Filtered by vendor Tenda
Subscribe
Total
1526 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-40894 | 1 Tenda | 2 Ac8 Firmware, Ac8v4 | 2025-12-08 | N/A | 9.8 CRITICAL |
| Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list at /goform/SetStaticRouteCfg. | |||||
| CVE-2023-40891 | 1 Tenda | 2 Ac8 Firmware, Ac8v4 | 2025-12-08 | N/A | 9.8 CRITICAL |
| Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter firewallEn at /goform/SetFirewallCfg. | |||||
| CVE-2023-48194 | 1 Tenda | 2 Ac8 Firmware, Ac8v4 | 2025-12-08 | N/A | 9.8 CRITICAL |
| Vulnerability in Tenda AC8v4 .V16.03.34.09 due to sscanf and the last digit of s8 being overwritten with \x0. After executing set_client_qos, control over the gp register can be obtained. | |||||
| CVE-2023-40898 | 1 Tenda | 2 Ac8 Firmware, Ac8v4 | 2025-12-08 | N/A | 9.8 CRITICAL |
| Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter timeZone at /goform/SetSysTimeCfg. | |||||
| CVE-2023-40897 | 1 Tenda | 2 Ac8 Firmware, Ac8v4 | 2025-12-08 | N/A | 9.8 CRITICAL |
| Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter mac at /goform/GetParentControlInfo. | |||||
| CVE-2023-40900 | 1 Tenda | 2 Ac8 Firmware, Ac8v4 | 2025-12-08 | N/A | 9.8 CRITICAL |
| Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list at /goform/SetNetControlList. | |||||
| CVE-2023-40895 | 1 Tenda | 2 Ac8 Firmware, Ac8v4 | 2025-12-08 | N/A | 9.8 CRITICAL |
| Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list at /goform/SetVirtualServerCfg. | |||||
| CVE-2025-61498 | 1 Tenda | 2 Ac8, Ac8 Firmware | 2025-12-08 | N/A | 7.5 HIGH |
| A buffer overflow in the UPnP service of Tenda AC8 Hardware v03.03.10.01 allows attackers to cause a Denial of Service (DoS) via supplying a crafted packet. | |||||
| CVE-2025-63834 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-12-01 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability was discovered in Tenda AC18 v15.03.05.05_multi. The vulnerability exists in the ssid parameter of the wireless settings. Remote attackers can inject malicious payloads that execute when any user visits the router's homepage. | |||||
| CVE-2025-13445 | 1 Tenda | 2 Ac21, Ac21 Firmware | 2025-11-21 | 9.0 HIGH | 8.8 HIGH |
| A flaw has been found in Tenda AC21 16.03.08.16. This affects an unknown part of the file /goform/SetIpMacBind. Executing manipulation of the argument list can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been published and may be used. | |||||
| CVE-2025-13446 | 1 Tenda | 2 Ac21, Ac21 Firmware | 2025-11-21 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in Tenda AC21 16.03.08.16. This vulnerability affects unknown code of the file /goform/SetSysTimeCfg. The manipulation of the argument timeZone/time leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-65220 | 1 Tenda | 2 Ac21, Ac21 Firmware | 2025-11-21 | N/A | 4.3 MEDIUM |
| Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow in: /goform/SetVirtualServerCfg via the list parameter. | |||||
| CVE-2025-65221 | 1 Tenda | 2 Ac21, Ac21 Firmware | 2025-11-21 | N/A | 4.3 MEDIUM |
| Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the list parameter of /goform/setPptpUserList. | |||||
| CVE-2025-65222 | 1 Tenda | 2 Ac21, Ac21 Firmware | 2025-11-21 | N/A | 4.3 MEDIUM |
| Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the rebootTime parameter of /goform/SetSysAutoRebbotCfg. | |||||
| CVE-2025-65223 | 1 Tenda | 2 Ac21, Ac21 Firmware | 2025-11-21 | N/A | 4.3 MEDIUM |
| Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the urls parameter of /goform/saveParentControlInfo. | |||||
| CVE-2025-65226 | 1 Tenda | 2 Ac21, Ac21 Firmware | 2025-11-21 | N/A | 4.3 MEDIUM |
| Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the deviceId parameter in /goform/saveParentControlInfo. | |||||
| CVE-2025-13400 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2025-11-20 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was detected in Tenda CH22 1.0.0.1. Affected is the function formWrlExtraGet of the file /goform/WrlExtraGet. Performing manipulation of the argument chkHz results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. | |||||
| CVE-2025-13258 | 1 Tenda | 2 Ac20, Ac20 Firmware | 2025-11-19 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was detected in Tenda AC20 up to 16.03.08.12. The impacted element is an unknown function of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto results in buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. | |||||
| CVE-2025-13288 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2025-11-19 | 9.0 HIGH | 8.8 HIGH |
| A security vulnerability has been detected in Tenda CH22 1.0.0.1. This impacts the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The manipulation of the argument delno leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2025-63835 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-11-18 | N/A | 8.8 HIGH |
| A stack-based buffer overflow vulnerability was discovered in Tenda AC18 v15.03.05.05_multi. The vulnerability exists in the guestSsid parameter of the /goform/WifiGuestSet interface. Remote attackers can exploit this vulnerability by sending oversized data to the guestSsid parameter, leading to denial of service (device crash) or potential remote code execution. | |||||