Vulnerabilities (CVE)

Filtered by vendor Tenda Subscribe
Filtered by product Ac6 Firmware
Total 108 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-46035 1 Tenda 2 Ac6, Ac6 Firmware 2026-07-05 N/A 7.5 HIGH
Buffer Overflow vulnerability in Tenda AC6 v.15.03.05.16 allows a remote attacker to cause a denial of service via the oversized schedStartTime and schedEndTime parameters in an unauthenticated HTTP GET request to the /goform/openSchedWifi endpoint
CVE-2024-52714 1 Tenda 2 Ac6, Ac6 Firmware 2026-07-05 N/A 9.8 CRITICAL
Tenda AC6 v2.0 v15.03.06.50 was discovered to contain a buffer overflow in the function 'fromSetSysTime.
CVE-2026-8265 1 Tenda 2 Ac6, Ac6 Firmware 2026-06-17 5.8 MEDIUM 4.7 MEDIUM
A security vulnerability has been detected in Tenda AC6 15.03.06.23. Affected by this issue is the function get_log_file of the file /goform/getLogFile of the component httpd. The manipulation of the argument wans.flag leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
CVE-2026-8264 1 Tenda 2 Ac6, Ac6 Firmware 2026-06-17 6.5 MEDIUM 6.3 MEDIUM
A weakness has been identified in Tenda AC6 15.03.06.23. Affected by this vulnerability is the function formWifiApScan of the file /goform/WifiApScan of the component httpd. Executing a manipulation of the argument wl2g.public.country/wl5g.public.country can lead to os command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
CVE-2026-8259 1 Tenda 2 Ac6, Ac6 Firmware 2026-06-17 5.8 MEDIUM 4.7 MEDIUM
A vulnerability has been found in Tenda AC6 2.0/15.03.06.23. The affected element is an unknown function of the file /goform/telnet of the component httpd. The manipulation of the argument lan.ip leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
CVE-2026-4961 1 Tenda 2 Ac6, Ac6 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability was identified in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
CVE-2026-4960 1 Tenda 2 Ac6, Ac6 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability was determined in Tenda AC6 15.03.05.16. Affected is the function fromWizardHandle of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2025-7914 1 Tenda 2 Ac6, Ac6 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability has been found in Tenda AC6 15.03.06.50 and classified as critical. Affected by this vulnerability is the function setparentcontrolinfo of the component httpd. The manipulation leads to buffer overflow. The attack can be launched remotely.
CVE-2025-70252 1 Tenda 2 Ac6, Ac6 Firmware 2026-06-17 N/A 7.5 HIGH
An issue was discovered in /goform/WifiWpsStart in Tenda AC6V2.0 V15.03.06.23_multi. The index and mode are controllable. If the conditions are met to sprintf, they will be spliced into tmp. It is worth noting that there is no size check,which leads to a stack overflow vulnerability.
CVE-2025-60343 1 Tenda 2 Ac6, Ac6 Firmware 2026-06-17 N/A 7.5 HIGH
Multiple buffer overflows in the AdvSetMacMtuWan function of Tenda AC6 v.15.03.06.50 allows attackers to cause a Denial of Service (DoS) via injecting a crafted payload into the wanMTU, wanSpeed, cloneType, mac, serviceName, serverName, wanMTU2, wanSpeed2, cloneType2, mac2, serviceName2, and serverName2 parameters.
CVE-2025-60342 1 Tenda 2 Ac6, Ac6 Firmware 2026-06-17 N/A 7.5 HIGH
Tenda AC6 V2.0 15.03.06.50 was discovered to contain a stack overflow in the page parameter in the addressNat function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2025-60341 1 Tenda 2 Ac6, Ac6 Firmware 2026-06-17 N/A 7.5 HIGH
Tenda AC6 V2.0 15.03.06.50 was discovered to contain a stack overflow in the ssid parameter in the fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2025-60340 1 Tenda 2 Ac6, Ac6 Firmware 2026-06-17 N/A 7.5 HIGH
Multiple buffer overflows in the SetClientState function of Tenda AC6 v.15.03.06.50 allows attackers to cause a Denial of Service (DoS) via injecting a crafted payload into the limitSpeed, deviceId, and limitSpeedUp parameters.
CVE-2025-60339 1 Tenda 2 Ac6, Ac6 Firmware 2026-06-17 N/A 7.5 HIGH
Multiple buffer overflow vulnerabilities in the openSchedWifi function of Tenda AC6 v.15.03.06.50 allows attackers to cause a Denial of Service (DoS) via injecting a crafted payload into the schedStartTime and schedEndTime parameters.
CVE-2025-60338 1 Tenda 2 Ac6, Ac6 Firmware 2026-06-17 N/A 7.5 HIGH
Tenda AC6 V2.0 15.03.06.50 was discovered to contain a stack overflow in the page parameter in the DhcpListClient function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2025-60337 1 Tenda 2 Ac6, Ac6 Firmware 2026-06-17 N/A 7.5 HIGH
Tenda AC6 V2.0 15.03.06.50 was discovered to contain a buffer overflow in the speed_dir parameter in the SetSpeedWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2025-5855 1 Tenda 2 Ac6, Ac6 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability, which was classified as critical, was found in Tenda AC6 15.03.05.16. This affects the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5854 1 Tenda 2 Ac6, Ac6 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability, which was classified as critical, has been found in Tenda AC6 15.03.05.16. Affected by this issue is the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5853 1 Tenda 2 Ac6, Ac6 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability classified as critical was found in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg. The manipulation of the argument remoteIp leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5852 1 Tenda 2 Ac6, Ac6 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability classified as critical has been found in Tenda AC6 15.03.05.16. Affected is the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.