Filtered by vendor Tenda
Subscribe
Total
1705 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-71025 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2026-01-16 | N/A | 7.5 HIGH |
| Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the cloneType2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
| CVE-2025-71027 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2026-01-16 | N/A | 7.5 HIGH |
| Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanMTU2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
| CVE-2025-71026 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2026-01-16 | N/A | 7.5 HIGH |
| Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanSpeed2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
| CVE-2026-0640 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2026-01-15 | 9.0 HIGH | 8.8 HIGH |
| A weakness has been identified in Tenda AC23 16.03.07.52. This affects the function sscanf of the file /goform/PowerSaveSet. Executing a manipulation of the argument Time can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2026-0581 | 1 Tenda | 2 Ac1206, Ac1206 Firmware | 2026-01-12 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was determined in Tenda AC1206 15.03.06.23. Affected by this issue is the function formBehaviorManager of the file /goform/BehaviorManager of the component httpd. Executing a manipulation of the argument modulename/option/data/switch can lead to command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-15229 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2026-01-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been found in Tenda CH22 up to 1.0.0.1. Affected by this vulnerability is the function fromDhcpListClient of the file /goform/DhcpListClient. Such manipulation of the argument LISTLEN leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-15216 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2026-01-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was identified in Tenda AC23 16.03.07.52. This impacts the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument bindnum leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used. | |||||
| CVE-2025-15215 | 1 Tenda | 2 Ac10u, Ac10u Firmware | 2026-01-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was determined in Tenda AC10U 15.03.06.48/15.03.06.49. This affects the function formSetPPTPUserList of the file /goform/setPptpUserList of the component HTTP POST Request Handler. This manipulation of the argument list causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-15253 | 1 Tenda | 2 M3, M3 Firmware | 2026-01-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in Tenda M3 1.0.0.13(4903). The impacted element is an unknown function of the file /goform/exeCommand. Such manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-15252 | 1 Tenda | 2 M3, M3 Firmware | 2026-01-02 | 9.0 HIGH | 8.8 HIGH |
| A flaw has been found in Tenda M3 1.0.0.13(4903). The affected element is the function formSetRemoteDhcpForAp of the file /goform/setDhcpAP. This manipulation of the argument startip/endip/leasetime/gateway/dns1/dns2 causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used. | |||||
| CVE-2025-15232 | 1 Tenda | 2 M3, M3 Firmware | 2026-01-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was identified in Tenda M3 1.0.0.13(4903). This vulnerability affects the function formSetAdPushInfo of the file /goform/setAdPushInfo. The manipulation of the argument mac/terminal leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. | |||||
| CVE-2025-67073 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2026-01-02 | N/A | 9.8 CRITICAL |
| A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serviceName`) to /goform/AdvSetMacMtuWan. | |||||
| CVE-2025-67074 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2026-01-02 | N/A | 6.5 MEDIUM |
| A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serverName`) to /goform/AdvSetMacMtuWan. | |||||
| CVE-2025-15356 | 1 Tenda | 2 Ac20, Ac20 Firmware | 2025-12-31 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in Tenda AC20 up to 16.03.08.12. The impacted element is the function sscanf of the file /goform/PowerSaveSet. The manipulation of the argument powerSavingEn/time/powerSaveDelay/ledCloseType leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-14992 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-12-31 | 9.0 HIGH | 8.8 HIGH |
| A security vulnerability has been detected in Tenda AC18 15.03.05.05. The impacted element is the function strcpy of the file /goform/GetParentControlInfo of the component HTTP Request Handler. The manipulation of the argument mac leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2025-14993 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-12-31 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was detected in Tenda AC18 15.03.05.05. This affects the function sprintf of the file /goform/SetDlnaCfg of the component HTTP Request Handler. The manipulation of the argument scanList results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be used. | |||||
| CVE-2025-14995 | 1 Tenda | 2 Fh1201, Fh1201 Firmware | 2025-12-31 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in Tenda FH1201 1.2.0.14(408). Affected is the function sprintf of the file /goform/SetIpBind. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-14994 | 1 Tenda | 4 Fh1201, Fh1201 Firmware, Fh1206 and 1 more | 2025-12-31 | 9.0 HIGH | 8.8 HIGH |
| A flaw has been found in Tenda FH1201 and FH1206 1.2.0.14(408)/1.2.0.8(8155). This impacts the function strcat of the file /goform/webtypelibrary of the component HTTP Request Handler. This manipulation of the argument webSiteId causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. | |||||
| CVE-2025-9806 | 1 Tenda | 2 F1202, F1202 Firmware | 2025-12-31 | 0.8 LOW | 1.9 LOW |
| A vulnerability was determined in Tenda F1202 1.2.0.9/1.2.0.14/1.2.0.20. Impacted is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation with the input Fireitup causes hard-coded credentials. The attack can only be executed locally. A high degree of complexity is needed for the attack. The exploitability is considered difficult. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-15010 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2025-12-30 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability has been found in Tenda WH450 1.0.0.18. This issue affects some unknown processing of the file /goform/SafeUrlFilter. The manipulation of the argument page leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. | |||||