Filtered by vendor Tenda
Subscribe
Total
1441 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-9748 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2025-09-04 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was determined in Tenda CH22 1.0.0.1. Affected by this issue is the function fromIpsecitem of the file /goform/IPSECsave of the component httpd. Executing manipulation of the argument ipsecno can lead to stack-based buffer overflow. The attack may be performed from remote. | |||||
| CVE-2025-9791 | 1 Tenda | 2 Ac20, Ac20 Firmware | 2025-09-04 | 9.0 HIGH | 8.8 HIGH |
| A weakness has been identified in Tenda AC20 16.03.08.05. This vulnerability affects unknown code of the file /goform/fromAdvSetMacMtuWan. This manipulation of the argument wanMTU causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2025-9778 | 1 Tenda | 2 W12, W12 Firmware | 2025-09-04 | 0.8 LOW | 1.9 LOW |
| A security vulnerability has been detected in Tenda W12 up to 3.0.0.6(3948). Affected is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. The manipulation leads to hard-coded credentials. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2025-55495 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-09-03 | N/A | 6.5 MEDIUM |
| Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function. | |||||
| CVE-2025-57217 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-09-03 | N/A | 5.3 MEDIUM |
| Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the Password parameter in the function R7WebsSecurityHandler. | |||||
| CVE-2025-57218 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-09-03 | N/A | 5.3 MEDIUM |
| Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the security_5g parameter in the function sub_46284C. | |||||
| CVE-2025-57215 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-09-03 | N/A | 7.5 HIGH |
| Tenda AC10 v4.0 firmware v16.03.10.20 was discovered to contain a stack overflow via the function get_parentControl_list_Info. | |||||
| CVE-2025-57219 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-09-03 | N/A | 5.3 MEDIUM |
| Incorrect access control in the endpoint /goform/ate of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 allows attackers to escalate privileges or access sensitive components via a crafted request. | |||||
| CVE-2025-57220 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-09-03 | N/A | 5.3 MEDIUM |
| An input validation flaw in the 'ate' service of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 to escalate privileges to root via a crafted UDP packet. | |||||
| CVE-2025-9605 | 1 Tenda | 4 Ac21, Ac21 Firmware, Ac23 and 1 more | 2025-09-03 | 10.0 HIGH | 9.8 CRITICAL |
| A security vulnerability has been detected in Tenda AC21 and AC23 16.03.08.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. Such manipulation of the argument mac leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2025-9297 | 1 Tenda | 2 I22, I22 Firmware | 2025-09-03 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was detected in Tenda i22 1.0.0.3(4687). This impacts the function formWeixinAuthInfoGet of the file /goform/wxportalauth. Performing manipulation of the argument Type results in stack-based buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used. | |||||
| CVE-2025-55564 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-09-03 | N/A | 7.5 HIGH |
| Tenda AC15 v15.03.05.19_multi_TD01 has a stack overflow via the list parameter in the fromSetIpMacBind function. | |||||
| CVE-2025-55613 | 1 Tenda | 2 O3, O3 Firmware | 2025-09-03 | N/A | 9.8 CRITICAL |
| Tenda O3V2 1.0.0.12(3880) is vulnerable to Buffer Overflow in the fromSafeSetMacFilter function via the mac parameter. | |||||
| CVE-2025-9443 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2025-09-02 | 9.0 HIGH | 8.8 HIGH |
| A flaw has been found in Tenda CH22 1.0.0.1. This vulnerability affects the function formeditUserName of the file /goform/editUserName. Executing manipulation of the argument new_account can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used. | |||||
| CVE-2024-42987 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2025-09-02 | N/A | 7.5 HIGH |
| Tenda FH1206 v02.03.01.35 was discovered to contain a stack-based buffer overflow vulnerability in the fromPptpUserAdd function. The vulnerability can be triggered via the modino, username, newpwd, or pptpdnetseg parameters, all of which are passed via HTTP POST and used in unsafe sprintf calls without proper length validation. A remote attacker can exploit this flaw through a crafted POST request, which may cause a Denial of Service (DoS). In certain scenarios, this issue could potentially be leveraged to achieve remote code execution. | |||||
| CVE-2025-29361 | 1 Tenda | 2 Rx3, Rx3 Firmware | 2025-08-25 | N/A | 7.5 HIGH |
| Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the list parameter at /goform/SetVirtualServerCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | |||||
| CVE-2025-29362 | 1 Tenda | 2 Rx3, Rx3 Firmware | 2025-08-25 | N/A | 7.5 HIGH |
| Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the list parameter at /goform/setPptpUserList. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | |||||
| CVE-2025-29363 | 1 Tenda | 2 Rx3, Rx3 Firmware | 2025-08-25 | N/A | 7.5 HIGH |
| Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to buffer overflow via the schedStartTime and schedEndTime parameters at /goform/saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | |||||
| CVE-2025-4357 | 1 Tenda | 2 Rx3, Rx3 Firmware | 2025-08-25 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was found in Tenda RX3 16.03.13.11_multi. It has been rated as critical. This issue affects some unknown processing of the file /goform/telnet. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-9309 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-08-25 | 1.0 LOW | 2.5 LOW |
| A vulnerability was found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /etc_ro/shadow of the component MD5 Hash Handler. Performing manipulation results in hard-coded credentials. The attack needs to be approached locally. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The exploit has been made public and could be used. | |||||