Filtered by vendor Tenda
Subscribe
Total
1722 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-71021 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2026-01-20 | N/A | 7.5 HIGH |
| Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the serverName parameter of the sub_65A28 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
| CVE-2025-70744 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2026-01-20 | N/A | 7.5 HIGH |
| Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the cloneType parameter of the sub_65B5C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
| CVE-2025-71019 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2026-01-20 | N/A | 7.5 HIGH |
| Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the wanSpeed parameter of the sub_65B5C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
| CVE-2025-70656 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2026-01-20 | N/A | 7.5 HIGH |
| Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the mac parameter of the sub_65B5C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
| CVE-2025-70753 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2026-01-16 | N/A | 7.5 HIGH |
| Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the security_5g parameter of the sub_4CA50 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
| CVE-2025-71024 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2026-01-16 | N/A | 7.5 HIGH |
| Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the serviceName2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
| CVE-2025-71025 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2026-01-16 | N/A | 7.5 HIGH |
| Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the cloneType2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
| CVE-2025-71027 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2026-01-16 | N/A | 7.5 HIGH |
| Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanMTU2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
| CVE-2025-71026 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2026-01-16 | N/A | 7.5 HIGH |
| Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanSpeed2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
| CVE-2026-0640 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2026-01-15 | 9.0 HIGH | 8.8 HIGH |
| A weakness has been identified in Tenda AC23 16.03.07.52. This affects the function sscanf of the file /goform/PowerSaveSet. Executing a manipulation of the argument Time can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2026-0581 | 1 Tenda | 2 Ac1206, Ac1206 Firmware | 2026-01-12 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was determined in Tenda AC1206 15.03.06.23. Affected by this issue is the function formBehaviorManager of the file /goform/BehaviorManager of the component httpd. Executing a manipulation of the argument modulename/option/data/switch can lead to command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-15229 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2026-01-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been found in Tenda CH22 up to 1.0.0.1. Affected by this vulnerability is the function fromDhcpListClient of the file /goform/DhcpListClient. Such manipulation of the argument LISTLEN leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-15216 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2026-01-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was identified in Tenda AC23 16.03.07.52. This impacts the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument bindnum leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used. | |||||
| CVE-2025-15215 | 1 Tenda | 2 Ac10u, Ac10u Firmware | 2026-01-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was determined in Tenda AC10U 15.03.06.48/15.03.06.49. This affects the function formSetPPTPUserList of the file /goform/setPptpUserList of the component HTTP POST Request Handler. This manipulation of the argument list causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-15253 | 1 Tenda | 2 M3, M3 Firmware | 2026-01-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in Tenda M3 1.0.0.13(4903). The impacted element is an unknown function of the file /goform/exeCommand. Such manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-15252 | 1 Tenda | 2 M3, M3 Firmware | 2026-01-02 | 9.0 HIGH | 8.8 HIGH |
| A flaw has been found in Tenda M3 1.0.0.13(4903). The affected element is the function formSetRemoteDhcpForAp of the file /goform/setDhcpAP. This manipulation of the argument startip/endip/leasetime/gateway/dns1/dns2 causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used. | |||||
| CVE-2025-15232 | 1 Tenda | 2 M3, M3 Firmware | 2026-01-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was identified in Tenda M3 1.0.0.13(4903). This vulnerability affects the function formSetAdPushInfo of the file /goform/setAdPushInfo. The manipulation of the argument mac/terminal leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. | |||||
| CVE-2025-67073 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2026-01-02 | N/A | 9.8 CRITICAL |
| A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serviceName`) to /goform/AdvSetMacMtuWan. | |||||
| CVE-2025-67074 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2026-01-02 | N/A | 6.5 MEDIUM |
| A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serverName`) to /goform/AdvSetMacMtuWan. | |||||
| CVE-2025-15356 | 1 Tenda | 2 Ac20, Ac20 Firmware | 2025-12-31 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in Tenda AC20 up to 16.03.08.12. The impacted element is the function sscanf of the file /goform/PowerSaveSet. The manipulation of the argument powerSavingEn/time/powerSaveDelay/ledCloseType leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||