Filtered by vendor Tenda
Subscriptions
Total
1485 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-10838 | 1 Tenda | 2 Ac21, Ac21 Firmware | 2025-10-03 | 8.8 High |
| A vulnerability was identified in Tenda AC21 16.03.08.16. The affected element is the function sub_45BB10 of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. | ||||
| CVE-2025-57528 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-10-03 | 7.7 High |
| An issue was discovered in Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01 allowing attackers to cause a denial of service via the funcname, funcpara1, funcpara2 parameters to the formSetCfm function (uri path: SetCfm). | ||||
| CVE-2025-9828 | 1 Tenda | 2 Cp6, Cp6 Firmware | 2025-10-03 | 3.7 Low |
| A vulnerability was determined in Tenda CP6 11.10.00.243. The affected element is the function sub_2B7D04 of the component uhttp. Executing manipulation can lead to risky cryptographic algorithm. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is described as difficult. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-9023 | 1 Tenda | 4 Ac18, Ac18 Firmware, Ac7 and 1 more | 2025-10-03 | 8.8 High |
| A vulnerability has been found in Tenda AC7 and AC18 15.03.05.19/15.03.06.44. Affected is the function formSetSchedLed of the file /goform/SetLEDCfg. The manipulation of the argument Time leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-11091 | 1 Tenda | 2 Ac21, Ac21 Firmware | 2025-10-03 | 8.8 High |
| A security flaw has been discovered in Tenda AC21 up to 16.03.08.16. Affected by this vulnerability is the function sscanf of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be exploited. | ||||
| CVE-2025-11123 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-10-03 | 8.8 High |
| A flaw has been found in Tenda AC18 15.03.05.19. This impacts an unknown function of the file /goform/saveAutoQos. This manipulation of the argument enable causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used. | ||||
| CVE-2025-11122 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-10-03 | 8.8 High |
| A vulnerability was detected in Tenda AC18 15.03.05.19. This affects an unknown function of the file /goform/WizardHandle. The manipulation of the argument WANT/mtuvalue results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. | ||||
| CVE-2025-11121 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-10-03 | 6.3 Medium |
| A security vulnerability has been detected in Tenda AC18 15.03.05.19. The impacted element is an unknown function of the file /goform/AdvSetLanip. The manipulation of the argument lanIp leads to command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-11120 | 1 Tenda | 3 Ac18, Ac18 Firmware, Ac8 | 2025-10-03 | 8.8 High |
| A weakness has been identified in Tenda AC8 16.03.34.06. The affected element is the function formSetServerConfig of the file /goform/SetServerConfig. Executing manipulation can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2025-11117 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2025-10-03 | 8.8 High |
| A vulnerability was determined in Tenda CH22 1.0.0.1. This vulnerability affects the function formWrlExtraGet of the file /goform/GstDhcpSetSer. This manipulation of the argument dips causes buffer overflow. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-60661 | 1 Tenda | 1 Ac18 | 2025-10-03 | 5.3 Medium |
| Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the cloneType parameter in the fromAdvSetMacMtuWan function. | ||||
| CVE-2025-60662 | 1 Tenda | 1 Ac18 | 2025-10-03 | 7.5 High |
| Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the wanSpeed parameter in the fromAdvSetMacMtuWan function. | ||||
| CVE-2025-60660 | 1 Tenda | 1 Ac18 | 2025-10-03 | 7.5 High |
| Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the mac parameter in the fromAdvSetMacMtuWan function. | ||||
| CVE-2025-60663 | 1 Tenda | 1 Ac18 | 2025-10-03 | 7.5 High |
| Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the wanMTU parameter in the fromAdvSetMacMtuWan function. | ||||
| CVE-2025-55606 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2025-09-26 | 9.8 Critical |
| Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromAdvSetMacMtuWan function via the serverName parameter. | ||||
| CVE-2025-55605 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2025-09-26 | 9.8 Critical |
| Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the saveParentControlInfo function via the deviceName parameter. | ||||
| CVE-2025-55603 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2025-09-26 | 9.8 Critical |
| Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromSetSysTime function via the ntpServer parameter. | ||||
| CVE-2025-9007 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2025-09-26 | 8.8 High |
| A vulnerability has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function formeditFileName of the file /goform/editFileName. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-9006 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2025-09-26 | 8.8 High |
| A vulnerability was identified in Tenda CH22 1.0.0.1. Affected by this vulnerability is the function formdelFileName of the file /goform/delFileName. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-57296 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-09-25 | 6.5 Medium |
| Tenda AC6 router firmware 15.03.05.19 contains a command injection vulnerability in the formSetIptv function, which processes requests to the /goform/SetIPTVCfg web interface. When handling the list and vlanId parameters, the sub_ADBC0 helper function concatenates these user-supplied values into nvram set system commands using doSystemCmd, without validating or sanitizing special characters (e.g., ;, ", #). An unauthenticated or authenticated attacker can exploit this by submitting a crafted POST request, leading to arbitrary system command execution on the affected device. | ||||