Filtered by vendor Tenda
Subscribe
Total
1705 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-14655 | 1 Tenda | 2 Ac20, Ac20 Firmware | 2026-02-24 | 9.0 HIGH | 8.8 HIGH |
| A security flaw has been discovered in Tenda AC20 16.03.08.12. The impacted element is the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg of the component httpd. Performing a manipulation of the argument rebootTime results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. | |||||
| CVE-2025-14636 | 1 Tenda | 2 Ax9, Ax9 Firmware | 2026-02-24 | 2.6 LOW | 3.7 LOW |
| A security flaw has been discovered in Tenda AX9 22.03.01.46. This affects the function image_check of the component httpd. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high complexity level is associated with this attack. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be used for attacks. | |||||
| CVE-2025-14526 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2026-02-24 | 9.0 HIGH | 8.8 HIGH |
| A security flaw has been discovered in Tenda CH22 1.0.0.1. This affects the function frmL7ImForm of the file /goform/L7Im. Performing a manipulation of the argument page results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. | |||||
| CVE-2026-2886 | 1 Tenda | 2 A21, A21 Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
| A weakness has been identified in Tenda A21 1.0.0.0. This affects the function set_device_name of the file /goform/SetOnlineDevName. This manipulation of the argument devName causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2026-2870 | 1 Tenda | 2 A21, A21 Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
| A security flaw has been discovered in Tenda A21 1.0.0.0. Affected by this issue is the function set_qosMib_list of the file /goform/formSetQosBand. The manipulation of the argument list results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. | |||||
| CVE-2026-2871 | 1 Tenda | 2 A21, A21 Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
| A weakness has been identified in Tenda A21 1.0.0.0. This affects the function fromSetIpMacBind of the file /goform/SetIpMacBind. This manipulation of the argument list causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2026-2872 | 1 Tenda | 2 A21, A21 Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
| A security vulnerability has been detected in Tenda A21 1.0.0.0. This vulnerability affects the function set_device_name of the file /goform/setBlackRule of the component MAC Filtering Configuration Endpoint. Such manipulation of the argument devName/mac leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2026-2873 | 1 Tenda | 2 A21, A21 Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was detected in Tenda A21 1.0.0.0. This issue affects the function setSchedWifi of the file /goform/openSchedWifi. Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is now public and may be used. | |||||
| CVE-2026-2876 | 1 Tenda | 2 A18, A18 Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was determined in Tenda A18 15.13.07.13. This affects the function parse_macfilter_rule of the file /goform/setBlackRule. This manipulation of the argument deviceList causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2026-2905 | 1 Tenda | 2 Hg9, Hg9 Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was identified in Tenda HG9 300001138. This impacts an unknown function of the file /boaform/formWlanSetup of the component Wireless Configuration Endpoint. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used. | |||||
| CVE-2026-2906 | 1 Tenda | 2 Hg9, Hg9 Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
| A security flaw has been discovered in Tenda HG9 300001138. Affected is an unknown function of the file /boaform/formSamba of the component Samba Configuration Endpoint. The manipulation of the argument sambaCap results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. | |||||
| CVE-2026-2907 | 1 Tenda | 2 Hg9, Hg9 Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
| A weakness has been identified in Tenda HG9 300001138. Affected by this vulnerability is an unknown functionality of the file /boaform/formgponConf of the component GPON Configuration Endpoint. This manipulation of the argument fmgpon_loid/fmgpon_loid_password causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2026-2908 | 1 Tenda | 2 Hg9, Hg9 Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
| A security vulnerability has been detected in Tenda HG9 300001138. Affected by this issue is some unknown functionality of the file /boaform/formLoopBack of the component Loopback Detection Configuration Endpoint. Such manipulation of the argument Ethtype leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2026-2909 | 1 Tenda | 2 Hg9, Hg9 Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was detected in Tenda HG9 300001138. This affects an unknown part of the file /boaform/formPing of the component Diagnostic Ping Endpoint. Performing a manipulation of the argument pingAddr results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used. | |||||
| CVE-2026-2910 | 1 Tenda | 2 Hg9, Hg9 Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
| A flaw has been found in Tenda HG9 300001138. This vulnerability affects unknown code of the file /boaform/formPing6. Executing a manipulation of the argument pingAddr can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used. | |||||
| CVE-2026-2911 | 1 Tenda | 2 Fh451, Fh451 Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in Tenda FH451 up to 1.0.0.9. This issue affects some unknown processing of the file /goform/GstDhcpSetSer. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2026-2930 | 1 Tenda | 2 A18, A18 Firmware | 2026-02-23 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was identified in Tenda A18 15.13.07.13. The affected element is the function webCgiGetUploadFile of the file /cgi-bin/UploadCfg of the component Httpd Service. Such manipulation of the argument boundary leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. | |||||
| CVE-2026-27511 | 1 Tenda | 2 F3, F3 Firmware | 2026-02-23 | N/A | 4.3 MEDIUM |
| Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a clickjacking vulnerability in the web-based administrative interface. The interface does not set the X-Frame-Options header, allowing attacker-controlled sites to embed administrative pages in an iframe and trick an authenticated administrator into unintended interactions that may result in unauthorized configuration changes. | |||||
| CVE-2026-27512 | 1 Tenda | 2 F3, F3 Firmware | 2026-02-23 | N/A | 6.1 MEDIUM |
| Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a content-type confusion vulnerability in the administrative interface. Responses omit the X-Content-Type-Options: nosniff header and include attacker-influenced content that can be reflected into the response body. Under affected browser behaviors, MIME sniffing may cause the response to be interpreted as active HTML, enabling script execution in the context of the administrative interface. | |||||
| CVE-2026-27513 | 1 Tenda | 2 F3, F3 Firmware | 2026-02-23 | N/A | 4.3 MEDIUM |
| Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a cross-site request forgery (CSRF) vulnerability in the web-based administrative interface. The interface does not implement anti-CSRF protections, allowing an attacker to induce an authenticated administrator to submit state-changing requests, which can result in unauthorized configuration changes. | |||||