Tenda

Remote command injection in Tenda AC6 version 15.03.06.23 allows authenticated remote attackers to execute arbitrary OS commands via the wans.flag parameter in the /goform/getLogFile endpoint. The vulnerability has publicly available exploit code and may be actively exploited. Attack complexity is low, requiring only network access and high-level authentication privileges, with potential for confidentiality, integrity, and authenticity impacts.

OS command injection in Tenda AC6 firmware version 15.03.06.49_multi_TDE01 allows high-privilege remote attackers to execute arbitrary commands via manipulation of mac/ssid parameters in the fromSetWirelessRepeat function exposed through the /goform/WifiExtraSet HTTP endpoint. Public exploit code is available, though the CVSS 2.0 score reflects limited impact scope due to requirement of high-privilege authentication and minimal confidentiality/integrity/availability effects beyond low-severity damage.

Remote authenticated command injection in Tenda AC6 router firmware version 15.03.06.23 allows authenticated attackers to execute arbitrary OS commands via manipulation of the wl2g.public.country or wl5g.public.country parameters in the /goform/WifiApScan endpoint. The vulnerability affects the httpd component's formWifiApScan function and has publicly available exploit code, presenting moderate risk to affected deployments.

OS command injection in Tenda AC6 2.0/15.03.06.23 httpd daemon allows authenticated remote attackers to execute arbitrary system commands via the lan.ip parameter in /goform/telnet endpoint. The vulnerability requires high-level administrative privileges and has publicly available exploit code; real-world risk is limited by authentication requirement despite network accessibility and low attack complexity.

Stack-based buffer overflow in Tenda CX12L router firmware 16.03.53.12 allows authenticated remote attackers to achieve full system compromise via the PPTP server configuration interface. The vulnerability resides in the formSetPPTPServer function within /goform/SetPptpServerCfg and is exploitable over the network with low attack complexity. A public proof-of-concept exploit exists on GitHub, significantly lowering the barrier to exploitation, though CISA has not yet added this to the KEV catalog indicating no confirmed widespread active exploitation at this time.

Stack-based buffer overflow in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01 allows authenticated remote attackers to execute arbitrary code with elevated privileges via crafted SafeMacFilter requests. The vulnerability resides in function sub_427C3C at endpoint /goform/SafeMacFilter, where insufficient input validation of the 'page' parameter enables memory corruption. Public exploit code exists on GitHub (Axelioc/CVE), significantly lowering the barrier to exploitation for attackers with valid router credentials. CVSS 7.4 reflects high confidentiality, integrity, and availability impact requiring only low-privilege authentication.

Command injection in Tenda 4G300 US version 1.01.42 allows authenticated remote attackers to execute arbitrary system commands via the delflag parameter in the /goform/DelFil endpoint. The vulnerability affects the sub_425A28 function and has publicly available exploit code; CVSS 6.3 reflects authenticated access requirement but moderate impact scope.

A vulnerability was determined in Tenda HG3 2.0. This vulnerability affects the function formTracert of the file /boaform/formTracert. Executing a manipulation of the argument datasize can lead to command injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.

A vulnerability was determined in Tenda HG3 2.0. Impacted is the function formUploadConfig of the file /boaform/formIPv6Routing. This manipulation of the argument destNet causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.

OS command injection in Tenda HG3 router version 2.0 allows authenticated remote attackers to execute arbitrary commands with device privileges via the 'countrystr' parameter in /boaform/formCountrystr endpoint. Public exploit code exists (CVSS 4.0 E:P modifier confirms POC availability), enabling authenticated attackers to fully compromise router confidentiality, integrity, and availability. EPSS data unavailable; not currently in CISA KEV catalog, suggesting exploitation may be targeted rather than widespread despite public POC.

Command injection in Tenda F456 1.0.0.5 httpd allows authenticated remote attackers to execute arbitrary commands via the mac parameter in the /goform/WriteFacMac endpoint. The vulnerability has a publicly available exploit and CVSS 5.3 score with authenticated access requirement (PR:L), limiting immediate widespread risk but affecting exposed or compromised administrative accounts.

Buffer overflow in Tenda F456 router firmware version 1.0.0.5 allows authenticated remote attackers to achieve code execution via crafted requests to the /goform/WrlclientSet endpoint. The vulnerability exists in the fromWrlclientSet function of the httpd component. Public exploit code is available on GitHub, increasing practical exploitation risk despite requiring low-privilege authentication (CVSS 7.4, EPSS data not provided).

Buffer overflow in Tenda F456 router firmware 1.0.0.5 allows authenticated remote attackers to execute arbitrary code or crash the device via crafted HTTP requests to the /goform/Natlimit endpoint. Public exploit code exists on GitHub (Litengzheng/vuldb_new), demonstrating practical exploitability. EPSS data unavailable, but with POC published and AV:N/AC:L indicating straightforward network exploitation, this poses significant risk to internet-exposed router management interfaces with weak or default credentials.

Remote code execution in Tenda F456 router firmware 1.0.0.5 allows authenticated attackers to trigger buffer overflow via crafted mit_linktype parameter to /goform/QuickIndex endpoint in httpd service. Public exploit code exists on GitHub (Litengzheng/vuldb_new), enabling memory corruption with high impact to confidentiality, integrity, and availability. CVSS 7.4 reflects low attack complexity with network access requiring only low-privilege authentication. No vendor patch identified at time of analysis.

Remote authenticated attackers can execute arbitrary code on Tenda F456 router version 1.0.0.5 via buffer overflow in the DhcpListClient function of the httpd component. Exploitation requires low-privilege HTTP authentication and targets the web management interface. A public proof-of-concept exploit exists on GitHub (Litengzheng/vuldb_new), enabling straightforward weaponization. EPSS data unavailable, but the combination of remote attack vector, low complexity (AC:L), and publicly disclosed exploit code indicates elevated real-world exploitation risk for internet-exposed devices with default or weak credentials.

Remote code execution in Tenda F456 router firmware 1.0.0.5 allows authenticated attackers to compromise the device via buffer overflow in the httpd web management interface. Exploitation requires low-privilege credentials but enables complete device takeover (CVSS 7.4). A public proof-of-concept exploit exists on GitHub, significantly lowering the barrier to active exploitation despite requiring authentication.

OS command injection in Tenda HG3 router version 2.0 (build 300003070) allows authenticated remote attackers to execute arbitrary system commands with router privileges via the fmgpon_loid parameter in the formgponConf administrative function. Public exploit code is available and confirmed usable for attacks per VulDB reporting, significantly lowering the skill barrier for exploitation despite requiring valid administrative credentials.

Remote authenticated buffer overflow in Tenda F456 1.0.0.5 httpd allows attackers to compromise router integrity and availability via crafted WrlExtraSet requests. Exploitation occurs through the formWrlExtraSet function when manipulating the 'Go' parameter at /goform/WrlExtraSet endpoint. Public exploit code is available on GitHub (Litengzheng/vuldb_new), enabling straightforward weaponization. CVSS 7.4 (High) with CVSS v4.0 Exploit Maturity: Proof-of-Concept confirms exploitability. While requiring low-privilege authentication (PR:L), the network attack vector (AV:N) and low complexity (AC:L) make this accessible to remote attackers with basic router credentials, commonly obtained via credential stuffing or default password exploitation.

Remote authenticated buffer overflow in Tenda F456 1.0.0.5 router allows complete device compromise via the DHCP server configuration handler. A low-privileged attacker can send a crafted HTTP request with malicious 'dips' parameter to /goform/GstDhcpSetSer, triggering a buffer overflow in the httpd service that enables arbitrary code execution with full system control. Public exploit code is available on GitHub (EPSS exploitation probability data not provided, not listed in CISA KEV at time of analysis).

Buffer overflow in Tenda F456 router firmware 1.0.0.5 allows authenticated remote attackers to achieve full device compromise through the PPTP user management interface. The vulnerability exists in the fromPPTPUserSetting function within the httpd component, exploitable via manipulation of the 'delno' parameter sent to /goform/PPTPUserSetting. Public exploit code is available on GitHub, significantly lowering the barrier to exploitation, though no CISA KEV listing or widespread exploitation has been confirmed at time of analysis.

Remote code execution in Tenda F456 router firmware 1.0.0.5 allows authenticated attackers to compromise device integrity and confidentiality via buffer overflow in the WAN configuration interface. The vulnerability exploits the fromAdvSetWan function's improper handling of the wanmode parameter, enabling complete device takeover. Public exploit code exists on GitHub (Litengzheng/vuldb_new), significantly lowering the barrier to exploitation. EPSS data not available, but the combination of network attack vector, low complexity (AC:L), and publicly available POC makes this a realistic threat to exposed management interfaces.

Buffer overflow in Tenda F456 router version 1.0.0.5 allows authenticated remote attackers to achieve arbitrary code execution with high impact to confidentiality, integrity, and availability. The vulnerability resides in the fromSetIpBind function of the httpd daemon's /goform/SetIpBind endpoint, exploitable via malformed 'page' parameter input. Public exploit code exists on GitHub (Litengzheng/vuldb_new), elevating real-world risk despite requiring low-privilege authentication (CVSS 7.4, EPSS data not provided, not in CISA KEV at time of analysis).

Remote unauthenticated command injection in Tenda AC18 router firmware V15.03.05.05_multi allows complete device compromise via the SetSambaCfg interface. Attackers can execute arbitrary system commands by manipulating the guestuser parameter in HTTP requests to /goform/SetSambaCfg. CVSS 9.8 critical severity with network attack vector and no authentication required. EPSS score of 0.06% (19th percentile) suggests low observed exploitation despite extreme technical severity. Publicly documented exploit proof-of-concept exists on GitHub.

Buffer overflow in Tenda F456 router firmware 1.0.0.5 enables remote authenticated attackers to achieve arbitrary code execution via crafted HTTP requests to the /goform/setcfm endpoint in the httpd service. The vulnerability affects the funcname and funcpara1 parameters and has a publicly available exploit on GitHub, significantly lowering the barrier for exploitation. CVSS v4.0 base score of 7.4 reflects high confidentiality, integrity, and availability impact with low attack complexity, though the requirement for low-privilege authentication provides some defense. No vendor patch has been identified for this IoT router vulnerability.

Buffer overflow in Tenda F456 router firmware 1.0.0.5 allows authenticated remote attackers to achieve arbitrary code execution with high impact to confidentiality, integrity, and availability. The vulnerability resides in the SafeUrlFilter functionality of the httpd web server component, triggered by manipulating the 'page' parameter. A public proof-of-concept exploit is available on GitHub, significantly lowering the barrier to exploitation, though no CISA KEV listing or widespread exploitation has been confirmed at time of analysis.

Remote code execution in Tenda F456 router firmware 1.0.0.5 allows authenticated attackers to overflow buffers in the httpd service via crafted menufacturer/Go parameters to the VirtualSer endpoint. Public exploit code exists on GitHub (Litengzheng/vuldb_new), enabling attackers with low-privilege credentials to achieve complete system compromise. While CVSS rates this 7.4 (High) with network attack vector and low complexity, the requirement for authentication (PR:L) moderates real-world risk compared to unauthenticated RCE - priority depends on whether default credentials are documented or credential stuffing is viable against target deployments.

Buffer overflow in Tenda F456 router firmware 1.0.0.5 allows authenticated remote attackers to execute arbitrary code via malformed PPTP client parameters. The vulnerability resides in the fromPptpUserAdd function of the httpd web server component, specifically through manipulation of the opttype/usernamewith arguments. Public exploit code is available on GitHub, significantly lowering the barrier for exploitation against internet-exposed Tenda F456 devices with default or weak administrative credentials.

Buffer overflow in Tenda F456 router firmware version 1.0.0.5 enables authenticated remote attackers to achieve complete system compromise via crafted HTTP requests to the /goform/L7Prot endpoint. The vulnerability affects the frmL7ProtForm function in the httpd component, triggered by malicious 'page' parameter manipulation. Public exploit code exists on GitHub (Litengzheng/vuldb_new), significantly lowering the barrier to exploitation despite requiring low-privilege authentication (PR:L). CVSS 7.4 reflects high confidentiality, integrity, and availability impact with network attack vector and low complexity.

Path traversal in Tenda i9 router firmware version 1.0.0.5(2204) allows remote unauthenticated attackers to access arbitrary files, modify system configurations, and potentially disrupt device operation via the R7WebsSecurityHandlerfunction in the HTTP Handler component. Publicly available exploit code exists on GitHub (Litengzheng/vuldb_new), enabling straightforward exploitation with EPSS-assessed risk. The vulnerability permits confidentiality, integrity, and availability impacts with low attack complexity and no required user interaction, making it a realistic target for automated scanning and exploitation.

Stack-based buffer overflow in Tenda FH1202 router firmware 1.2.0.14 allows authenticated remote attackers to execute arbitrary code via crafted HTTP requests to the /goform/WrlclientSet endpoint. The vulnerability resides in the fromWrlclientSet function of the httpd component, triggered by malicious 'Go' parameter input. Publicly available proof-of-concept exploit code increases immediate exploitation risk for exposed devices. EPSS data not provided, but public POC and low attack complexity (AC:L) indicate elevated real-world risk despite authentication requirement (PR:L).

Stack-based buffer overflow in Tenda FH1202 router firmware 1.2.0.14(408) allows authenticated remote attackers to execute arbitrary code via crafted 'Go' parameter to the /goform/WrlExtraSet endpoint in the httpd service. A public proof-of-concept exploit exists (GitHub), enabling reliable exploitation despite low attack complexity. CVSS 7.4 (High) severity reflects significant impact potential, though exploitation requires valid user credentials (PR:L), limiting mass-scale attacks to scenarios where default/weak credentials are common in Tenda routers.

Buffer overflow in Tenda F456 router firmware 1.0.0.5 allows authenticated remote attackers to achieve high-impact compromise of device confidentiality, integrity, and availability through crafted input to the SafeClientFilter function. A proof-of-concept exploit has been published on GitHub, increasing the likelihood of exploitation attempts against exposed management interfaces. While authentication is required (PR:L), the low attack complexity (AC:L) and network accessibility (AV:N) make this exploitable by attackers with basic router credentials.

Buffer overflow in Tenda F456 wireless router firmware 1.0.0.5 allows authenticated remote attackers to achieve arbitrary code execution through the SafeEmailFilter function. The vulnerability requires low-privilege authentication but enables complete system compromise (confidentiality, integrity, and availability impact all rated High). A public exploit has been published on GitHub, significantly lowering the barrier for exploitation, though no CISA KEV listing or EPSS data indicates the attack remains targeted rather than widespread at this time.

Buffer overflow in Tenda F456 router version 1.0.0.5 allows authenticated remote attackers to achieve complete device compromise via crafted HTTP requests to the /goform/SafeMacFilter endpoint. The vulnerability resides in the fromSafeMacFilter function's improper validation of the 'page' parameter. Public exploit code is available on GitHub, significantly lowering the technical barrier for exploitation. CVSS 7.4 (High) reflects the network attack vector and high impact across confidentiality, integrity, and availability, though exploitation requires low-privilege authentication.

Remote code execution in Tenda F456 router firmware version 1.0.0.5 allows authenticated attackers to crash the device or execute arbitrary code via buffer overflow in the RouteStatic configuration handler. The vulnerability targets the 'page' parameter in /goform/RouteStatic endpoint and requires only low-privilege authentication (CVSS PR:L). A publicly available proof-of-concept exploit exists on GitHub, significantly lowering the technical barrier for exploitation. The CVSS 4.0 score of 7.4 reflects high confidentiality, integrity, and availability impact with low attack complexity (AC:L) and network-based attack vector (AV:N).

Buffer overflow in Tenda F456 router firmware version 1.0.0.5 allows authenticated remote attackers to execute arbitrary code or crash the device by sending malformed HTTP requests to the /goform/addressNat endpoint. The vulnerability exists in the fromaddressNat function and is actively exploitable with publicly available proof-of-concept code. CVSS 7.4 with low attack complexity indicates straightforward exploitation once authenticated, while EPSS data (if available) would contextualize real-world exploitation likelihood beyond the confirmed POC availability.

Remote code execution in Tenda F456 router firmware 1.0.0.5 allows authenticated attackers to crash the device or execute arbitrary code via buffer overflow in the fromP2pListFilter function. Exploitation requires low-privilege authentication (PR:L) and is network-accessible (AV:N) with low attack complexity (AC:L). Publicly available exploit code exists (CVSS E:P), significantly lowering the barrier to exploitation. EPSS data not provided, but public POC availability and router attack surface suggest moderate real-world risk for exposed management interfaces.

Command injection in Tenda F453 firmware up to version 1.0.0.3 allows authenticated remote attackers to execute arbitrary system commands via the TendaTelnet function in the /goform/telnet endpoint. The vulnerability has publicly available exploit code and may be actively used against deployed devices. Attack requires low-privilege authentication but carries significant risk due to the telnet service's direct command execution capability.

Remote authenticated attackers can execute arbitrary code on Tenda HG10 routers (firmware HG7_HG9_HG10re_300001138_en_xpon) by sending a malformed 'nextHop' parameter to the /boaform/formRouting endpoint in the Boa web service. This buffer overflow vulnerability has publicly available exploit code on GitHub and is rated 8.8 (High) with low attack complexity. EPSS data unavailable; not currently listed in CISA KEV. Successful exploitation requires only low-privilege authentication and grants full device compromise (confidentiality, integrity, and availability impact).

Command injection in Tenda W30E V2.0 firmware V16.01.0.21 allows remote unauthenticated attackers to execute arbitrary operating system commands as root through the formSetUSBPartitionUmount function by manipulating the usbPartitionName parameter. The vulnerability achieves maximum CVSS severity (9.8) due to network accessibility without authentication, though EPSS exploitation probability remains low (0.17%, 38th percentile), suggesting limited attacker interest at time of analysis. No active exploitation confirmed by CISA KEV, and public exploit code status is unverified from researcher disclosure.

Command injection in Tenda W30E router firmware V16.01.0.21 allows unauthenticated remote attackers to execute arbitrary system commands via the 'hostName' parameter in the diagnostic ping function. Attack requires only network access to the router's web interface with no authentication or user interaction. Proof-of-concept exploit code is publicly available (SSVC exploitation status: POC). EPSS data not available, but SSVC framework marks this as automatable with partial technical impact, making it suitable for mass scanning campaigns targeting exposed Tenda routers.

Buffer overflow in Tenda F451 router firmware 1.0.0.7_cn_svn7958 allows authenticated remote attackers to achieve complete compromise via the SafeClientFilter function. The httpd service improperly validates 'menufacturer' and 'Go' parameters, enabling memory corruption that leads to code execution with firmware-level privileges. A public exploit (GitHub PoC) exists, but no CISA KEV listing indicates exploitation remains proof-of-concept rather than widespread. EPSS data unavailable; CVSS 7.4 reflects network attack vector with low complexity, though low-privilege authentication is required.

Buffer overflow in Tenda F451 router (version 1.0.0.7_cn_svn7958) allows authenticated remote attackers to achieve arbitrary code execution with high impact on confidentiality, integrity, and availability. The vulnerability exists in the httpd component's webExcptypemanFilter function, exploitable via malicious 'page' parameter input to /goform/webExcptypemanFilter. Public exploit code is available on GitHub (CVSS 7.4, CWE-120). EPSS data not provided, not listed in CISA KEV. This targets a specific legacy Chinese firmware version of a consumer-grade router with known end-of-life support issues.

Remote buffer overflow in Tenda F451 router (version 1.0.0.7_cn_svn7958) allows authenticated attackers to achieve arbitrary code execution via crafted DHCP server configuration requests. The vulnerability exists in the httpd service's /goform/GstDhcpSetSer endpoint, exploitable by manipulating the 'dips' parameter. Public exploit code is available on GitHub, significantly lowering exploitation barriers for authenticated attackers with network access to the router's management interface.

Stack-based buffer overflow in Tenda F456 1.0.0.5 router's formwebtypelibrary function allows authenticated remote attackers to achieve arbitrary code execution with high impact to confidentiality, integrity, and availability. The vulnerability resides in /goform/webtypelibrary endpoint via manipulation of the 'menufacturer' or 'Go' parameters. Public exploit code exists on GitHub (EPSS 0.05%, 14th percentile), indicating low likelihood of mass exploitation but confirmed weaponization capability. No vendor patch identified at time of analysis.

Stack-based buffer overflow in Tenda F456 router firmware 1.0.0.5 allows authenticated remote attackers to achieve complete device compromise via crafted input to the 'page' parameter in the fromqossetting QoS configuration handler. Publicly available exploit code exists (GitHub POC), CVSS 7.4 (High), EPSS 0.05% (low exploitation probability). Not actively exploited per CISA KEV. This is a classic IoT router vulnerability affecting the web management interface at /goform/qossetting, requiring valid authentication credentials but enabling full device takeover once authenticated.

Stack-based buffer overflow in Tenda F456 router firmware v1.0.0.5 allows authenticated remote attackers to achieve code execution with high integrity and availability impact via crafted 'page' parameter to the /goform/NatStaticSetting endpoint's fromNatStaticSetting function. Public exploit code exists (EPSS 0.05%, 14th percentile), indicating low observed exploitation probability despite proof-of-concept availability. No active exploitation confirmed via CISA KEV at time of analysis.

Stack-based buffer overflow in Tenda F456 router firmware version 1.0.0.5 allows authenticated remote attackers to achieve complete system compromise via crafted input to the wireless security settings handler. Public exploit code is available, but EPSS exploitation probability remains very low (0.05%, 14th percentile), and no active exploitation has been reported. The vulnerability requires authenticated access to the router's administrative interface, limiting opportunistic exploitation.

Stack-based buffer overflow in Tenda F456 router firmware 1.0.0.5 allows authenticated remote attackers to execute arbitrary code via the /goform/exeCommand endpoint. The vulnerability has a publicly available proof-of-concept exploit and affects the fromexeCommand function through manipulation of the cmdinput parameter. EPSS probability is low (0.05%, 14th percentile), indicating minimal observed exploitation activity despite POC availability. Not listed in CISA KEV, confirming no widespread active exploitation detected.

Stack-based buffer overflow in Tenda F451 router firmware 1.0.0.7_cn_svn7958 allows authenticated remote attackers to achieve complete system compromise (confidentiality, integrity, availability breach) via malformed ADSL/WAN configuration parameters. The vulnerability resides in the fromAdvSetWan function handling wanmode and PPPOEPassword arguments. Publicly available exploit code exists, significantly lowering the barrier to exploitation. CVSS 7.4 (High) with low attack complexity and network-reachable attack vector indicates substantial risk for exposed management interfaces.

Stack-based buffer overflow in Tenda F451 wireless router (firmware 1.0.0.7_cn_svn7958) allows authenticated remote attackers to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. The vulnerability resides in the frmL7ImForm function handling the 'page' parameter at /goform/L7Im endpoint. Publicly available exploit code exists (GitHub POC published), significantly lowering exploitation barriers. CVSS 8.8 (High) reflects network-accessible attack vector with low complexity, requiring only low-privilege authentication. No vendor-released patch identified at time of analysis.

Stack-based buffer overflow in Tenda F451 router firmware version 1.0.0.7_cn_svn7958 allows authenticated remote attackers to achieve arbitrary code execution with high impact to confidentiality, integrity, and availability. The vulnerability resides in the fromSetIpBind function accessible via /goform/SetIpBind endpoint, where manipulation of the 'page' parameter triggers memory corruption. Publicly available exploit code exists (GitHub POC published), significantly lowering the barrier to exploitation despite requiring low-privilege authentication. CVSS 8.8 severity reflects network accessibility, low attack complexity, and complete system compromise potential.

Stack-based buffer overflow in Tenda F451 router firmware version 1.0.0.7_cn_svn7958 allows remote authenticated attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. The vulnerability resides in the fromqossetting function's handling of the 'qos' parameter in /goform/qossetting endpoint. Publicly available exploit code (GitHub PoC) significantly lowers the barrier to exploitation. CVSS 7.4 (High) with low attack complexity and network attack vector indicates elevated risk for exposed devices, though low-privilege authentication is required.

Stack-based buffer overflow in Tenda F451 router (version 1.0.0.7_cn_svn7958) allows authenticated remote attackers to achieve arbitrary code execution with high impact on confidentiality, integrity, and availability. The vulnerability resides in the fromSafeUrlFilter function handling the 'page' parameter in /goform/SafeUrlFilter endpoint. Publicly available exploit code exists (GitHub POC), significantly lowering exploitation barrier. With CVSS 8.8 (Critical) and low attack complexity, this represents a serious risk to deployed devices, though exploitation requires authenticated access (PR:L) to the router's web interface.

Stack-based buffer overflow in Tenda F451 router firmware 1.0.0.7 allows authenticated remote attackers to achieve complete system compromise via the SafeMacFilter function. The vulnerability is exploitable over the network with low complexity, requiring only basic user credentials. Publicly available exploit code exists (GitHub POC), significantly lowering the barrier for exploitation. CVSS 8.8 (High) severity with potential for code execution, data theft, and device takeover.

Stack-based buffer overflow in Tenda F451 router firmware 1.0.0.7 enables authenticated remote attackers to execute arbitrary code with high privileges via crafted 'entrys' parameter to the /goform/addressNat endpoint. The vulnerability resides in the fromAddressNat function of the httpd component. Public exploit code is available (GitHub), with EPSS indicating moderate exploitation probability. Requires low-privilege authentication (PR:L) but has low attack complexity (AC:L), making it accessible to attackers with basic router credentials.

Stack-based buffer overflow in Tenda F451 router version 1.0.0.7 allows authenticated remote attackers to execute arbitrary code with high impact to confidentiality, integrity, and availability. The vulnerability resides in the httpd component's frmL7ProtForm function when processing the 'page' parameter in /goform/L7Prot. Publicly available exploit code exists (GitHub POC published), enabling attackers with low-privilege credentials to achieve full system compromise. CVSS 8.8 (High) with low attack complexity and no user interaction required. No vendor-released patch identified at time of analysis.

Stack-based buffer overflow in Tenda F451 router firmware version 1.0.0.7 allows authenticated remote attackers to achieve full system compromise via crafted HTTP requests to the wireless client configuration endpoint. The vulnerability (CVSS 8.8) exists in the WrlclientSet function within the httpd service and requires only low-privilege authentication. Publicly available exploit code has been published on GitHub, significantly lowering the barrier to exploitation, though no active exploitation is confirmed in CISA KEV at time of analysis.

Stack-based buffer overflow in Tenda F451 router version 1.0.0.7 allows authenticated remote attackers to achieve complete system compromise through the DHCP client list function. The vulnerability exists in the httpd service's /goform/DhcpListClient endpoint via the 'page' parameter. Publicly available exploit code exists (GitHub POC published), enabling low-complexity attacks that can result in full confidentiality, integrity, and availability compromise. CVSS 8.8 reflects high impact across all security objectives with minimal attack complexity, though low-privileged authentication is required.

Path traversal in Tenda i6 router firmware 1.0.0.7(2204) allows unauthenticated remote attackers to read, write, or delete arbitrary files via malicious HTTP requests to the R7WebsSecurityHandlerfunction component. CVSS 7.3 (High) reflects network-accessible exploitation without authentication. Publicly available exploit code exists, documented in a GitHub repository demonstrating attack vectors. Affects Tenda i6 wireless router deployments running vulnerable firmware version.

Stack-based buffer overflow in Tenda AC9 router firmware 15.03.02.13 enables authenticated remote attackers to execute arbitrary code or crash the device. The vulnerability resides in the decodePwd function within /goform/WizardHandle POST request handler, triggered by manipulating the WANS parameter. Attack requires low-privilege authentication but no user interaction. CVSS 8.8 (High) reflects potential for complete system compromise. Publicly available exploit code exists; no confirmed active exploitation (CISA KEV).

Stack-based buffer overflow in Tenda AC9 router firmware 15.03.02.13 allows authenticated remote attackers to execute arbitrary code via crafted PPPOEPassword parameter to formQuickIndex endpoint. Attack requires low-privilege credentials but no user interaction, enabling complete device compromise. Publicly available exploit code exists. CVSS 8.8 reflects network-accessible attack path with high impact to confidentiality, integrity, and availability.

Stack-based buffer overflow in Tenda F451 router (version 1.0.0.7) enables authenticated remote attackers to execute arbitrary code via malformed 'page' parameter in fromP2pListFilter function at /goform/P2pListFilter endpoint. Publicly available exploit code exists. Attack requires low-privilege authentication (PR:L) but no user interaction, yielding high confidentiality, integrity, and availability impact on vulnerable device.

Stack-based buffer overflow in Tenda F451 wireless router firmware 1.0.0.7 allows authenticated remote attackers to execute arbitrary code or crash the device via crafted GO parameter to the formWrlExtraSet function in /goform/WrlExtraSet endpoint. The vulnerability permits complete compromise of device confidentiality and integrity. Publicly available exploit code exists. Attack requires low-privilege authenticated access to the web management interface.

Stack-based buffer overflow in Tenda F451 router firmware version 1.0.0.7 allows authenticated remote attackers to execute arbitrary code or cause denial of service via crafted 'page' parameter in the fromSafeEmailFilter function at /goform/SafeEmailFilter endpoint. Publicly available exploit code exists. Attack requires low-privilege authentication but no user interaction, enabling complete compromise of device confidentiality, integrity, and availability.

Stack-based buffer overflow in Tenda F451 wireless router firmware 1.0.0.7 enables authenticated remote attackers to execute arbitrary code via crafted mit_ssid parameter to formWrlsafeset function in /goform/AdvSetWrlsafeset endpoint. Publicly available exploit code exists. Attack requires low-privilege authenticated access to the router's web management interface, resulting in complete compromise of device confidentiality, integrity, and availability with no impact to other network segments.

Stack-based buffer overflow in Tenda F451 wireless router firmware 1.0.0.7 allows authenticated remote attackers to execute arbitrary code via crafted page parameter to fromRouteStatic function in /goform/RouteStatic endpoint. Attack requires low-privilege authenticated access to web management interface with no user interaction. Publicly available exploit code exists. Exploitation yields complete compromise of router confidentiality, integrity, and availability.

Remote path traversal in Tenda CH22 1.0.0.6(468) httpd component allows unauthenticated attackers to access arbitrary files via the R7WebsSecurityHandlerfunction, with publicly available exploit code and a CVSS score of 6.9 indicating moderate real-world risk despite the low scope of impact (information disclosure only).

Path traversal in Tenda i12 router firmware 1.0.0.11(3862) allows unauthenticated remote attackers to read, modify, or delete arbitrary files via malicious HTTP requests to an unidentified handler component. The vulnerability enables unauthorized access to the filesystem with low integrity and confidentiality impact. Publicly available exploit code exists, increasing the likelihood of opportunistic attacks against exposed devices.

Path traversal vulnerability in Tenda i3 router firmware version 1.0.0.6(2204) allows unauthenticated remote attackers to access arbitrary files via manipulation of the R7WebsSecurityHandler HTTP handler component. The vulnerability has a CVSS score of 6.9 (low confidentiality and integrity impact), publicly available exploit code exists, and exploitation requires only network access with no user interaction.

Stack-based buffer overflow in Tenda AC15 router firmware 15.03.05.18 websGetVar function allows authenticated remote attackers to execute arbitrary code with high impact to confidentiality, integrity, and availability. The vulnerability resides in /goform/SysToolChangePwd endpoint where manipulation of oldPwd, newPwd, or cfmPwd parameters triggers memory corruption. Publicly available exploit code exists. Exploitation requires low-privilege authenticated access but no user interaction, making it readily exploitable once credentials are obtained.

Buffer overflow in Tenda AC6 router firmware version 15.03.05.16_multi enables unauthenticated remote denial-of-service attacks via crafted HTTP requests to formSetCfm function. Attackers can trigger service disruption by sending malicious funcname, funcpara1, or funcpara2 parameters without authentication. The network-accessible attack vector with low complexity makes this exploitable from the internet. No public exploit identified at time of analysis. Low observed exploitation activity (EPSS 0.02%).

Stack-based buffer overflow in Tenda CX12L router firmware 16.03.53.12 allows authenticated remote attackers to achieve arbitrary code execution via the 'page' parameter in the fromNatStaticSetting function at /goform/NatStaticSetting endpoint. Publicly available exploit code exists. EPSS data not provided, but CVSS 7.4 (High) with network attack vector and low complexity indicates significant risk for exposed administrative interfaces.

Remote stack-based buffer overflow in Tenda CX12L router firmware version 16.03.53.12 allows authenticated attackers to execute arbitrary code via crafted 'page' parameter to the RouteStatic configuration endpoint. CVSS 7.4 with publicly available exploit code (E:P in vector). EPSS and KEV data not provided, but public POC availability elevates immediate risk for exposed management interfaces.

Remote code execution in Tenda CX12L firmware version 16.03.53.12 allows authenticated attackers to overflow stack buffers via malicious 'page' parameter values sent to the addressNat endpoint (/goform/addressNat). The fromAddressNat function fails to validate input length, enabling memory corruption with high impact to confidentiality, integrity, and availability. Publicly available exploit code exists (GitHub POC), elevating practical exploitation risk despite requiring low-privilege authentication. EPSS data not available, but CVSS 7.4 reflects network-accessible attack vector with low complexity.

Stack-based buffer overflow in Tenda CX12L wireless router firmware 16.03.53.12 allows authenticated adjacent network attackers to execute arbitrary code or crash the device via crafted 'page' parameter to the /goform/webExcptypemanFilter endpoint. Publicly available exploit code exists (GitHub POC published), enabling straightforward exploitation against unpatched routers on the same LAN segment. EPSS score of 0.03% suggests limited mass exploitation to date, though adjacent network requirement naturally constrains attack surface to local/corporate networks rather than internet-wide scanning.

Stack-based buffer overflow in Tenda CX12L firmware version 16.03.53.12 allows authenticated local network attackers to cause memory corruption via manipulation of the page parameter in the P2pListFilter function. The vulnerability requires local network access and authenticated privileges but carries publicly available exploit code, elevating practical risk despite the moderate CVSS score of 5.1.

Stack-based buffer overflow in Tenda i12 router firmware 1.0.0.11(3862) allows authenticated remote attackers to execute arbitrary code via the WiFi SSID configuration interface. The vulnerability is exploitable over the network with low complexity through manipulation of the 'index' or 'wl_radio' parameters in the formwrlSSIDset function. With publicly available exploit code (GitHub POC) and a CVSS score of 8.8, this presents immediate risk to exposed management interfaces. EPSS data not provided, but the combination of network accessibility, authentication bypass potential, and weaponized exploit elevates real-world risk.

Stack-based buffer overflow in Tenda CH22 router firmware version 1.0.0.1 allows authenticated remote attackers to achieve arbitrary code execution via the formWrlExtraSet function. The vulnerability resides in the /goform/WrlExtraSet endpoint where manipulation of the 'GO' parameter triggers memory corruption. With CVSS 8.8 (network-accessible, low complexity, requires low-privileged authentication), this represents a critical risk to affected devices. Publicly available exploit code exists on GitHub, significantly lowering the barrier to exploitation, though no confirmed active exploitation (CISA KEV) has been reported at time of analysis.

Stack-based buffer overflow in Tenda CH22 router firmware version 1.0.0.1 allows authenticated remote attackers to execute arbitrary code via crafted 'standard' parameter to the formCertLocalPrecreate function in /goform/CertLocalPrecreate endpoint. Publicly available exploit code exists (GitHub), CVSS 7.4 (High), but no active exploitation confirmed (not in CISA KEV). CVSS vector indicates low attack complexity with required authentication (PR:L), affecting all three confidentiality, integrity, and availability at high impact levels.

Buffer overflow in Tenda M3 router firmware 1.0.0.10 allows authenticated remote attackers to achieve code execution via the setAdvPolicyData endpoint. The vulnerability resides in the Destination Handler component's policyType parameter processing. Publicly available exploit code exists (GitHub POC), elevating immediate risk despite low-privilege authentication requirement. CVSS 7.4 reflects network-accessible attack with low complexity; no CISA KEV listing indicates exploitation remains proof-of-concept stage rather than widespread campaign targeting.

Stack-based buffer overflow in Tenda AC10 router firmware version 16.03.10.10_multi_TDE01 allows authenticated remote attackers to achieve complete system compromise through the fromSysToolChangePwd function in /bin/httpd. The vulnerability requires only low-privilege authentication (CVSS PR:L) and has low attack complexity, enabling potential remote code execution with full confidentiality, integrity, and availability impact. No public exploit code identified at time of analysis, though detailed technical findings have been published on GitHub documenting multiple vulnerable endpoints.

Tenda AC10 router firmware 16.03.10.10_multi_TDE01 exposes a hard-coded RSA 2048-bit private key in the world-readable file /webroot_ro/pem/privkeySrv.pem, allowing unauthenticated remote attackers to retrieve sensitive cryptographic material and decrypt encrypted communications. With publicly available exploit code and an EPSS score indicating moderate but real-world feasibility, this vulnerability enables information disclosure attacks against affected router configurations.

Stack-based buffer overflow in Tenda AC10 router firmware 16.03.10.10_multi_TDE01 allows authenticated remote attackers to achieve code execution with high impact to confidentiality, integrity, and availability. The vulnerability resides in the fromSysToolChangePwd function within /bin/httpd, triggered by manipulating the sys.userpass parameter. Publicly available exploit code exists (GitHub repository documented), though no confirmed active exploitation (not in CISA KEV). CVSS 8.8 reflects network-accessible attack requiring only low-privilege authentication with low complexity, making this a realistic threat for internet-exposed routers with default or compromised credentials.

OS command injection in Tenda AC10 firmware 16.03.10.10_multi_TDE01 allows authenticated remote attackers to execute arbitrary system commands via the formAddMacfilterRule function in /bin/httpd. The vulnerability requires valid credentials (PR:L in CVSS vector) and affects multiple endpoints related to MAC filtering configuration. No public exploit code has been independently confirmed as actively exploited, though proof-of-concept documentation exists in public repositories.

Tenda 4G03 Pro wireless router contains a hard-coded ECDSA P-256 private cryptographic key in the /etc/www/pem/server.key file, enabling remote attackers to decrypt HTTPS communications and potentially impersonate the device without authentication. The vulnerability affects firmware versions 1.0, 1.0re, 01.bin, and 04.03.01.53, and carries a CVSS score of 5.3 with proof-of-concept exploitation likely (E:P rating). No public exploit code has been independently confirmed at the time of this analysis.

Improper access controls in Tenda 4G03 Pro firmware (versions up to 04.03.01.53) enable unauthenticated remote attackers to bypass authentication mechanisms via the /bin/httpd binary, potentially achieving unauthorized administrative access to the router. This vulnerability has publicly available exploit code and affects consumer-grade 4G routers commonly used for home and small office networks. EPSS data not available, but the combination of network-accessible attack vector, low complexity, and public exploit elevates real-world risk.

Command injection in Tenda G103 1.0.0.5 allows high-privileged remote attackers to execute arbitrary commands via the lanIp parameter in the action_set_system_settings function of system.lua. The vulnerability requires administrative credentials (PR:H) but has publicly available exploit code and impacts system confidentiality, integrity, and availability. CVSS score 5.1 reflects the elevated privilege requirement despite network-based attack vector.

Command injection in Tenda G103 1.0.0.5 setting handler allows high-privilege remote attackers to execute arbitrary commands via manipulation of multiple GPON authentication parameters (authLoid, authLoidPassword, authPassword, authSerialNo, authType, oltType, usVlanId, usVlanPriority) in the gpon.lua component. Publicly available exploit code exists, though the CVSS:3.1/AV:N/AC:L/PR:H vector indicates attacks require high administrative privileges and deliver limited impact (confidentiality, integrity, availability each L). This is a realistic but constrained threat: exploitation requires authenticated admin-level access to a device already on the network.

Stack-based buffer overflow in Tenda CH22 router version 1.0.0.1 allows authenticated remote attackers to achieve arbitrary code execution via the webSiteId parameter in the formWebTypeLibrary function. Public exploit code exists on GitHub, significantly lowering the barrier to exploitation. While requiring low-privilege authentication (PR:L), the vulnerability enables complete compromise of router confidentiality, integrity, and availability with low attack complexity.