Filtered by vendor Tenda
Subscribe
Total
1360 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-24322 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-08-21 | N/A | 8.1 HIGH |
| An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted network request can lead to arbitrary code execution. An attacker can browse to the device to trigger this vulnerability. | |||||
| CVE-2025-24496 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-08-21 | N/A | 7.5 HIGH |
| An information disclosure vulnerability exists in the /goform/getproductInfo functionality of Tenda AC6 V5.0 V02.03.01.110. Specially crafted network packets can lead to a disclosure of sensitive information. An attacker can send packets to trigger this vulnerability. | |||||
| CVE-2025-27129 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-08-21 | N/A | 9.8 CRITICAL |
| An authentication bypass vulnerability exists in the HTTP authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send packets to trigger this vulnerability. | |||||
| CVE-2025-30256 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-08-21 | N/A | 8.6 HIGH |
| A denial of service vulnerability exists in the HTTP Header Parsing functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted series of HTTP requests can lead to a reboot. An attacker can send multiple network packets to trigger this vulnerability. | |||||
| CVE-2025-31355 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-08-21 | N/A | 7.2 HIGH |
| A firmware update vulnerability exists in the Firmware Signature Validation functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted malicious file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2025-32010 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-08-21 | N/A | 8.1 HIGH |
| A stack-based buffer overflow vulnerability exists in the Cloud API functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP response can lead to arbitrary code execution. An attacker can send an HTTP response to trigger this vulnerability. | |||||
| CVE-2025-55499 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-08-21 | N/A | 6.5 MEDIUM |
| Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the ntpServer parameter in the fromSetSysTime function. | |||||
| CVE-2025-9087 | 1 Tenda | 2 Ac20, Ac20 Firmware | 2025-08-21 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in Tenda AC20 16.03.08.12. This affects the function set_qosMib_list of the file /goform/SetNetControlList of the component SetNetControlList Endpoint. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-9088 | 1 Tenda | 2 Ac20, Ac20 Firmware | 2025-08-21 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in Tenda AC20 16.03.08.12. This vulnerability affects the function save_virtualser_data of the file /goform/formSetVirtualSer. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-9089 | 1 Tenda | 2 Ac20, Ac20 Firmware | 2025-08-21 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was determined in Tenda AC20 16.03.08.12. This issue affects the function sub_48E628 of the file /goform/SetIpMacBind. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-9090 | 1 Tenda | 2 Ac20, Ac20 Firmware | 2025-08-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-9091 | 1 Tenda | 2 Ac20, Ac20 Firmware | 2025-08-21 | 1.0 LOW | 2.5 LOW |
| A security flaw has been discovered in Tenda AC20 16.03.08.12. Affected by this vulnerability is an unknown functionality of the file /etc_ro/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-55503 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-08-21 | N/A | 7.3 HIGH |
| Tenda AC6 V15.03.06.23_multi has a stack overflow vulnerability via the deviceName parameter in the saveParentControlInfo function. | |||||
| CVE-2025-55483 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-08-21 | N/A | 7.5 HIGH |
| Tenda AC6 V15.03.06.23_multi is vulnerable to Buffer Overflow in the function formSetMacFilterCfg via the parameters macFilterType and deviceList. | |||||
| CVE-2025-8940 | 1 Tenda | 2 Ac20, Ac20 Firmware | 2025-08-19 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Affected by this vulnerability is the function strcpy of the file /goform/saveParentControlInfo. The manipulation of the argument Time leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-8939 | 1 Tenda | 2 Ac20, Ac20 Firmware | 2025-08-19 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was determined in Tenda AC20 up to 16.03.08.12. Affected is an unknown function of the file /goform/WifiGuestSet. The manipulation of the argument shareSpeed leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-9007 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2025-08-18 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function formeditFileName of the file /goform/editFileName. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-9006 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2025-08-18 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was identified in Tenda CH22 1.0.0.1. Affected by this vulnerability is the function formdelFileName of the file /goform/delFileName. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-9046 | 1 Tenda | 2 Ac20, Ac20 Firmware | 2025-08-18 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was identified in Tenda AC20 16.03.08.12. This issue affects the function sub_46A2AC of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-8980 | 1 Tenda | 2 G1, G1 Firmware | 2025-08-18 | 6.8 MEDIUM | 6.6 MEDIUM |
| A vulnerability has been found in Tenda G1 16.01.7.8(3660). Affected by this issue is the function check_upload_file of the component Firmware Update Handler. The manipulation leads to insufficient verification of data authenticity. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. | |||||