the function image_check of the component httpd. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high complexity level is associated with this attack. It is…
- risk 0.24cvss 3.7epss 0.00
A vulnerability was determined in Tenda CP6 11.10.00.243. The affected element is the function sub_2B7D04 of the component uhttp. Executing manipulation can lead to risky cryptographic algorithm. The attack may be launched remotely. This attack is characterized by high…
- risk 0.24cvss 3.7epss 0.00
A vulnerability was found in Tenda TDSEE App up to 1.7.12. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /app/ConfirmSmsCode of the component Password Reset Confirmation Code Handler. The manipulation leads to…
- risk 0.23cvss 3.5epss 0.00
There is a stack-based buffer overflow on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). Crafted POST requests to an unspecified URL result in DoS, interrupting the HTTP service (used to login to the web UI of a router) for 1 to 2 seconds.
- risk 0.20cvss —epss 0.86
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.
- risk 0.19cvss —epss 0.80
The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter.
- risk 0.18cvss —epss 0.09
An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute…
- risk 0.16cvss 2.5epss 0.00
A vulnerability was determined in Tenda AC9 15.03.05.19. The impacted element is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation causes hard-coded credentials. It is possible to launch the attack on the local host. The…
- risk 0.16cvss 2.5epss 0.00
A vulnerability was found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /etc_ro/shadow of the component MD5 Hash Handler. Performing manipulation results in hard-coded credentials. The attack needs to be approached locally. A high degree of complexity is…
- risk 0.16cvss 2.5epss 0.00
A security flaw has been discovered in Tenda AC20 16.03.08.12. Affected by this vulnerability is an unknown functionality of the file /etc_ro/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an…
- risk 0.12cvss 1.9epss 0.00
A vulnerability was determined in Tenda F1202 1.2.0.9/1.2.0.14/1.2.0.20. Impacted is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation with the input Fireitup causes hard-coded credentials. The attack can only be executed…
- risk 0.12cvss 1.9epss 0.00
A security vulnerability has been detected in Tenda W12 up to 3.0.0.6(3948). Affected is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. The manipulation leads to hard-coded credentials. An attack has to be approached locally. The…
- CVE-2024-10697Nov 2, 2024risk 0.07cvss —epss 0.26
A vulnerability has been found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac of the component API Endpoint. The manipulation of the argument mac leads to command injection. The…
- CVE-2024-41468Jul 25, 2024risk 0.07cvss —epss 0.05
Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the cmdinput parameter at /goform/exeCommand
- CVE-2024-41473Jul 25, 2024risk 0.07cvss —epss 0.07
Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the mac parameter at ip/goform/WriteFacMac
- CVE-2022-42233Oct 20, 2022risk 0.07cvss —epss 0.43
Tenda 11N with firmware version V5.07.33_cn suffers from an Authentication Bypass vulnerability.
- CVE-2020-35391Jan 1, 2021risk 0.07cvss —epss 0.35
Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_passwd line) via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related issue to CVE-2017-14942. NOTE: the vulnerability report may suggest that either…
- CVE-2024-46048Sep 13, 2024risk 0.05cvss —epss 0.11
Tenda FH451 v1.0.0.9 has a command injection vulnerability in the formexeCommand function i
- CVE-2023-46370Oct 24, 2023risk 0.05cvss —epss 0.18
Tenda W18E V16.01.0.8(1576) has a command injection vulnerability via the hostName parameter in the formSetNetCheckTools function.
- CVE-2025-7795Jul 18, 2025risk 0.04cvss —epss 0.03
A vulnerability, which was classified as critical, has been found in Tenda FH451 1.0.0.9. Affected by this issue is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be…
- CVE-2014-5246Aug 22, 2014risk 0.04cvss —epss 0.12
The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_CN allows remote attackers to bypass authentication and gain administrator access by setting the admin:language cookie to zh-cn.
- CVE-2023-49043Nov 27, 2023risk 0.03cvss —epss 0.13
Buffer Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the wpapsk_crypto parameter in the function fromSetWirelessRepeat.
- CVE-2023-25234Feb 27, 2023risk 0.03cvss —epss 0.17
Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function fromAddressNat via parameters entrys and mitInterface.
- CVE-2022-40843Nov 15, 2022risk 0.03cvss —epss 0.29
The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to improper authorization / improper session management that allows the router login page to be bypassed. This leads to authenticated attackers having the ability to read the routers syslog.log file which contains…
- CVE-2021-31758May 7, 2021risk 0.03cvss —epss 0.07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request.
- CVE-2021-31152Apr 14, 2021risk 0.03cvss —epss 0.04
Multilaser Router AC1200 V02.03.01.45_pt contains a cross-site request forgery (CSRF) vulnerability. An attacker can enable remote access, change passwords, and perform other actions through misconfigured requests, entries, and headers.
- CVE-2014-7281Oct 23, 2014risk 0.03cvss —epss 0.03
Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for requests that reboot the device via a request to goform/SysToolReboot.
- CVE-2023-33669Jun 2, 2023risk 0.02cvss —epss 0.02
Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the timeZone parameter in the sub_44db3c function.
- CVE-2023-30135May 5, 2023risk 0.02cvss —epss 0.02
Tenda AC18 v15.03.05.19(6318_)_cn was discovered to contain a command injection vulnerability via the deviceName parameter in the setUsbUnload function.
- CVE-2022-30023Jun 16, 2022risk 0.02cvss —epss 0.44
Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function.
- CVE-2025-5606Jun 4, 2025risk 0.01cvss —epss 0.04
A vulnerability was found in Tenda AC18 15.03.05.05. It has been declared as critical. This vulnerability affects the function formSetIptv of the file /goform/SetIPTVCfg. The manipulation of the argument list leads to command injection. The attack can be initiated remotely. The…
- CVE-2025-4357May 6, 2025risk 0.01cvss —epss 0.12
A vulnerability was found in Tenda RX3 16.03.13.11_multi. It has been rated as critical. This issue affects some unknown processing of the file /goform/telnet. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to…
- CVE-2025-45042May 5, 2025risk 0.01cvss —epss 0.02
Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet function.
- CVE-2025-44877May 2, 2025risk 0.01cvss —epss 0.02
Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSambaConf function via the usbname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
- CVE-2025-44872May 2, 2025risk 0.01cvss —epss 0.02
Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via the deviceName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
- CVE-2025-3693Apr 16, 2025risk 0.01cvss —epss 0.05
A vulnerability was found in Tenda W12 3.0.0.5. It has been rated as critical. Affected by this issue is the function cgiWifiRadioSet of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been…
- CVE-2025-3346Apr 7, 2025risk 0.01cvss —epss 0.05
A vulnerability was found in Tenda AC7 15.03.06.44. It has been rated as critical. Affected by this issue is the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument pptp_server_start_ip/pptp_server_end_ip leads to buffer overflow.…
- CVE-2025-29384Mar 14, 2025risk 0.01cvss —epss 0.02
In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.
- CVE-2025-0566Jan 19, 2025risk 0.01cvss —epss 0.09
A vulnerability classified as critical has been found in Tenda AC15 15.13.07.13. This affects the function formSetDevNetName of the file /goform/SetDevNetName. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to initiate the attack…
- CVE-2025-22949Jan 10, 2025risk 0.01cvss —epss 0.02
Tenda ac9 v1.0 firmware v15.03.05.19 is vulnerable to command injection in /goform/SetSambaCfg, which may lead to remote arbitrary code execution.
- CVE-2024-9793Oct 10, 2024risk 0.01cvss —epss 0.21
A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. This vulnerability affects the function ate_iwpriv_set/ate_ifconfig_set of the file /goform/ate. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has…
- CVE-2023-36103Sep 10, 2024risk 0.01cvss —epss 0.01
Command Injection vulnerability in goform/SetIPTVCfg interface of Tenda AC15 V15.03.05.20 allows remote attackers to run arbitrary commands via crafted POST request.
- CVE-2024-42987Aug 15, 2024risk 0.01cvss —epss 0.01
Tenda FH1206 v02.03.01.35 was discovered to contain a stack-based buffer overflow vulnerability in the fromPptpUserAdd function. The vulnerability can be triggered via the modino, username, newpwd, or pptpdnetseg parameters, all of which are passed via HTTP POST and used in…
- CVE-2024-40515Jul 16, 2024risk 0.01cvss —epss 0.01
An issue in SHENZHEN TENDA TECHNOLOGY CO.,LTD Tenda AX2pro V16.03.29.48_cn allows a remote attacker to execute arbitrary code via the Routing functionality.
- CVE-2024-3908Apr 17, 2024risk 0.01cvss —epss 0.09
A vulnerability classified as critical has been found in Tenda AC500 2.0.1.9(1307). Affected is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. It is possible to launch the attack remotely. The…
- CVE-2024-0930Jan 26, 2024risk 0.01cvss —epss 0.15
A vulnerability classified as critical has been found in Tenda AC10U 15.03.06.49_multi_TDE01. This affects the function fromSetWirelessRepeat. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The…
- CVE-2023-50991Jan 5, 2024risk 0.01cvss —epss 0.09
Buffer Overflow vulnerability in Tenda i29 versions 1.0 V1.0.0.5 and 1.0 V1.0.0.2, allows remote attackers to cause a denial of service (DoS) via the pingIp parameter in the pingSet function.
- CVE-2023-51091Dec 26, 2023risk 0.01cvss —epss 0.08
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function R7WebsSecurityHandler.
- CVE-2023-51092Dec 26, 2023risk 0.01cvss —epss 0.13
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function upgrade.
- CVE-2023-33530Jun 6, 2023risk 0.01cvss —epss 0.01
There is a command injection vulnerability in the Tenda G103 Gigabit GPON Terminal with firmware version V1.0.0.5. If an attacker gains web management privileges, they can inject commands gaining shell privileges.
Page 6 of 41