VYPR

Vendor CVEs

Tenda

All CVEs

2,034 total · sorted by risk
  • CVE-2025-14636LowDec 13, 2025
    risk 0.24cvss 3.7epss 0.00

    A security flaw has been discovered in Tenda AX9 22.03.01.46. This affects the function image_check of the component httpd. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high complexity level is associated with this attack. It is…

  • CVE-2025-9828LowSep 2, 2025
    risk 0.24cvss 3.7epss 0.00

    A vulnerability was determined in Tenda CP6 11.10.00.243. The affected element is the function sub_2B7D04 of the component uhttp. Executing manipulation can lead to risky cryptographic algorithm. The attack may be launched remotely. This attack is characterized by high…

  • CVE-2025-5864LowJun 9, 2025
    risk 0.24cvss 3.7epss 0.00

    A vulnerability was found in Tenda TDSEE App up to 1.7.12. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /app/ConfirmSmsCode of the component Password Reset Confirmation Code Handler. The manipulation leads to…

  • CVE-2017-9139LowMay 21, 2017
    risk 0.23cvss 3.5epss 0.00

    There is a stack-based buffer overflow on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). Crafted POST requests to an unspecified URL result in DoS, interrupting the HTTP service (used to login to the web UI of a router) for 1 to 2 seconds.

  • CVE-2021-31755KEVMay 7, 2021
    risk 0.20cvss epss 0.86

    An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.

  • CVE-2020-10987KEVJul 13, 2020
    risk 0.19cvss epss 0.80

    The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter.

  • CVE-2018-14558KEVOct 30, 2018
    risk 0.18cvss epss 0.09

    An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute…

  • CVE-2025-9731LowAug 31, 2025
    risk 0.16cvss 2.5epss 0.00

    A vulnerability was determined in Tenda AC9 15.03.05.19. The impacted element is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation causes hard-coded credentials. It is possible to launch the attack on the local host. The…

  • CVE-2025-9309LowAug 21, 2025
    risk 0.16cvss 2.5epss 0.00

    A vulnerability was found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /etc_ro/shadow of the component MD5 Hash Handler. Performing manipulation results in hard-coded credentials. The attack needs to be approached locally. A high degree of complexity is…

  • CVE-2025-9091LowAug 17, 2025
    risk 0.16cvss 2.5epss 0.00

    A security flaw has been discovered in Tenda AC20 16.03.08.12. Affected by this vulnerability is an unknown functionality of the file /etc_ro/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an…

  • CVE-2025-9806LowSep 2, 2025
    risk 0.12cvss 1.9epss 0.00

    A vulnerability was determined in Tenda F1202 1.2.0.9/1.2.0.14/1.2.0.20. Impacted is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation with the input Fireitup causes hard-coded credentials. The attack can only be executed…

  • CVE-2025-9778LowSep 1, 2025
    risk 0.12cvss 1.9epss 0.00

    A security vulnerability has been detected in Tenda W12 up to 3.0.0.6(3948). Affected is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. The manipulation leads to hard-coded credentials. An attack has to be approached locally. The…

  • CVE-2024-10697Nov 2, 2024
    risk 0.07cvss epss 0.26

    A vulnerability has been found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac of the component API Endpoint. The manipulation of the argument mac leads to command injection. The…

  • CVE-2024-41468Jul 25, 2024
    risk 0.07cvss epss 0.05

    Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the cmdinput parameter at /goform/exeCommand

  • CVE-2024-41473Jul 25, 2024
    risk 0.07cvss epss 0.07

    Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the mac parameter at ip/goform/WriteFacMac

  • CVE-2022-42233Oct 20, 2022
    risk 0.07cvss epss 0.43

    Tenda 11N with firmware version V5.07.33_cn suffers from an Authentication Bypass vulnerability.

  • CVE-2020-35391Jan 1, 2021
    risk 0.07cvss epss 0.35

    Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information (possibly including an http_passwd line) via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related issue to CVE-2017-14942. NOTE: the vulnerability report may suggest that either…

  • CVE-2024-46048Sep 13, 2024
    risk 0.05cvss epss 0.11

    Tenda FH451 v1.0.0.9 has a command injection vulnerability in the formexeCommand function i

  • CVE-2023-46370Oct 24, 2023
    risk 0.05cvss epss 0.18

    Tenda W18E V16.01.0.8(1576) has a command injection vulnerability via the hostName parameter in the formSetNetCheckTools function.

  • CVE-2025-7795Jul 18, 2025
    risk 0.04cvss epss 0.03

    A vulnerability, which was classified as critical, has been found in Tenda FH451 1.0.0.9. Affected by this issue is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be…

  • CVE-2014-5246Aug 22, 2014
    risk 0.04cvss epss 0.12

    The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_CN allows remote attackers to bypass authentication and gain administrator access by setting the admin:language cookie to zh-cn.

  • CVE-2023-49043Nov 27, 2023
    risk 0.03cvss epss 0.13

    Buffer Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the wpapsk_crypto parameter in the function fromSetWirelessRepeat.

  • CVE-2023-25234Feb 27, 2023
    risk 0.03cvss epss 0.17

    Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function fromAddressNat via parameters entrys and mitInterface.

  • CVE-2022-40843Nov 15, 2022
    risk 0.03cvss epss 0.29

    The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to improper authorization / improper session management that allows the router login page to be bypassed. This leads to authenticated attackers having the ability to read the routers syslog.log file which contains…

  • CVE-2021-31758May 7, 2021
    risk 0.03cvss epss 0.07

    An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request.

  • CVE-2021-31152Apr 14, 2021
    risk 0.03cvss epss 0.04

    Multilaser Router AC1200 V02.03.01.45_pt contains a cross-site request forgery (CSRF) vulnerability. An attacker can enable remote access, change passwords, and perform other actions through misconfigured requests, entries, and headers.

  • CVE-2014-7281Oct 23, 2014
    risk 0.03cvss epss 0.03

    Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for requests that reboot the device via a request to goform/SysToolReboot.

  • CVE-2023-33669Jun 2, 2023
    risk 0.02cvss epss 0.02

    Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the timeZone parameter in the sub_44db3c function.

  • CVE-2023-30135May 5, 2023
    risk 0.02cvss epss 0.02

    Tenda AC18 v15.03.05.19(6318_)_cn was discovered to contain a command injection vulnerability via the deviceName parameter in the setUsbUnload function.

  • CVE-2022-30023Jun 16, 2022
    risk 0.02cvss epss 0.44

    Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function.

  • CVE-2025-5606Jun 4, 2025
    risk 0.01cvss epss 0.04

    A vulnerability was found in Tenda AC18 15.03.05.05. It has been declared as critical. This vulnerability affects the function formSetIptv of the file /goform/SetIPTVCfg. The manipulation of the argument list leads to command injection. The attack can be initiated remotely. The…

  • CVE-2025-4357May 6, 2025
    risk 0.01cvss epss 0.12

    A vulnerability was found in Tenda RX3 16.03.13.11_multi. It has been rated as critical. This issue affects some unknown processing of the file /goform/telnet. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to…

  • CVE-2025-45042May 5, 2025
    risk 0.01cvss epss 0.02

    Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet function.

  • CVE-2025-44877May 2, 2025
    risk 0.01cvss epss 0.02

    Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSambaConf function via the usbname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

  • CVE-2025-44872May 2, 2025
    risk 0.01cvss epss 0.02

    Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via the deviceName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

  • CVE-2025-3693Apr 16, 2025
    risk 0.01cvss epss 0.05

    A vulnerability was found in Tenda W12 3.0.0.5. It has been rated as critical. Affected by this issue is the function cgiWifiRadioSet of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been…

  • CVE-2025-3346Apr 7, 2025
    risk 0.01cvss epss 0.05

    A vulnerability was found in Tenda AC7 15.03.06.44. It has been rated as critical. Affected by this issue is the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument pptp_server_start_ip/pptp_server_end_ip leads to buffer overflow.…

  • CVE-2025-29384Mar 14, 2025
    risk 0.01cvss epss 0.02

    In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.

  • CVE-2025-0566Jan 19, 2025
    risk 0.01cvss epss 0.09

    A vulnerability classified as critical has been found in Tenda AC15 15.13.07.13. This affects the function formSetDevNetName of the file /goform/SetDevNetName. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to initiate the attack…

  • CVE-2025-22949Jan 10, 2025
    risk 0.01cvss epss 0.02

    Tenda ac9 v1.0 firmware v15.03.05.19 is vulnerable to command injection in /goform/SetSambaCfg, which may lead to remote arbitrary code execution.

  • CVE-2024-9793Oct 10, 2024
    risk 0.01cvss epss 0.21

    A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. This vulnerability affects the function ate_iwpriv_set/ate_ifconfig_set of the file /goform/ate. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has…

  • CVE-2023-36103Sep 10, 2024
    risk 0.01cvss epss 0.01

    Command Injection vulnerability in goform/SetIPTVCfg interface of Tenda AC15 V15.03.05.20 allows remote attackers to run arbitrary commands via crafted POST request.

  • CVE-2024-42987Aug 15, 2024
    risk 0.01cvss epss 0.01

    Tenda FH1206 v02.03.01.35 was discovered to contain a stack-based buffer overflow vulnerability in the fromPptpUserAdd function. The vulnerability can be triggered via the modino, username, newpwd, or pptpdnetseg parameters, all of which are passed via HTTP POST and used in…

  • CVE-2024-40515Jul 16, 2024
    risk 0.01cvss epss 0.01

    An issue in SHENZHEN TENDA TECHNOLOGY CO.,LTD Tenda AX2pro V16.03.29.48_cn allows a remote attacker to execute arbitrary code via the Routing functionality.

  • CVE-2024-3908Apr 17, 2024
    risk 0.01cvss epss 0.09

    A vulnerability classified as critical has been found in Tenda AC500 2.0.1.9(1307). Affected is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. It is possible to launch the attack remotely. The…

  • CVE-2024-0930Jan 26, 2024
    risk 0.01cvss epss 0.15

    A vulnerability classified as critical has been found in Tenda AC10U 15.03.06.49_multi_TDE01. This affects the function fromSetWirelessRepeat. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The…

  • CVE-2023-50991Jan 5, 2024
    risk 0.01cvss epss 0.09

    Buffer Overflow vulnerability in Tenda i29 versions 1.0 V1.0.0.5 and 1.0 V1.0.0.2, allows remote attackers to cause a denial of service (DoS) via the pingIp parameter in the pingSet function.

  • CVE-2023-51091Dec 26, 2023
    risk 0.01cvss epss 0.08

    Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function R7WebsSecurityHandler.

  • CVE-2023-51092Dec 26, 2023
    risk 0.01cvss epss 0.13

    Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function upgrade.

  • CVE-2023-33530Jun 6, 2023
    risk 0.01cvss epss 0.01

    There is a command injection vulnerability in the Tenda G103 Gigabit GPON Terminal with firmware version V1.0.0.5. If an attacker gains web management privileges, they can inject commands gaining shell privileges.

Page 6 of 41