Filtered by vendor Tenda
Subscribe
Total
1831 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-6123 | 1 Tenda | 2 F451, F451 Firmware | 2026-04-29 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in Tenda F451 1.0.0.7. This affects the function fromAddressNat of the file /goform/addressNat of the component httpd. Performing a manipulation of the argument entrys results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used. | |||||
| CVE-2026-6124 | 1 Tenda | 2 F451, F451 Firmware | 2026-04-29 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was determined in Tenda F451 1.0.0.7. This vulnerability affects the function fromSafeMacFilter of the file /goform/SafeMacFilter of the component httpd. Executing a manipulation of the argument page/menufacturer can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2026-7019 | 1 Tenda | 2 F456, F456 Firmware | 2026-04-29 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was identified in Tenda F456 1.0.0.5. The impacted element is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument menufacturer/Go leads to buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. | |||||
| CVE-2026-7031 | 1 Tenda | 2 F456, F456 Firmware | 2026-04-29 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was detected in Tenda F456 1.0.0.5. This impacts the function fromSafeMacFilter of the file /goform/SafeMacFilter. The manipulation of the argument page results in buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used. | |||||
| CVE-2026-7032 | 1 Tenda | 2 F456, F456 Firmware | 2026-04-29 | 9.0 HIGH | 8.8 HIGH |
| A flaw has been found in Tenda F456 1.0.0.5. Affected is the function SafeEmailFilter of the file /goform/SafeEmailFilter. This manipulation of the argument page causes buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used. | |||||
| CVE-2026-7102 | 1 Tenda | 2 F456, F456 Firmware | 2026-04-29 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in Tenda F456 1.0.0.5. This impacts the function FromWriteFacMac of the file /goform/WriteFacMac of the component httpd. The manipulation of the argument mac results in command injection. The attack can be executed remotely. The exploit has been made public and could be used. | |||||
| CVE-2025-11550 | 1 Tenda | 2 W12, W12 Firmware | 2026-04-29 | 6.8 MEDIUM | 6.5 MEDIUM |
| A vulnerability was found in Tenda W12 3.0.0.6(3948). The impacted element is the function wifiScheduledSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument wifiScheduledSet results in null pointer dereference. The attack may be performed from remote. The exploit has been made public and could be used. | |||||
| CVE-2025-9309 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2026-04-29 | 1.0 LOW | 2.5 LOW |
| A vulnerability was found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /etc_ro/shadow of the component MD5 Hash Handler. Performing manipulation results in hard-coded credentials. The attack needs to be approached locally. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The exploit has been made public and could be used. | |||||
| CVE-2025-7414 | 1 Tenda | 2 O3, O3 Firmware | 2026-04-29 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in Tenda O3V2 1.0.0.12(3880). This vulnerability affects the function fromNetToolGet of the file /goform/setPingInfo of the component httpd. The manipulation of the argument domain leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2026-1690 | 1 Tenda | 2 Hg10, Hg10 Firmware | 2026-04-29 | 5.8 MEDIUM | 4.7 MEDIUM |
| A flaw has been found in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon. This affects the function system of the file /boaform/formSysCmd. This manipulation of the argument sysCmd causes command injection. The attack may be initiated remotely. The exploit has been published and may be used. | |||||
| CVE-2026-1687 | 1 Tenda | 2 Hg10, Hg10 Firmware | 2026-04-29 | 7.5 HIGH | 7.3 HIGH |
| A weakness has been identified in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon. Impacted is an unknown function of the file /boaform/formSamba of the component Boa Webserver. Executing a manipulation of the argument serverString can lead to command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2025-11523 | 1 Tenda | 2 Ac7, Ac7 Firmware | 2026-04-29 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was detected in Tenda AC7 15.03.06.44. This vulnerability affects unknown code of the file /goform/AdvSetLanip. The manipulation of the argument lanIp results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. | |||||
| CVE-2026-5339 | 1 Tenda | 2 G103, G103 Firmware | 2026-04-29 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was detected in Tenda G103 1.0.0.5. The impacted element is the function action_set_net_settings of the file gpon.lua of the component Setting Handler. Performing a manipulation of the argument authLoid/authLoidPassword/authPassword/authSerialNo/authType/oltType/usVlanId/usVlanPriority results in command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. | |||||
| CVE-2025-5763 | 1 Tenda | 2 Cp3, Cp3 Firmware | 2026-04-29 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability has been found in Tenda CP3 11.10.00.2311090948 and classified as critical. Affected by this vulnerability is the function sub_F3C8C of the file apollo. The manipulation leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-15008 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2026-04-29 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was detected in Tenda WH450 1.0.0.18. This affects an unknown part of the file /goform/L7Port of the component HTTP Request Handler. Performing a manipulation of the argument page results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used. | |||||
| CVE-2025-15254 | 1 Tenda | 2 W6-s, W6-s Firmware | 2026-04-29 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in Tenda W6-S 1.0.0.4(510). This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing a manipulation results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used. | |||||
| CVE-2025-5836 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2026-04-29 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in Tenda AC9 15.03.02.13. It has been rated as critical. This issue affects the function formSetIptv of the file /goform/SetIPTVCfg of the component POST Request Handler. The manipulation of the argument list leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2026-1689 | 1 Tenda | 2 Hg10, Hg10 Firmware | 2026-04-29 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was detected in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon. The impacted element is the function checkUserFromLanOrWan of the file /boaform/admin/formLogin of the component Login Interface. The manipulation of the argument Host results in command injection. The attack can be launched remotely. The exploit is now public and may be used. | |||||
| CVE-2025-14636 | 1 Tenda | 2 Ax9, Ax9 Firmware | 2026-04-29 | 2.6 LOW | 3.7 LOW |
| A security flaw has been discovered in Tenda AX9 22.03.01.46. This affects the function image_check of the component httpd. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high complexity level is associated with this attack. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be used for attacks. | |||||
| CVE-2025-15076 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2026-04-29 | 7.5 HIGH | 7.3 HIGH |
| A weakness has been identified in Tenda CH22 1.0.0.1. Impacted is an unknown function of the file /public/. Executing a manipulation can lead to path traversal. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. | |||||