Vulnerabilities (CVE)

Filtered by vendor Tenda Subscribe
Filtered by product Ac5
Total 40 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-44971 1 Tenda 4 Ac15, Ac15 Firmware, Ac5 and 1 more 2026-07-09 7.5 HIGH 9.8 CRITICAL
Multiple Tenda devices are affected by authentication bypass, such as AC15V1.0 Firmware V15.03.05.20_multi?AC5V1.0 Firmware V15.03.06.48_multi and so on. an attacker can obtain sensitive information, and even combine it with authenticated command injection to implement RCE.
CVE-2026-4906 1 Tenda 2 Ac5, Ac5 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability was determined in Tenda AC5 15.03.06.47. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2026-4905 1 Tenda 2 Ac5, Ac5 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability was found in Tenda AC5 15.03.06.47. Impacted is the function formWifiWpsOOB of the file /goform/WifiWpsOOB of the component POST Request Handler. Performing a manipulation of the argument index results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
CVE-2026-4904 1 Tenda 2 Ac5, Ac5 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability has been found in Tenda AC5 15.03.06.47. This issue affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. Such manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2026-4903 1 Tenda 2 Ac5, Ac5 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A flaw has been found in Tenda AC5 15.03.06.47. This vulnerability affects the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. This manipulation of the argument PPPOEPassword causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used.
CVE-2026-4902 1 Tenda 2 Ac5, Ac5 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability was detected in Tenda AC5 15.03.06.47. This affects the function fromAddressNat of the file /goform/addressNat of the component POST Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used.
CVE-2025-6887 1 Tenda 2 Ac5, Ac5 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability was found in Tenda AC5 15.03.06.47 and classified as critical. Affected by this issue is some unknown functionality of the file /goform/SetSysTimeCfg. The manipulation of the argument time/timeZone leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-6886 1 Tenda 2 Ac5, Ac5 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability has been found in Tenda AC5 15.03.06.47 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5863 1 Tenda 2 Ac5, Ac5 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability was found in Tenda AC5 15.03.06.47. It has been classified as critical. Affected is the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5795 1 Tenda 2 Ac5, Ac5 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability, which was classified as critical, was found in Tenda AC5 1.0/15.03.06.47. This affects the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5794 1 Tenda 2 Ac5, Ac5 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability, which was classified as critical, has been found in Tenda AC5 15.03.06.47. Affected by this issue is the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2023-41563 1 Tenda 4 Ac5, Ac5 Firmware, Ac9 and 1 more 2026-06-17 N/A 9.8 CRITICAL
Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter mac at url /goform/GetParentControlInfo.
CVE-2023-41562 1 Tenda 6 Ac5, Ac5 Firmware, Ac7 and 3 more 2026-06-17 N/A 9.8 CRITICAL
Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter time at url /goform/PowerSaveSet.
CVE-2023-41561 1 Tenda 4 Ac5, Ac5 Firmware, Ac9 and 1 more 2026-06-17 N/A 9.8 CRITICAL
Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter startIp and endIp at url /goform/SetPptpServerCfg.
CVE-2023-41559 1 Tenda 6 Ac5, Ac5 Firmware, Ac7 and 3 more 2026-06-17 N/A 9.8 CRITICAL
Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter page at url /goform/NatStaticSetting.
CVE-2023-41557 1 Tenda 4 Ac5, Ac5 Firmware, Ac7 and 1 more 2026-06-17 N/A 9.8 CRITICAL
Tenda AC7 V1.0 V15.03.06.44 and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter entrys and mitInterface at url /goform/addressNat.
CVE-2023-41556 1 Tenda 6 Ac5, Ac5 Firmware, Ac7 and 3 more 2026-06-17 N/A 9.8 CRITICAL
Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter list at url /goform/SetIpMacBind.
CVE-2023-41553 1 Tenda 4 Ac5, Ac5 Firmware, Ac9 and 1 more 2026-06-17 N/A 9.8 CRITICAL
Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter list at url /goform/SetStaticRouteCfg.
CVE-2023-38937 1 Tenda 14 Ac10, Ac10 Firmware, Ac1206 and 11 more 2026-06-17 N/A 9.8 CRITICAL
Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, AC9 V3.0 V15.03.06.42_multi and AC10 v4.0 V16.03.10.13 were discovered to contain a stack overflow via the list parameter in the formSetVirtualSer function.
CVE-2023-38936 1 Tenda 18 Ac10, Ac10 Firmware, Ac1206 and 15 more 2026-06-17 N/A 9.8 CRITICAL
Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6, AC9 V3.0 V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function.