VYPR

Vendor CVEs

Tenda

All CVEs

2,034 total · sorted by risk
  • CVE-2023-2649May 11, 2023
    risk 0.01cvss epss 0.10

    A vulnerability was found in Tenda AC23 16.03.07.45_cn. It has been declared as critical. This vulnerability affects unknown code of the file /bin/ate of the component Service Port 7329. The manipulation of the argument v2 leads to command injection. The attack can be initiated…

  • CVE-2023-26976Apr 4, 2023
    risk 0.01cvss epss 0.16

    Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.

  • CVE-2022-46538Dec 20, 2022
    risk 0.01cvss epss 0.02

    Tenda F1203 V2.0.1.6 was discovered to contain a command injection vulnerability via the mac parameter at /goform/WriteFacMac.

  • CVE-2022-45043Dec 12, 2022
    risk 0.01cvss epss 0.02

    Tenda AX12 V22.03.01.16_cn is vulnerable to command injection via goform/fast_setting_internet_set.

  • CVE-2022-45506Dec 8, 2022
    risk 0.01cvss epss 0.02

    Tenda W30E v1.0.1.25(633) was discovered to contain a command injection vulnerability via the fileNameMit parameter at /goform/delFileName.

  • CVE-2022-45497Dec 8, 2022
    risk 0.01cvss epss 0.02

    Tenda W6-S v1.0.0.4(510) was discovered to contain a command injection vulnerability in the tpi_get_ping_output function at /goform/exeCommand.

  • CVE-2022-45504Dec 8, 2022
    risk 0.01cvss epss 0.18

    An issue in the component tpi_systool_handle(0) (/goform/SysToolRestoreSet) of Tenda W6-S v1.0.0.4(510) allows unauthenticated attackers to arbitrarily reboot the device.

  • CVE-2022-37810Aug 25, 2022
    risk 0.01cvss epss 0.02

    Tenda AC1206 V15.03.06.23 was discovered to contain a command injection vulnerability via the mac parameter in the function formWriteFacMac.

  • CVE-2022-36273Aug 16, 2022
    risk 0.01cvss epss 0.02

    Tenda AC9 V15.03.2.21_cn is vulnerable to command injection via goform/SetSysTimeCfg.

  • CVE-2022-35555Aug 11, 2022
    risk 0.01cvss epss 0.25

    A command injection vulnerability exists in /goform/exeCommand in Tenda W6 V1.0.0.9(4122), which allows attackers to construct cmdinput parameters for arbitrary command execution.

  • CVE-2022-32054Jul 7, 2022
    risk 0.01cvss epss 0.31

    Tenda AC10 US_AC10V1.0RTL_V15.03.06.26_multi_TD01 was discovered to contain a remote code execution (RCE) vulnerability via the lanIp parameter.

  • CVE-2022-34596Jul 6, 2022
    risk 0.01cvss epss 0.03

    Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function WanParameterSetting.

  • CVE-2022-34595Jul 6, 2022
    risk 0.01cvss epss 0.03

    Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function setipv6status.

  • CVE-2022-31446Jun 14, 2022
    risk 0.01cvss epss 0.32

    Tenda AC18 router V15.03.05.19 and V15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at ip/goform/WriteFacMac.

  • CVE-2022-30425May 27, 2022
    risk 0.01cvss epss 0.19

    Tenda Technology Co.,Ltd HG6 3.3.0-210926 was discovered to contain a command injection vulnerability via the pingAddr and traceAddr parameters. This vulnerability is exploited via a crafted POST request.

  • CVE-2022-29592May 5, 2022
    risk 0.01cvss epss 0.20

    Tenda TX9 Pro 22.03.02.10 devices allow OS command injection via set_route (called by doSystemCmd_route).

  • CVE-2022-28557May 4, 2022
    risk 0.01cvss epss 0.22

    There is a command injection vulnerability at the /goform/setsambacfg interface of Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin device web, which can also cooperate with CVE-2021-44971 to cause unconditional arbitrary command execution

  • CVE-2022-28572May 2, 2022
    risk 0.01cvss epss 0.03

    Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability in `SetIPv6Status` function

  • CVE-2022-27083Mar 23, 2022
    risk 0.01cvss epss 0.03

    Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadAccessCodePic.

  • CVE-2022-27081Mar 23, 2022
    risk 0.01cvss epss 0.03

    Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetLanInfo.

  • CVE-2022-27082Mar 23, 2022
    risk 0.01cvss epss 0.03

    Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetInternetLanInfo.

  • CVE-2022-27080Mar 23, 2022
    risk 0.01cvss epss 0.03

    Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setWorkmode.

  • CVE-2022-27079Mar 23, 2022
    risk 0.01cvss epss 0.03

    Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setPicListItem.

  • CVE-2022-27078Mar 23, 2022
    risk 0.01cvss epss 0.03

    Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setAdInfoDetail.

  • CVE-2022-27076Mar 23, 2022
    risk 0.01cvss epss 0.03

    Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/delAd.

  • CVE-2022-27077Mar 23, 2022
    risk 0.01cvss epss 0.03

    Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadWeiXinPic.

  • CVE-2022-26536Mar 23, 2022
    risk 0.01cvss epss 0.03

    Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setFixTools.

  • CVE-2022-26290Mar 23, 2022
    risk 0.01cvss epss 0.03

    Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/WriteFacMac.

  • CVE-2022-26289Mar 23, 2022
    risk 0.01cvss epss 0.03

    Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/exeCommand.

  • CVE-2022-25441Mar 18, 2022
    risk 0.01cvss epss 0.05

    Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the vlanid parameter in the SetIPTVCfg function.

  • CVE-2022-25438Mar 18, 2022
    risk 0.01cvss epss 0.05

    Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the SetIPTVCfg function.

  • CVE-2021-45401Feb 18, 2022
    risk 0.01cvss epss 0.03

    A Command injection vulnerability exists in Tenda AC10U AC1200 Smart Dual-band Wireless Router AC10U V1.0 Firmware V15.03.06.49_multi via the setUsbUnload functionality. The vulnerability is caused because the client controlled "deviceName" value is passed directly to the…

  • CVE-2022-24144Feb 4, 2022
    risk 0.01cvss epss 0.19

    Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function WanParameterSetting. This vulnerability allows attackers to execute arbitrary commands via the gateway, dns1, and dns2 parameters.

  • CVE-2022-24148Feb 4, 2022
    risk 0.01cvss epss 0.03

    Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function mDMZSetCfg. This vulnerability allows attackers to execute arbitrary commands via the dmzIp parameter.

  • CVE-2022-24150Feb 4, 2022
    risk 0.01cvss epss 0.03

    Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function formSetSafeWanWebMan. This vulnerability allows attackers to execute arbitrary commands via the remoteIp parameter.

  • CVE-2020-22079Oct 29, 2021
    risk 0.01cvss epss 0.04

    Stack-based buffer overflow in Tenda AC-10U AC1200 Router US_AC10UV1.0RTL_V15.03.06.48_multi_TDE01 allows remote attackers to execute arbitrary code via the timeZone parameter to goform/SetSysTimeCfg.

  • CVE-2020-10988Jul 13, 2020
    risk 0.01cvss epss 0.03

    A hard-coded telnet credential in the tenda_login binary of Tenda AC15 AC1900 version 15.03.05.19 allows unauthenticated remote attackers to start a telnetd service on the device.

  • CVE-2026-51844Jun 19, 2026
    risk 0.00cvss epss 0.00

    Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the cloneType parameter.

  • CVE-2026-51845Jun 19, 2026
    risk 0.00cvss epss 0.00

    Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the mac parameter.

  • CVE-2026-51846Jun 19, 2026
    risk 0.00cvss epss 0.01

    In Tenda AC7 v15.03.06.44, the wanSpeed parameter of the route /goform/AdvSetMacMtuWan has a stack buffer overflow vulnerability that can lead to remote arbitrary code execution.

  • CVE-2026-51843Jun 19, 2026
    risk 0.00cvss epss 0.00

    Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the wanMTU parameter.

  • CVE-2026-5046Mar 29, 2026
    risk 0.00cvss epss 0.01

    A flaw has been found in Tenda FH1201 1.2.0.14(408). Affected is the function formWrlExtraSet of the file /goform/WrlExtraSet of the component Parameter Handler. Executing a manipulation of the argument GO can lead to stack-based buffer overflow. The attack may be performed from…

  • CVE-2026-5045Mar 29, 2026
    risk 0.00cvss epss 0.01

    A vulnerability was detected in Tenda FH1201 1.2.0.14(408). This impacts the function WrlclientSet of the file /goform/WrlclientSet of the component Parameter Handler. Performing a manipulation of the argument GO results in stack-based buffer overflow. The attack is possible to…

  • CVE-2026-5036Mar 29, 2026
    risk 0.00cvss epss 0.01

    A vulnerability was found in Tenda 4G06 04.06.01.29. This vulnerability affects the function fromDhcpListClient of the file /goform/DhcpListClient of the component Endpoint. Performing a manipulation of the argument page results in stack-based buffer overflow. The attack can be…

  • CVE-2026-5021Mar 29, 2026
    risk 0.00cvss epss 0.01

    A flaw has been found in Tenda F453 1.0.0.3. This affects the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. This manipulation of the argument delno causes stack-based buffer overflow. Remote exploitation of the attack is possible. The…

  • CVE-2026-4974Mar 27, 2026
    risk 0.00cvss epss 0.01

    A flaw has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg of the component POST Request Handler. Executing a manipulation of the argument Time can lead to stack-based buffer overflow. It is possible to…

  • CVE-2026-4902Mar 26, 2026
    risk 0.00cvss epss 0.01

    A vulnerability was detected in Tenda AC5 15.03.06.47. This affects the function fromAddressNat of the file /goform/addressNat of the component POST Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The attack can be launched…

  • CVE-2026-4254Mar 16, 2026
    risk 0.00cvss epss 0.01

    A weakness has been identified in Tenda AC8 up to 16.03.50.11. This vulnerability affects the function doSystemCmd of the file /goform/SysToolChangePwd of the component HTTP Endpoint. This manipulation of the argument local_2c causes stack-based buffer overflow. The attack can…

  • CVE-2026-3811Mar 9, 2026
    risk 0.00cvss epss 0.01

    A vulnerability was found in Tenda FH1202 1.2.0.14(408). This impacts the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument page results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been made…

  • CVE-2026-3810Mar 9, 2026
    risk 0.00cvss epss 0.01

    A vulnerability has been found in Tenda FH1202 1.2.0.14(408). This affects the function fromDhcpListClient of the file /goform/DhcpListClient. The manipulation of the argument page leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit…

Page 7 of 41