Vendor CVEs
Tenda
All CVEs
2,034 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-3044 | 0.00 | — | 0.01 | Feb 23, 2026 | A vulnerability has been found in Tenda AC8 16.03.34.06. This affects the function webCgiGetUploadFile of the file /cgi-bin/UploadCfg of the component Httpd Service. The manipulation of the argument boundary leads to stack-based buffer overflow. It is possible to initiate the… | |||
| CVE-2026-27514 | 0.00 | — | 0.00 | Feb 23, 2026 | Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a sensitive information exposure vulnerability in the configuration download functionality. The configuration download response includes the router password and administrative password in plaintext. The… | |||
| CVE-2026-27513 | 0.00 | — | 0.00 | Feb 23, 2026 | Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a cross-site request forgery (CSRF) vulnerability in the web-based administrative interface. The interface does not implement anti-CSRF protections, allowing an attacker to induce an authenticated… | |||
| CVE-2025-69700 | 0.00 | — | 0.03 | Feb 23, 2026 | Tenda FH1203 V2.0.1.6 contains a stack-based buffer overflow vulnerability in the modify_add_client_prio function, which is reachable via the formSetClientPrio CGI handler. | |||
| CVE-2026-2911 | 0.00 | — | 0.03 | Feb 22, 2026 | A vulnerability has been found in Tenda FH451 up to 1.0.0.9. This issue affects some unknown processing of the file /goform/GstDhcpSetSer. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and… | |||
| CVE-2026-2910 | 0.00 | — | 0.03 | Feb 22, 2026 | A flaw has been found in Tenda HG9 300001138. This vulnerability affects unknown code of the file /boaform/formPing6. Executing a manipulation of the argument pingAddr can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been… | |||
| CVE-2026-2909 | 0.00 | — | 0.01 | Feb 22, 2026 | A vulnerability was detected in Tenda HG9 300001138. This affects an unknown part of the file /boaform/formPing of the component Diagnostic Ping Endpoint. Performing a manipulation of the argument pingAddr results in stack-based buffer overflow. The attack is possible to be… | |||
| CVE-2026-2908 | 0.00 | — | 0.01 | Feb 22, 2026 | A security vulnerability has been detected in Tenda HG9 300001138. Affected by this issue is some unknown functionality of the file /boaform/formLoopBack of the component Loopback Detection Configuration Endpoint. Such manipulation of the argument Ethtype leads to stack-based… | |||
| CVE-2026-2907 | 0.00 | — | 0.01 | Feb 22, 2026 | A weakness has been identified in Tenda HG9 300001138. Affected by this vulnerability is an unknown functionality of the file /boaform/formgponConf of the component GPON Configuration Endpoint. This manipulation of the argument fmgpon_loid/fmgpon_loid_password causes stack-based… | |||
| CVE-2026-2906 | 0.00 | — | 0.01 | Feb 22, 2026 | A security flaw has been discovered in Tenda HG9 300001138. Affected is an unknown function of the file /boaform/formSamba of the component Samba Configuration Endpoint. The manipulation of the argument sambaCap results in stack-based buffer overflow. The attack may be launched… | |||
| CVE-2026-2905 | 0.00 | — | 0.01 | Feb 22, 2026 | A vulnerability was identified in Tenda HG9 300001138. This impacts an unknown function of the file /boaform/formWlanSetup of the component Wireless Configuration Endpoint. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack may be initiated… | |||
| CVE-2026-2886 | 0.00 | — | 0.01 | Feb 21, 2026 | A weakness has been identified in Tenda A21 1.0.0.0. This affects the function set_device_name of the file /goform/SetOnlineDevName. This manipulation of the argument devName causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been… | |||
| CVE-2026-2877 | 0.00 | — | 0.00 | Feb 21, 2026 | A vulnerability has been found in Tenda A18 15.13.07.13. This affects the function strcpy of the file /goform/WifiExtraSet of the component Httpd Service. The manipulation of the argument wpapsk_crypto5g leads to stack-based buffer overflow. It is possible to initiate the attack… | |||
| CVE-2026-2876 | 0.00 | — | 0.01 | Feb 21, 2026 | A vulnerability was determined in Tenda A18 15.13.07.13. This affects the function parse_macfilter_rule of the file /goform/setBlackRule. This manipulation of the argument deviceList causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been… | |||
| CVE-2026-2874 | 0.00 | — | 0.01 | Feb 21, 2026 | A flaw has been found in Tenda A21 1.0.0.0. Impacted is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. Executing a manipulation of the argument ssid can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The… | |||
| CVE-2026-2873 | 0.00 | — | 0.01 | Feb 21, 2026 | A vulnerability was detected in Tenda A21 1.0.0.0. This issue affects the function setSchedWifi of the file /goform/openSchedWifi. Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer overflow. It is possible to initiate the attack… | |||
| CVE-2026-2872 | 0.00 | — | 0.01 | Feb 21, 2026 | A security vulnerability has been detected in Tenda A21 1.0.0.0. This vulnerability affects the function set_device_name of the file /goform/setBlackRule of the component MAC Filtering Configuration Endpoint. Such manipulation of the argument devName/mac leads to stack-based… | |||
| CVE-2026-2871 | 0.00 | — | 0.01 | Feb 21, 2026 | A weakness has been identified in Tenda A21 1.0.0.0. This affects the function fromSetIpMacBind of the file /goform/SetIpMacBind. This manipulation of the argument list causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been… | |||
| CVE-2026-2870 | 0.00 | — | 0.01 | Feb 21, 2026 | A security flaw has been discovered in Tenda A21 1.0.0.0. Affected by this issue is the function set_qosMib_list of the file /goform/formSetQosBand. The manipulation of the argument list results in stack-based buffer overflow. The attack can be executed remotely. The exploit has… | |||
| CVE-2026-2203 | 0.00 | — | 0.01 | Feb 9, 2026 | A flaw has been found in Tenda AC8 16.03.33.05. Affected by this vulnerability is an unknown functionality of the file /goform/fast_setting_wifi_set of the component Embedded Httpd Service. This manipulation of the argument timeZone causes buffer overflow. Remote exploitation of… | |||
| CVE-2026-2202 | 0.00 | — | 0.01 | Feb 9, 2026 | A vulnerability was detected in Tenda AC8 16.03.33.05. Affected is the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet of the component httpd. The manipulation of the argument shareSpeed results in buffer overflow. The attack may be launched remotely. The exploit… | |||
| CVE-2026-2192 | 0.00 | — | 0.01 | Feb 8, 2026 | A security vulnerability has been detected in Tenda AC9 15.03.06.42_multi. Affected by this vulnerability is the function formGetRebootTimer. Such manipulation of the argument sys.schedulereboot.start_time/sys.schedulereboot.end_time leads to stack-based buffer overflow. The… | |||
| CVE-2026-2191 | 0.00 | — | 0.01 | Feb 8, 2026 | A weakness has been identified in Tenda AC9 15.03.06.42_multi. Affected is the function formGetDdosDefenceList. This manipulation of the argument security.ddos.map causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made available to… | |||
| CVE-2026-2187 | 0.00 | — | 0.01 | Feb 8, 2026 | A vulnerability was found in Tenda RX3 16.03.13.11. The affected element is the function set_qosMib_list of the file /goform/formSetQosBand. Performing a manipulation of the argument list results in stack-based buffer overflow. It is possible to initiate the attack remotely. The… | |||
| CVE-2026-2186 | 0.00 | — | 0.01 | Feb 8, 2026 | A vulnerability has been found in Tenda RX3 16.03.13.11. Impacted is the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument list leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been… | |||
| CVE-2026-2185 | 0.00 | — | 0.01 | Feb 8, 2026 | A flaw has been found in Tenda RX3 16.03.13.11. This issue affects the function set_device_name of the file /goform/setBlackRule of the component MAC Filtering Configuration Endpoint. This manipulation of the argument devName/mac causes stack-based buffer overflow. The attack is… | |||
| CVE-2026-2181 | 0.00 | — | 0.01 | Feb 8, 2026 | A security flaw has been discovered in Tenda RX3 16.03.13.11. Affected by this vulnerability is an unknown functionality of the file /goform/openSchedWifi. Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer overflow. The attack… | |||
| CVE-2026-2180 | 0.00 | — | 0.01 | Feb 8, 2026 | A vulnerability was identified in Tenda RX3 16.03.13.11. Affected is an unknown function of the file /goform/fast_setting_wifi_set. Such manipulation of the argument ssid_5g leads to stack-based buffer overflow. The attack can be launched remotely. The exploit is publicly… | |||
| CVE-2026-2148 | 0.00 | — | 0.01 | Feb 8, 2026 | A security vulnerability has been detected in Tenda AC21 16.03.08.16. Affected is an unknown function of the file /cgi-bin/DownloadFlash of the component Web Management Interface. The manipulation leads to information disclosure. It is possible to initiate the attack remotely.… | |||
| CVE-2026-2147 | 0.00 | — | 0.01 | Feb 8, 2026 | A weakness has been identified in Tenda AC21 16.03.08.16. This impacts an unknown function of the file /cgi-bin/DownloadLog of the component Web Management Interface. Executing a manipulation can lead to information disclosure. The attack may be performed from remote. The… | |||
| CVE-2026-2140 | 0.00 | — | 0.01 | Feb 8, 2026 | A vulnerability was identified in Tenda TX9 up to 22.03.02.10_multi. Affected by this issue is the function sub_4223E0 of the file /goform/setMacFilterCfg. Such manipulation of the argument deviceList leads to buffer overflow. The attack may be launched remotely. The exploit is… | |||
| CVE-2026-2139 | 0.00 | — | 0.01 | Feb 8, 2026 | A vulnerability was determined in Tenda TX9 up to 22.03.02.10_multi. Affected by this vulnerability is the function sub_432580 of the file /goform/fast_setting_wifi_set. This manipulation of the argument ssid causes buffer overflow. The attack may be initiated remotely. The… | |||
| CVE-2026-2138 | 0.00 | — | 0.01 | Feb 8, 2026 | A vulnerability was found in Tenda TX9 up to 22.03.02.10_multi. Affected is the function sub_42D03C of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overflow. The attack can be launched remotely. The exploit has been made public and… | |||
| CVE-2026-2137 | 0.00 | — | 0.01 | Feb 8, 2026 | A vulnerability has been found in Tenda TX3 up to 16.03.13.11_multi. This impacts an unknown function of the file /goform/SetIpMacBind. The manipulation of the argument list leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the… | |||
| CVE-2026-25857 | 0.00 | — | 0.03 | Feb 7, 2026 | Tenda G300-F router firmware version 16.01.14.2 and prior contain an OS command injection vulnerability in the WAN diagnostic functionality (formSetWanDiag). The implementation constructs a shell command that invokes curl and incorporates attacker-controlled input into the… | |||
| CVE-2026-24441 | 0.00 | — | 0.00 | Feb 3, 2026 | Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior expose account credentials in plaintext within HTTP responses, allowing an on-path attacker to obtain sensitive authentication material. | |||
| CVE-2026-24434 | 0.00 | — | 0.00 | Feb 3, 2026 | Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior does not implement CSRF protections for administrative functions in the web management interface. The interface does not enforce anti-CSRF tokens or robust origin validation, which can allow an attacker to induce a… | |||
| CVE-2026-24427 | 0.00 | — | 0.00 | Feb 3, 2026 | Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior expose sensitive information in web management responses. Administrative credentials, including the router and/or admin panel password, are included in plaintext within configuration response bodies. In addition,… | |||
| CVE-2026-24426 | 0.00 | — | 0.00 | Feb 3, 2026 | Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior contain an improper output encoding vulnerability in the web management interface. User-supplied input is reflected in HTTP responses without adequate escaping, allowing injection of arbitrary HTML or JavaScript in a… | |||
| CVE-2026-1637 | 0.00 | — | 0.01 | Jan 29, 2026 | A vulnerability was identified in Tenda AC21 16.03.08.16. The affected element is the function fromAdvSetMacMtuWan of the file /goform/AdvSetMacMtuWan. The manipulation leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly… | |||
| CVE-2026-1610 | 0.00 | — | 0.01 | Jan 29, 2026 | A vulnerability was found in Tenda AX12 Pro V2 16.03.49.24_cn. Affected by this issue is some unknown functionality of the component Telnet Service. Performing a manipulation results in hard-coded credentials. The attack is possible to be carried out remotely. A high degree of… | |||
| CVE-2026-24435 | 0.00 | — | 0.00 | Jan 26, 2026 | Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) implement an insecure Cross-Origin Resource Sharing (CORS) policy on authenticated administrative endpoints. The device sets Access-Control-Allow-Origin: * in combination with… | |||
| CVE-2026-24439 | 0.00 | — | 0.00 | Jan 26, 2026 | Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) fail to include the X-Content-Type-Options: nosniff response header on web management interfaces. As a result, browsers that perform MIME sniffing may incorrectly interpret attacker-influenced… | |||
| CVE-2026-24432 | 0.00 | — | 0.00 | Jan 26, 2026 | Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) lack cross-site request forgery (CSRF) protections on administrative endpoints, including those used to change administrator account credentials. As a result, an attacker can craft malicious requests… | |||
| CVE-2026-24433 | 0.00 | — | 0.00 | Jan 26, 2026 | Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) contain a stored cross-site scripting vulnerability in the user creation functionality. Insufficient input validation allows attacker-controlled script content to be stored and later executed when… | |||
| CVE-2026-24431 | 0.00 | — | 0.00 | Jan 26, 2026 | Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) display stored user account passwords in plaintext within the administrative web interface. Any user with access to the affected management pages can directly view credentials. | |||
| CVE-2026-24437 | 0.00 | — | 0.00 | Jan 26, 2026 | Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) serve sensitive administrative content without appropriate cache-control directives. As a result, browsers may store credential-bearing responses locally, exposing them to subsequent unauthorized… | |||
| CVE-2026-24436 | 0.00 | — | 0.00 | Jan 26, 2026 | Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) do not enforce rate limiting or account lockout mechanisms on authentication endpoints. This allows attackers to perform unrestricted brute-force attempts against administrative credentials. | |||
| CVE-2026-24428 | 0.00 | — | 0.00 | Jan 26, 2026 | Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) contain an authorization flaw in the user management API that allows a low-privileged authenticated user to change the administrator account password. By sending a crafted request directly to the… | |||
| CVE-2026-24430 | 0.00 | — | 0.00 | Jan 26, 2026 | Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) disclose sensitive account credentials in cleartext within HTTP responses generated by the maintenance interface. Because the management interface is accessible over unencrypted HTTP by default,… |
- CVE-2026-3044Feb 23, 2026risk 0.00cvss —epss 0.01
A vulnerability has been found in Tenda AC8 16.03.34.06. This affects the function webCgiGetUploadFile of the file /cgi-bin/UploadCfg of the component Httpd Service. The manipulation of the argument boundary leads to stack-based buffer overflow. It is possible to initiate the…
- CVE-2026-27514Feb 23, 2026risk 0.00cvss —epss 0.00
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a sensitive information exposure vulnerability in the configuration download functionality. The configuration download response includes the router password and administrative password in plaintext. The…
- CVE-2026-27513Feb 23, 2026risk 0.00cvss —epss 0.00
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a cross-site request forgery (CSRF) vulnerability in the web-based administrative interface. The interface does not implement anti-CSRF protections, allowing an attacker to induce an authenticated…
- CVE-2025-69700Feb 23, 2026risk 0.00cvss —epss 0.03
Tenda FH1203 V2.0.1.6 contains a stack-based buffer overflow vulnerability in the modify_add_client_prio function, which is reachable via the formSetClientPrio CGI handler.
- CVE-2026-2911Feb 22, 2026risk 0.00cvss —epss 0.03
A vulnerability has been found in Tenda FH451 up to 1.0.0.9. This issue affects some unknown processing of the file /goform/GstDhcpSetSer. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and…
- CVE-2026-2910Feb 22, 2026risk 0.00cvss —epss 0.03
A flaw has been found in Tenda HG9 300001138. This vulnerability affects unknown code of the file /boaform/formPing6. Executing a manipulation of the argument pingAddr can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been…
- CVE-2026-2909Feb 22, 2026risk 0.00cvss —epss 0.01
A vulnerability was detected in Tenda HG9 300001138. This affects an unknown part of the file /boaform/formPing of the component Diagnostic Ping Endpoint. Performing a manipulation of the argument pingAddr results in stack-based buffer overflow. The attack is possible to be…
- CVE-2026-2908Feb 22, 2026risk 0.00cvss —epss 0.01
A security vulnerability has been detected in Tenda HG9 300001138. Affected by this issue is some unknown functionality of the file /boaform/formLoopBack of the component Loopback Detection Configuration Endpoint. Such manipulation of the argument Ethtype leads to stack-based…
- CVE-2026-2907Feb 22, 2026risk 0.00cvss —epss 0.01
A weakness has been identified in Tenda HG9 300001138. Affected by this vulnerability is an unknown functionality of the file /boaform/formgponConf of the component GPON Configuration Endpoint. This manipulation of the argument fmgpon_loid/fmgpon_loid_password causes stack-based…
- CVE-2026-2906Feb 22, 2026risk 0.00cvss —epss 0.01
A security flaw has been discovered in Tenda HG9 300001138. Affected is an unknown function of the file /boaform/formSamba of the component Samba Configuration Endpoint. The manipulation of the argument sambaCap results in stack-based buffer overflow. The attack may be launched…
- CVE-2026-2905Feb 22, 2026risk 0.00cvss —epss 0.01
A vulnerability was identified in Tenda HG9 300001138. This impacts an unknown function of the file /boaform/formWlanSetup of the component Wireless Configuration Endpoint. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack may be initiated…
- CVE-2026-2886Feb 21, 2026risk 0.00cvss —epss 0.01
A weakness has been identified in Tenda A21 1.0.0.0. This affects the function set_device_name of the file /goform/SetOnlineDevName. This manipulation of the argument devName causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been…
- CVE-2026-2877Feb 21, 2026risk 0.00cvss —epss 0.00
A vulnerability has been found in Tenda A18 15.13.07.13. This affects the function strcpy of the file /goform/WifiExtraSet of the component Httpd Service. The manipulation of the argument wpapsk_crypto5g leads to stack-based buffer overflow. It is possible to initiate the attack…
- CVE-2026-2876Feb 21, 2026risk 0.00cvss —epss 0.01
A vulnerability was determined in Tenda A18 15.13.07.13. This affects the function parse_macfilter_rule of the file /goform/setBlackRule. This manipulation of the argument deviceList causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been…
- CVE-2026-2874Feb 21, 2026risk 0.00cvss —epss 0.01
A flaw has been found in Tenda A21 1.0.0.0. Impacted is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. Executing a manipulation of the argument ssid can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The…
- CVE-2026-2873Feb 21, 2026risk 0.00cvss —epss 0.01
A vulnerability was detected in Tenda A21 1.0.0.0. This issue affects the function setSchedWifi of the file /goform/openSchedWifi. Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer overflow. It is possible to initiate the attack…
- CVE-2026-2872Feb 21, 2026risk 0.00cvss —epss 0.01
A security vulnerability has been detected in Tenda A21 1.0.0.0. This vulnerability affects the function set_device_name of the file /goform/setBlackRule of the component MAC Filtering Configuration Endpoint. Such manipulation of the argument devName/mac leads to stack-based…
- CVE-2026-2871Feb 21, 2026risk 0.00cvss —epss 0.01
A weakness has been identified in Tenda A21 1.0.0.0. This affects the function fromSetIpMacBind of the file /goform/SetIpMacBind. This manipulation of the argument list causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been…
- CVE-2026-2870Feb 21, 2026risk 0.00cvss —epss 0.01
A security flaw has been discovered in Tenda A21 1.0.0.0. Affected by this issue is the function set_qosMib_list of the file /goform/formSetQosBand. The manipulation of the argument list results in stack-based buffer overflow. The attack can be executed remotely. The exploit has…
- CVE-2026-2203Feb 9, 2026risk 0.00cvss —epss 0.01
A flaw has been found in Tenda AC8 16.03.33.05. Affected by this vulnerability is an unknown functionality of the file /goform/fast_setting_wifi_set of the component Embedded Httpd Service. This manipulation of the argument timeZone causes buffer overflow. Remote exploitation of…
- CVE-2026-2202Feb 9, 2026risk 0.00cvss —epss 0.01
A vulnerability was detected in Tenda AC8 16.03.33.05. Affected is the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet of the component httpd. The manipulation of the argument shareSpeed results in buffer overflow. The attack may be launched remotely. The exploit…
- CVE-2026-2192Feb 8, 2026risk 0.00cvss —epss 0.01
A security vulnerability has been detected in Tenda AC9 15.03.06.42_multi. Affected by this vulnerability is the function formGetRebootTimer. Such manipulation of the argument sys.schedulereboot.start_time/sys.schedulereboot.end_time leads to stack-based buffer overflow. The…
- CVE-2026-2191Feb 8, 2026risk 0.00cvss —epss 0.01
A weakness has been identified in Tenda AC9 15.03.06.42_multi. Affected is the function formGetDdosDefenceList. This manipulation of the argument security.ddos.map causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made available to…
- CVE-2026-2187Feb 8, 2026risk 0.00cvss —epss 0.01
A vulnerability was found in Tenda RX3 16.03.13.11. The affected element is the function set_qosMib_list of the file /goform/formSetQosBand. Performing a manipulation of the argument list results in stack-based buffer overflow. It is possible to initiate the attack remotely. The…
- CVE-2026-2186Feb 8, 2026risk 0.00cvss —epss 0.01
A vulnerability has been found in Tenda RX3 16.03.13.11. Impacted is the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument list leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been…
- CVE-2026-2185Feb 8, 2026risk 0.00cvss —epss 0.01
A flaw has been found in Tenda RX3 16.03.13.11. This issue affects the function set_device_name of the file /goform/setBlackRule of the component MAC Filtering Configuration Endpoint. This manipulation of the argument devName/mac causes stack-based buffer overflow. The attack is…
- CVE-2026-2181Feb 8, 2026risk 0.00cvss —epss 0.01
A security flaw has been discovered in Tenda RX3 16.03.13.11. Affected by this vulnerability is an unknown functionality of the file /goform/openSchedWifi. Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer overflow. The attack…
- CVE-2026-2180Feb 8, 2026risk 0.00cvss —epss 0.01
A vulnerability was identified in Tenda RX3 16.03.13.11. Affected is an unknown function of the file /goform/fast_setting_wifi_set. Such manipulation of the argument ssid_5g leads to stack-based buffer overflow. The attack can be launched remotely. The exploit is publicly…
- CVE-2026-2148Feb 8, 2026risk 0.00cvss —epss 0.01
A security vulnerability has been detected in Tenda AC21 16.03.08.16. Affected is an unknown function of the file /cgi-bin/DownloadFlash of the component Web Management Interface. The manipulation leads to information disclosure. It is possible to initiate the attack remotely.…
- CVE-2026-2147Feb 8, 2026risk 0.00cvss —epss 0.01
A weakness has been identified in Tenda AC21 16.03.08.16. This impacts an unknown function of the file /cgi-bin/DownloadLog of the component Web Management Interface. Executing a manipulation can lead to information disclosure. The attack may be performed from remote. The…
- CVE-2026-2140Feb 8, 2026risk 0.00cvss —epss 0.01
A vulnerability was identified in Tenda TX9 up to 22.03.02.10_multi. Affected by this issue is the function sub_4223E0 of the file /goform/setMacFilterCfg. Such manipulation of the argument deviceList leads to buffer overflow. The attack may be launched remotely. The exploit is…
- CVE-2026-2139Feb 8, 2026risk 0.00cvss —epss 0.01
A vulnerability was determined in Tenda TX9 up to 22.03.02.10_multi. Affected by this vulnerability is the function sub_432580 of the file /goform/fast_setting_wifi_set. This manipulation of the argument ssid causes buffer overflow. The attack may be initiated remotely. The…
- CVE-2026-2138Feb 8, 2026risk 0.00cvss —epss 0.01
A vulnerability was found in Tenda TX9 up to 22.03.02.10_multi. Affected is the function sub_42D03C of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overflow. The attack can be launched remotely. The exploit has been made public and…
- CVE-2026-2137Feb 8, 2026risk 0.00cvss —epss 0.01
A vulnerability has been found in Tenda TX3 up to 16.03.13.11_multi. This impacts an unknown function of the file /goform/SetIpMacBind. The manipulation of the argument list leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the…
- CVE-2026-25857Feb 7, 2026risk 0.00cvss —epss 0.03
Tenda G300-F router firmware version 16.01.14.2 and prior contain an OS command injection vulnerability in the WAN diagnostic functionality (formSetWanDiag). The implementation constructs a shell command that invokes curl and incorporates attacker-controlled input into the…
- CVE-2026-24441Feb 3, 2026risk 0.00cvss —epss 0.00
Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior expose account credentials in plaintext within HTTP responses, allowing an on-path attacker to obtain sensitive authentication material.
- CVE-2026-24434Feb 3, 2026risk 0.00cvss —epss 0.00
Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior does not implement CSRF protections for administrative functions in the web management interface. The interface does not enforce anti-CSRF tokens or robust origin validation, which can allow an attacker to induce a…
- CVE-2026-24427Feb 3, 2026risk 0.00cvss —epss 0.00
Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior expose sensitive information in web management responses. Administrative credentials, including the router and/or admin panel password, are included in plaintext within configuration response bodies. In addition,…
- CVE-2026-24426Feb 3, 2026risk 0.00cvss —epss 0.00
Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior contain an improper output encoding vulnerability in the web management interface. User-supplied input is reflected in HTTP responses without adequate escaping, allowing injection of arbitrary HTML or JavaScript in a…
- CVE-2026-1637Jan 29, 2026risk 0.00cvss —epss 0.01
A vulnerability was identified in Tenda AC21 16.03.08.16. The affected element is the function fromAdvSetMacMtuWan of the file /goform/AdvSetMacMtuWan. The manipulation leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly…
- CVE-2026-1610Jan 29, 2026risk 0.00cvss —epss 0.01
A vulnerability was found in Tenda AX12 Pro V2 16.03.49.24_cn. Affected by this issue is some unknown functionality of the component Telnet Service. Performing a manipulation results in hard-coded credentials. The attack is possible to be carried out remotely. A high degree of…
- CVE-2026-24435Jan 26, 2026risk 0.00cvss —epss 0.00
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) implement an insecure Cross-Origin Resource Sharing (CORS) policy on authenticated administrative endpoints. The device sets Access-Control-Allow-Origin: * in combination with…
- CVE-2026-24439Jan 26, 2026risk 0.00cvss —epss 0.00
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) fail to include the X-Content-Type-Options: nosniff response header on web management interfaces. As a result, browsers that perform MIME sniffing may incorrectly interpret attacker-influenced…
- CVE-2026-24432Jan 26, 2026risk 0.00cvss —epss 0.00
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) lack cross-site request forgery (CSRF) protections on administrative endpoints, including those used to change administrator account credentials. As a result, an attacker can craft malicious requests…
- CVE-2026-24433Jan 26, 2026risk 0.00cvss —epss 0.00
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) contain a stored cross-site scripting vulnerability in the user creation functionality. Insufficient input validation allows attacker-controlled script content to be stored and later executed when…
- CVE-2026-24431Jan 26, 2026risk 0.00cvss —epss 0.00
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) display stored user account passwords in plaintext within the administrative web interface. Any user with access to the affected management pages can directly view credentials.
- CVE-2026-24437Jan 26, 2026risk 0.00cvss —epss 0.00
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) serve sensitive administrative content without appropriate cache-control directives. As a result, browsers may store credential-bearing responses locally, exposing them to subsequent unauthorized…
- CVE-2026-24436Jan 26, 2026risk 0.00cvss —epss 0.00
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) do not enforce rate limiting or account lockout mechanisms on authentication endpoints. This allows attackers to perform unrestricted brute-force attempts against administrative credentials.
- CVE-2026-24428Jan 26, 2026risk 0.00cvss —epss 0.00
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) contain an authorization flaw in the user management API that allows a low-privileged authenticated user to change the administrator account password. By sending a crafted request directly to the…
- CVE-2026-24430Jan 26, 2026risk 0.00cvss —epss 0.00
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) disclose sensitive account credentials in cleartext within HTTP responses generated by the maintenance interface. Because the management interface is accessible over unencrypted HTTP by default,…
Page 9 of 41