Tenda
Monthly
Stack-based buffer overflow in Tenda CH22 router firmware version 1.0.0.1 allows authenticated remote attackers to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. The vulnerability resides in the formQuickIndex function's handling of the mit_linktype parameter in the /goform/QuickIndex endpoint. Publicly available exploit code exists on GitHub, significantly lowering the barrier to exploitation. With a CVSS score of 8.8 and low attack complexity requiring only low-privilege authentication, this represents a critical risk to deployed Tenda CH22 devices, though CISA KEV status is not confirmed.
Stack-based buffer overflow in Tenda CH22 router (version 1.0.0.1) allows authenticated remote attackers to achieve code execution or denial of service via the wanmode parameter in the /goform/AdvSetWan endpoint. Public exploit code exists (GitHub POC), significantly lowering exploitation barriers. CVSS 7.4 reflects network-accessible attack requiring only low-privilege authentication, with high impact to confidentiality, integrity, and availability.
Stack-based buffer overflow in Tenda CH22 router (versions 1.0.0.1 and 1.If) allows authenticated remote attackers to achieve code execution via crafted 'funcname' parameter to the /goform/setcfm endpoint. Publicly available exploit code exists (GitHub POC), significantly lowering exploitation barrier. CVSS 7.4 with low attack complexity and authenticated remote vector indicates moderate risk for targeted attacks against devices with compromised credentials.
Command injection in Tenda CH22 1.0.0.1 via the FormWriteFacMac function allows authenticated remote attackers to execute arbitrary commands by manipulating the mac parameter in the /goform/WriteFacMac endpoint. Publicly available exploit code exists for this vulnerability, which carries a CVSS score of 6.3 and requires low-privilege authentication to trigger.
Stack-based buffer overflow in Tenda CH22 router version 1.0.0.1 allows authenticated remote attackers to achieve arbitrary code execution via the formCreateFileName function. The vulnerability resides in the /goform/createFileName endpoint where insufficient input validation of the 'fileNameMit' parameter enables memory corruption. Publicly available exploit code exists on GitHub, significantly lowering the barrier to exploitation. While requiring low-privilege authentication (PR:L), the attack complexity is low (AC:L) and can be executed remotely over the network.
Stack-based buffer overflow in Tenda FH1201 router firmware 1.2.0.14(408) allows authenticated remote attackers to execute arbitrary code or cause denial of service via crafted 'GO' parameter to the /goform/WrlExtraSet endpoint. CVSS 8.8 reflects high impact but requires low-privilege authentication (PR:L). Publicly available exploit code exists, demonstrating concrete exploitability. EPSS data not provided, but the combination of available POC and network accessibility elevates real-world risk for internet-exposed devices with default or weak credentials.
Stack-based buffer overflow in Tenda FH1201 router (v1.2.0.14) enables remote authenticated attackers to execute arbitrary code via the WrlclientSet function. Exploitation requires only low-privilege credentials (CVSS PR:L) and has low attack complexity (AC:L), with publicly available exploit code on GitHub. CVSS 8.8 reflects high impact across confidentiality, integrity, and availability. No vendor patch identified at time of analysis, creating urgent risk for deployed devices.
Stack-based buffer overflow in Tenda 4G06 router firmware version 04.06.01.29 allows authenticated remote attackers to achieve arbitrary code execution with high impact to confidentiality, integrity, and availability. The vulnerability resides in the fromDhcpListClient function accessible via the /goform/DhcpListClient endpoint, triggered by manipulating the 'page' parameter. Publicly available exploit code exists (GitHub PoC published), significantly lowering the barrier to exploitation. CVSS 8.8 (High) reflects network-based attack vector with low complexity, though low-privilege authentication is required. Not currently listed in CISA KEV, indicating no confirmed widespread active exploitation at time of analysis.
Stack-based buffer overflow in Tenda F453 router firmware 1.0.0.3 allows authenticated remote attackers to execute arbitrary code or crash the device via the PPTP user configuration interface. The vulnerability resides in the fromPPTPUserSetting function within the httpd component, triggered by manipulating the 'delno' parameter. Publicly available exploit code exists (GitHub), significantly lowering exploitation barriers. CVSS 8.8 reflects high impact across confidentiality, integrity, and availability, though authentication is required (PR:L). EPSS data not provided, but public POC availability elevates real-world risk for exposed management interfaces.
Stack-based buffer overflow in Tenda AC15 router firmware 15.03.05.19 enables remote authenticated attackers to achieve code execution via the formSetCfm function. The vulnerability is triggered through POST requests to /goform/setcfm by manipulating the funcpara1 parameter. A publicly available exploit code exists, significantly lowering the barrier to exploitation for attackers with low-privilege credentials.
Stack-based buffer overflow in Tenda AC7 router firmware 15.03.06.44 allows authenticated remote attackers to execute arbitrary code via crafted Time parameter to /goform/SetSysTimeCfg endpoint. Publicly available exploit code exists. EPSS data not available, but exploitation requires low attack complexity with network access and low privileges (CVSS:4.0 AV:N/AC:L/PR:L). This is a critical pre-authentication boundary issue in consumer router infrastructure with confirmed POC, warranting immediate patching for affected deployments.
Remote attackers with low-level authentication can execute arbitrary code on Tenda AC6 routers running firmware version 15.03.05.16 by exploiting a stack-based buffer overflow in the formQuickIndex function via crafted PPPOEPassword parameters in POST requests to /goform/QuickIndex. Publicly available exploit code exists, demonstrating practical exploitation of this critical vulnerability with CVSS 8.8 (High severity, network-accessible, low complexity). The vulnerability is tracked as CWE-121 and poses immediate risk to exposed devices.
Stack-based buffer overflow in Tenda AC6 router firmware version 15.03.05.16 enables authenticated remote attackers to achieve code execution with high impact to confidentiality, integrity, and availability. The vulnerability resides in the fromWizardHandle function handling POST requests to /goform/WizardHandle, exploitable by manipulating WANT/WANS parameters. Publicly available exploit code exists, demonstrating the attack technique via a detailed proof-of-concept published on Notion. With a CVSS score of 8.8 and low attack complexity, this represents a significant risk to affected devices despite requiring low-privilege authentication.
Remote attackers with low-level authentication can trigger stack-based buffer overflow in Tenda AC5 router firmware version 15.03.06.47 via the WizardHandle POST request handler, potentially achieving arbitrary code execution with high impact to confidentiality, integrity, and availability. Publicly available exploit code exists, as confirmed by multiple references including a detailed proof-of-concept document on Notion. The CVSS score of 8.8 reflects network-based attack vector with low complexity and no user interaction required, while the temporal score indicates proof-of-concept exploitation capability.
Remote authenticated attackers can execute arbitrary code on Tenda AC5 routers (firmware version 15.03.06.47) by exploiting a stack-based buffer overflow in the WPS configuration handler. The vulnerability resides in the formWifiWpsOOB function handling POST requests to /goform/WifiWpsOOB, where insufficient validation of the 'index' parameter allows memory corruption. A publicly available exploit code exists (CVSS 8.8, EPSS data not provided), enabling authenticated attackers with low-privilege access to achieve complete device compromise with high impact on confidentiality, integrity, and availability.
Stack-based buffer overflow in Tenda AC5 router firmware version 15.03.06.47 enables remote authenticated attackers to achieve arbitrary code execution with high impact to confidentiality, integrity, and availability. The vulnerability resides in the formSetCfm function's handling of the funcpara1 parameter in POST requests to /goform/setcfm. A publicly available exploit exists with proof-of-concept code disclosed through VulDB and documented in detailed technical write-ups, significantly lowering the barrier to exploitation for threat actors targeting vulnerable devices.
Remote attackers with low-level credentials can execute arbitrary code on Tenda AC5 wireless routers running firmware version 15.03.06.47 by exploiting a stack-based buffer overflow in the formQuickIndex function via a crafted PPPOEPassword parameter in POST requests to /goform/QuickIndex. Publicly available exploit code exists, including detailed proof-of-concept documentation published on Notion, elevating immediate risk for devices exposed to authenticated network users. The CVSS score of 8.8 reflects high impact across confidentiality, integrity, and availability with network-based attack vector and low complexity.
Remote attackers with low-level authentication can achieve full system compromise on Tenda AC5 routers running firmware version 15.03.06.47 by exploiting a stack-based buffer overflow in the addressNat POST request handler. The fromAddressNat function fails to validate the 'page' parameter, enabling memory corruption that leads to high confidentiality, integrity, and availability impact (CVSS 8.8). Publicly available exploit code exists, significantly lowering the barrier to exploitation.
Stack-based buffer overflow in Tenda A15 router firmware version 15.13.07.13 allows unauthenticated remote attackers to achieve complete system compromise through a malicious file upload to the UploadCfg function. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires no user interaction and can be executed over the network with trivial complexity.
Buffer overflow in Tenda AC21 firmware version 16.03.08.16 allows authenticated remote attackers to achieve complete system compromise through crafted QoS configuration requests to the SetNetControlList endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials can execute arbitrary code with full system privileges (confidentiality, integrity, and availability impact).
Unauthenticated attackers can execute arbitrary commands on Tenda F453 routers (version 1.0.0.3) by injecting malicious input through the mac parameter in the /goform/WriteFacMac endpoint. Public exploit code exists for this vulnerability, enabling remote code execution with minimal attack complexity. A patch is not currently available.
Tenda F453 1.0.0.3 contains a stack-based buffer overflow in the Natlimit parameter handler that allows authenticated remote attackers to achieve full system compromise through a malicious page argument. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can trigger the overflow to execute arbitrary code with high integrity and confidentiality impact.
Stack-based buffer overflow in Tenda F453 firmware version 1.0.0.3 allows remote attackers to achieve complete system compromise through manipulation of the page parameter in the VirtualSer handler. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access can execute arbitrary code with high impact on confidentiality, integrity, and availability.
Tenda F453 version 1.0.0.3 contains a stack-based buffer overflow in the SafeClientFilter parameter handler that allows authenticated remote attackers to execute arbitrary code by manipulating the manufacturer/Go argument. Public exploit code exists for this vulnerability and no patch is currently available, creating significant risk for affected deployments.
Stack-based buffer overflow in Tenda FH451 1.0.0.9 allows authenticated remote attackers to achieve complete system compromise through crafted input to the WrlclientSet endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw enables attackers with valid credentials to execute arbitrary code with full system privileges.
Stack overflow in Tenda FH451 firmware version 1.0.0.9 allows authenticated remote attackers to execute arbitrary code through improper input validation in the WrlExtraSet function. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw requires network access and valid credentials but can completely compromise the affected device's confidentiality, integrity, and availability.
Stack-based buffer overflow in Tenda A18 Pro MAC filtering configuration allows remote authenticated attackers to achieve full system compromise through manipulation of the deviceList parameter. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw impacts the /goform/setMacFilterCfg endpoint with a CVSS score of 8.8.
Remote code execution in Tenda A18 Pro firmware 02.03.02.28 allows authenticated attackers to achieve full system compromise through stack-based buffer overflow in the QoS configuration function. Public exploit code exists for this vulnerability and no patch is currently available, leaving deployed devices at immediate risk.
Stack-based buffer overflow in Tenda A18 Pro firmware version 02.03.02.28 allows remote attackers with low privileges to achieve complete system compromise through manipulation of the SetIpMacBind function arguments. Public exploit code exists for this vulnerability, and no patch is currently available. An authenticated attacker can execute arbitrary code remotely without user interaction, affecting confidentiality, integrity, and availability of affected devices.
Stack-based buffer overflow in Tenda A18 Pro firmware version 02.03.02.28 enables authenticated remote attackers to achieve code execution with high privileges through the setSchedWifi function. Public exploit code is available for this vulnerability, and no patch has been released, leaving affected devices exposed to active exploitation. An attacker with network access and valid credentials can trigger the overflow to compromise system integrity and confidentiality.
Stack-based buffer overflow in Tenda A18 Pro firmware version 02.03.02.28 allows authenticated remote attackers to achieve complete system compromise through the /goform/fast_setting_wifi_set endpoint. Public exploit code is available and actively being weaponized against this unpatched vulnerability. Attackers with network access and valid credentials can execute arbitrary code with full system privileges.
Remote code execution in Tenda AC8 firmware versions up to 16.03.50.11 results from a stack-based buffer overflow in the HTTP endpoint handling password change requests. An unauthenticated attacker can exploit this vulnerability over the network to execute arbitrary commands with full system privileges. Public exploit code exists for this vulnerability and no patch is currently available.
OS command injection in Tenda AC8 16.03.50.11 web interface allows authenticated remote attackers to execute arbitrary commands through the wans.policy.list1 parameter in the /cgi-bin/UploadCfg endpoint. Public exploit code exists for this vulnerability and no patch is currently available.
A critical authentication bypass vulnerability exists in Tenda AC8 router firmware version 16.03.50.11 where the IPv6 handler function check_is_ipv6 relies on IP address for authentication, allowing remote attackers to gain unauthorized access. The vulnerability has a publicly available proof-of-concept exploit on GitHub and scores 9.8 CVSS, enabling complete compromise of the affected device with no authentication required. While not currently listed in CISA KEV, the combination of public exploit availability and ease of exploitation makes this a high-priority vulnerability for organizations using affected Tenda routers.
Stack-based buffer overflow in Tenda i12 version 1.0.0.6(2204) allows remote authenticated attackers to achieve complete system compromise through improper input validation in the wifiSSIDget function. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can trigger the overflow via the index parameter to execute arbitrary code with elevated privileges.
Remote code execution in Tenda i12 firmware version 1.0.0.6(2204) via stack-based buffer overflow in the WifiMacFilterGet function allows authenticated attackers to achieve full system compromise. Public exploit code exists for this vulnerability, increasing risk of active exploitation. No patch is currently available.
Stack-based buffer overflow in Tenda i12 1.0.0.6(2204) allows remote attackers with user privileges to achieve complete system compromise through malicious input to the cmdinput parameter in /goform/exeCommand. Public exploit code exists for this vulnerability, and no patch is currently available to remediate the issue.
Remote code execution in Tenda W3 1.0.0.3(2204) via stack buffer overflow in the /goform/wifiSSIDset POST parameter handler allows authenticated attackers to achieve complete system compromise. The vulnerability exists in the index/GO parameter processing and can be exploited over the network without user interaction. Public exploit code is available for this vulnerability.
Stack-based buffer overflow in Tenda W3 1.0.0.3(2204) allows authenticated remote attackers to achieve code execution by manipulating the index parameter in POST requests to /goform/wifiSSIDget. Public exploit code exists for this vulnerability, and no patch is currently available.
Stack-based buffer overflow in Tenda W3 firmware version 1.0.0.3(2204) allows remote authenticated attackers to achieve complete system compromise through manipulation of the index/GO parameter in the /goform/WifiMacFilterSet POST handler. Public exploit code is available for this vulnerability, increasing the risk of active exploitation. No patch is currently available.
Stack-based buffer overflow in Tenda W3 1.0.0.3(2204) allows authenticated remote attackers to achieve full system compromise through manipulation of the wl_radio parameter in the WifiMacFilterGet POST handler. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available.
Stack-based buffer overflow in Tenda W3 1.0.0.3(2204) HTTP handler allows authenticated remote attackers to execute arbitrary code by sending a crafted request to the /goform/exeCommand endpoint with an oversized cmdinput parameter. Public exploit code exists for this vulnerability, and no patch is currently available.
Stack-based buffer overflow in Tenda W3 firmware version 1.0.0.3(2204) allows authenticated remote attackers to achieve complete system compromise through malicious ping parameters sent to the /goform/setAutoPing endpoint. Public exploit code is available for this vulnerability, increasing the risk of active exploitation. No patch is currently available, leaving affected devices exposed without mitigation options.
Stack-based buffer overflow in Tenda W3 firmware 1.0.0.3(2204) HTTP handler allows adjacent network attackers to achieve remote code execution without authentication. The vulnerability resides in the formSetCfm function's handling of the funcpara1 parameter at /goform/setcfm. Public exploit code is available on GitHub, though EPSS probability remains low at 0.03% (7th percentile), indicating limited real-world exploitation activity. CISA KEV does not list this vulnerability, suggesting no confirmed widespread or targeted exploitation campaigns.
Stack-based buffer overflow in Tenda i3 firmware version 1.0.0.6(2204) allows authenticated remote attackers to achieve full system compromise through the SSID configuration endpoint. The vulnerability exists in the formwrlSSIDset function due to improper input validation on the index/GO parameter, and public exploit code is available. No patch is currently available, making this a critical risk for affected network devices.
Stack-based buffer overflow in Tenda i3 1.0.0.6(2204) allows remote authenticated attackers to achieve complete system compromise through manipulation of the index parameter in the wifiSSIDget function. Public exploit code exists for this vulnerability, and no patch is currently available.
Tenda G1V3.1si V16.01.7.8 Firmware V16.01.7.8 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root. [CVSS 8.4 HIGH]
Tenda i24V3.0si V3.0.0.5 Firmware V3.0.0.5 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root. [CVSS 8.4 HIGH]
Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formGetIptv function and the list parameter, which can cause memory corruption and enable remote code execution. [CVSS 7.5 HIGH]
An issue was discovered in /goform/WifiWpsStart in Tenda AC6V2.0 V15.03.06.23_multi. The index and mode are controllable. [CVSS 7.5 HIGH]
Tenda FH1203 V2.0.1.6 contains a stack-based buffer overflow vulnerability in the modify_add_client_prio function, which is reachable via the formSetClientPrio CGI handler. [CVSS 7.5 HIGH]
Stack buffer overflow in Tenda A18 15.13.07.13 firmware allows authenticated remote attackers to execute arbitrary code through malformed boundary parameters in the /cgi-bin/UploadCfg HTTP endpoint. The vulnerability affects the webCgiGetUploadFile function within the Httpd service and has public exploit code available. Affected users should apply patches when available, as the vulnerability requires valid credentials but no user interaction.
Command injection in Tenda HG10 firmware allows remote attackers with high privileges to execute arbitrary system commands via the sysCmd parameter in /boaform/formSysCmd. Public exploit code exists for this vulnerability, and no patch is currently available. An authenticated attacker can exploit this to achieve limited unauthorized access and potential system compromise.
Command injection in Tenda HG10 firmware's login interface allows unauthenticated remote attackers to execute arbitrary commands by manipulating the Host parameter in the checkUserFromLanOrWan function. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires no user interaction and can fully compromise affected devices through remote code execution.
Hg10 Firmware versions up to - contains a vulnerability that allows attackers to command injection (CVSS 7.3).
Command injection in Tenda AC21 firmware versions 1.1.1.1/1.dmzip/16.03.08.16 allows authenticated remote attackers to execute arbitrary commands via the dmzIp parameter in the mDMZSetCfg function. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available.
Tenda AX3 firmware has another stack-based buffer overflow in formGetIptv through a different input path, enabling remote code execution.
Tenda AX3 firmware has a third stack-based buffer overflow in formGetIptv, allowing unauthenticated remote code execution through the router's web interface.
Tenda AX3 firmware has a second stack overflow in formSetIptv via the vlanId parameter, allowing remote code execution through the IPTV configuration endpoint.
Tenda AX3 firmware v16.03.12.11 has a stack overflow in formSetIptv via the list parameter, enabling remote attackers to crash the router or execute arbitrary code.
Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in the security_5g parameter of the sub_727F4 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in the security parameter of the sub_72290 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the time parameter of the sub_60CFC function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow in the ssid parameter of the form_fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the deviceList parameter of the formSetMacFilterCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the deviceList parameter of the formSetWifiMacFilterCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the security parameter of the sub_4C408 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the timeZone parameter of the fromSetSysTime function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the mac parameter of the sub_65B5C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the wanSpeed parameter of the sub_65B5C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the cloneType parameter of the sub_65B5C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the serverName parameter of the sub_65A28 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the serviceName parameter of the sub_65A28 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanMTU2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanSpeed2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the cloneType2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the serviceName2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the mac2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the security_5g parameter of the sub_4CA50 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Ac1206 Firmware versions up to 15.03.06.23 contains a vulnerability that allows attackers to command injection (CVSS 6.3).
Hard-coded credentials in the shadow file component of multiple Tenda network devices (i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G, TEG5328F) allow local authenticated attackers to gain high-privilege access. Public exploit code is available on GitHub, enabling authentication bypass on devices running firmware versions up to 65.10.15.6. The CWE-259 classification indicates credentials embedded in firmware that cannot be changed through normal configuration. With EPSS data unavailable and no CISA KEV listing, this appears to affect primarily SOHO and small business deployments where local access may be obtained through social engineering or physical access.
A vulnerability was found in Tenda W6-S 1.0.0.4(510). This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing a manipulation results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used.
A weakness has been identified in Tenda CH22 1.0.0.1. Impacted is an unknown function of the file /public/. Executing a manipulation can lead to path traversal. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
A vulnerability was determined in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/CheckTools of the component HTTP Request Handler. Executing a manipulation of the argument ipaddress can lead to command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
A vulnerability was detected in Tenda WH450 1.0.0.18. This affects an unknown part of the file /goform/L7Port of the component HTTP Request Handler. Performing a manipulation of the argument page results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.
Weak cryptographic hashing in the image_check function of Tenda AX9 firmware 22.03.01.46 allows remote attackers to compromise firmware integrity validation without authentication. The vulnerability has a CVSS score of 2.9 (very low severity) and publicly available exploit code exists, but the high attack complexity and difficult exploitability rating indicate practical barriers to successful exploitation. Real-world risk is minimal: while the vulnerability permits information disclosure related to hash values, it does not enable remote code execution or device takeover.
Tenda AX3 v16.03.12.11 contains a stack overflow in formSetIptv via the iptvType parameter, which can cause memory corruption and enable remote code execution (RCE).
Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the deviceId parameter in /goform/saveParentControlInfo. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the urls parameter of /goform/saveParentControlInfo. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the rebootTime parameter of /goform/SetSysAutoRebbotCfg. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Stack-based buffer overflow in Tenda CH22 router firmware version 1.0.0.1 allows authenticated remote attackers to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. The vulnerability resides in the formQuickIndex function's handling of the mit_linktype parameter in the /goform/QuickIndex endpoint. Publicly available exploit code exists on GitHub, significantly lowering the barrier to exploitation. With a CVSS score of 8.8 and low attack complexity requiring only low-privilege authentication, this represents a critical risk to deployed Tenda CH22 devices, though CISA KEV status is not confirmed.
Stack-based buffer overflow in Tenda CH22 router (version 1.0.0.1) allows authenticated remote attackers to achieve code execution or denial of service via the wanmode parameter in the /goform/AdvSetWan endpoint. Public exploit code exists (GitHub POC), significantly lowering exploitation barriers. CVSS 7.4 reflects network-accessible attack requiring only low-privilege authentication, with high impact to confidentiality, integrity, and availability.
Stack-based buffer overflow in Tenda CH22 router (versions 1.0.0.1 and 1.If) allows authenticated remote attackers to achieve code execution via crafted 'funcname' parameter to the /goform/setcfm endpoint. Publicly available exploit code exists (GitHub POC), significantly lowering exploitation barrier. CVSS 7.4 with low attack complexity and authenticated remote vector indicates moderate risk for targeted attacks against devices with compromised credentials.
Command injection in Tenda CH22 1.0.0.1 via the FormWriteFacMac function allows authenticated remote attackers to execute arbitrary commands by manipulating the mac parameter in the /goform/WriteFacMac endpoint. Publicly available exploit code exists for this vulnerability, which carries a CVSS score of 6.3 and requires low-privilege authentication to trigger.
Stack-based buffer overflow in Tenda CH22 router version 1.0.0.1 allows authenticated remote attackers to achieve arbitrary code execution via the formCreateFileName function. The vulnerability resides in the /goform/createFileName endpoint where insufficient input validation of the 'fileNameMit' parameter enables memory corruption. Publicly available exploit code exists on GitHub, significantly lowering the barrier to exploitation. While requiring low-privilege authentication (PR:L), the attack complexity is low (AC:L) and can be executed remotely over the network.
Stack-based buffer overflow in Tenda FH1201 router firmware 1.2.0.14(408) allows authenticated remote attackers to execute arbitrary code or cause denial of service via crafted 'GO' parameter to the /goform/WrlExtraSet endpoint. CVSS 8.8 reflects high impact but requires low-privilege authentication (PR:L). Publicly available exploit code exists, demonstrating concrete exploitability. EPSS data not provided, but the combination of available POC and network accessibility elevates real-world risk for internet-exposed devices with default or weak credentials.
Stack-based buffer overflow in Tenda FH1201 router (v1.2.0.14) enables remote authenticated attackers to execute arbitrary code via the WrlclientSet function. Exploitation requires only low-privilege credentials (CVSS PR:L) and has low attack complexity (AC:L), with publicly available exploit code on GitHub. CVSS 8.8 reflects high impact across confidentiality, integrity, and availability. No vendor patch identified at time of analysis, creating urgent risk for deployed devices.
Stack-based buffer overflow in Tenda 4G06 router firmware version 04.06.01.29 allows authenticated remote attackers to achieve arbitrary code execution with high impact to confidentiality, integrity, and availability. The vulnerability resides in the fromDhcpListClient function accessible via the /goform/DhcpListClient endpoint, triggered by manipulating the 'page' parameter. Publicly available exploit code exists (GitHub PoC published), significantly lowering the barrier to exploitation. CVSS 8.8 (High) reflects network-based attack vector with low complexity, though low-privilege authentication is required. Not currently listed in CISA KEV, indicating no confirmed widespread active exploitation at time of analysis.
Stack-based buffer overflow in Tenda F453 router firmware 1.0.0.3 allows authenticated remote attackers to execute arbitrary code or crash the device via the PPTP user configuration interface. The vulnerability resides in the fromPPTPUserSetting function within the httpd component, triggered by manipulating the 'delno' parameter. Publicly available exploit code exists (GitHub), significantly lowering exploitation barriers. CVSS 8.8 reflects high impact across confidentiality, integrity, and availability, though authentication is required (PR:L). EPSS data not provided, but public POC availability elevates real-world risk for exposed management interfaces.
Stack-based buffer overflow in Tenda AC15 router firmware 15.03.05.19 enables remote authenticated attackers to achieve code execution via the formSetCfm function. The vulnerability is triggered through POST requests to /goform/setcfm by manipulating the funcpara1 parameter. A publicly available exploit code exists, significantly lowering the barrier to exploitation for attackers with low-privilege credentials.
Stack-based buffer overflow in Tenda AC7 router firmware 15.03.06.44 allows authenticated remote attackers to execute arbitrary code via crafted Time parameter to /goform/SetSysTimeCfg endpoint. Publicly available exploit code exists. EPSS data not available, but exploitation requires low attack complexity with network access and low privileges (CVSS:4.0 AV:N/AC:L/PR:L). This is a critical pre-authentication boundary issue in consumer router infrastructure with confirmed POC, warranting immediate patching for affected deployments.
Remote attackers with low-level authentication can execute arbitrary code on Tenda AC6 routers running firmware version 15.03.05.16 by exploiting a stack-based buffer overflow in the formQuickIndex function via crafted PPPOEPassword parameters in POST requests to /goform/QuickIndex. Publicly available exploit code exists, demonstrating practical exploitation of this critical vulnerability with CVSS 8.8 (High severity, network-accessible, low complexity). The vulnerability is tracked as CWE-121 and poses immediate risk to exposed devices.
Stack-based buffer overflow in Tenda AC6 router firmware version 15.03.05.16 enables authenticated remote attackers to achieve code execution with high impact to confidentiality, integrity, and availability. The vulnerability resides in the fromWizardHandle function handling POST requests to /goform/WizardHandle, exploitable by manipulating WANT/WANS parameters. Publicly available exploit code exists, demonstrating the attack technique via a detailed proof-of-concept published on Notion. With a CVSS score of 8.8 and low attack complexity, this represents a significant risk to affected devices despite requiring low-privilege authentication.
Remote attackers with low-level authentication can trigger stack-based buffer overflow in Tenda AC5 router firmware version 15.03.06.47 via the WizardHandle POST request handler, potentially achieving arbitrary code execution with high impact to confidentiality, integrity, and availability. Publicly available exploit code exists, as confirmed by multiple references including a detailed proof-of-concept document on Notion. The CVSS score of 8.8 reflects network-based attack vector with low complexity and no user interaction required, while the temporal score indicates proof-of-concept exploitation capability.
Remote authenticated attackers can execute arbitrary code on Tenda AC5 routers (firmware version 15.03.06.47) by exploiting a stack-based buffer overflow in the WPS configuration handler. The vulnerability resides in the formWifiWpsOOB function handling POST requests to /goform/WifiWpsOOB, where insufficient validation of the 'index' parameter allows memory corruption. A publicly available exploit code exists (CVSS 8.8, EPSS data not provided), enabling authenticated attackers with low-privilege access to achieve complete device compromise with high impact on confidentiality, integrity, and availability.
Stack-based buffer overflow in Tenda AC5 router firmware version 15.03.06.47 enables remote authenticated attackers to achieve arbitrary code execution with high impact to confidentiality, integrity, and availability. The vulnerability resides in the formSetCfm function's handling of the funcpara1 parameter in POST requests to /goform/setcfm. A publicly available exploit exists with proof-of-concept code disclosed through VulDB and documented in detailed technical write-ups, significantly lowering the barrier to exploitation for threat actors targeting vulnerable devices.
Remote attackers with low-level credentials can execute arbitrary code on Tenda AC5 wireless routers running firmware version 15.03.06.47 by exploiting a stack-based buffer overflow in the formQuickIndex function via a crafted PPPOEPassword parameter in POST requests to /goform/QuickIndex. Publicly available exploit code exists, including detailed proof-of-concept documentation published on Notion, elevating immediate risk for devices exposed to authenticated network users. The CVSS score of 8.8 reflects high impact across confidentiality, integrity, and availability with network-based attack vector and low complexity.
Remote attackers with low-level authentication can achieve full system compromise on Tenda AC5 routers running firmware version 15.03.06.47 by exploiting a stack-based buffer overflow in the addressNat POST request handler. The fromAddressNat function fails to validate the 'page' parameter, enabling memory corruption that leads to high confidentiality, integrity, and availability impact (CVSS 8.8). Publicly available exploit code exists, significantly lowering the barrier to exploitation.
Stack-based buffer overflow in Tenda A15 router firmware version 15.13.07.13 allows unauthenticated remote attackers to achieve complete system compromise through a malicious file upload to the UploadCfg function. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires no user interaction and can be executed over the network with trivial complexity.
Buffer overflow in Tenda AC21 firmware version 16.03.08.16 allows authenticated remote attackers to achieve complete system compromise through crafted QoS configuration requests to the SetNetControlList endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials can execute arbitrary code with full system privileges (confidentiality, integrity, and availability impact).
Unauthenticated attackers can execute arbitrary commands on Tenda F453 routers (version 1.0.0.3) by injecting malicious input through the mac parameter in the /goform/WriteFacMac endpoint. Public exploit code exists for this vulnerability, enabling remote code execution with minimal attack complexity. A patch is not currently available.
Tenda F453 1.0.0.3 contains a stack-based buffer overflow in the Natlimit parameter handler that allows authenticated remote attackers to achieve full system compromise through a malicious page argument. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can trigger the overflow to execute arbitrary code with high integrity and confidentiality impact.
Stack-based buffer overflow in Tenda F453 firmware version 1.0.0.3 allows remote attackers to achieve complete system compromise through manipulation of the page parameter in the VirtualSer handler. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access can execute arbitrary code with high impact on confidentiality, integrity, and availability.
Tenda F453 version 1.0.0.3 contains a stack-based buffer overflow in the SafeClientFilter parameter handler that allows authenticated remote attackers to execute arbitrary code by manipulating the manufacturer/Go argument. Public exploit code exists for this vulnerability and no patch is currently available, creating significant risk for affected deployments.
Stack-based buffer overflow in Tenda FH451 1.0.0.9 allows authenticated remote attackers to achieve complete system compromise through crafted input to the WrlclientSet endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw enables attackers with valid credentials to execute arbitrary code with full system privileges.
Stack overflow in Tenda FH451 firmware version 1.0.0.9 allows authenticated remote attackers to execute arbitrary code through improper input validation in the WrlExtraSet function. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw requires network access and valid credentials but can completely compromise the affected device's confidentiality, integrity, and availability.
Stack-based buffer overflow in Tenda A18 Pro MAC filtering configuration allows remote authenticated attackers to achieve full system compromise through manipulation of the deviceList parameter. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw impacts the /goform/setMacFilterCfg endpoint with a CVSS score of 8.8.
Remote code execution in Tenda A18 Pro firmware 02.03.02.28 allows authenticated attackers to achieve full system compromise through stack-based buffer overflow in the QoS configuration function. Public exploit code exists for this vulnerability and no patch is currently available, leaving deployed devices at immediate risk.
Stack-based buffer overflow in Tenda A18 Pro firmware version 02.03.02.28 allows remote attackers with low privileges to achieve complete system compromise through manipulation of the SetIpMacBind function arguments. Public exploit code exists for this vulnerability, and no patch is currently available. An authenticated attacker can execute arbitrary code remotely without user interaction, affecting confidentiality, integrity, and availability of affected devices.
Stack-based buffer overflow in Tenda A18 Pro firmware version 02.03.02.28 enables authenticated remote attackers to achieve code execution with high privileges through the setSchedWifi function. Public exploit code is available for this vulnerability, and no patch has been released, leaving affected devices exposed to active exploitation. An attacker with network access and valid credentials can trigger the overflow to compromise system integrity and confidentiality.
Stack-based buffer overflow in Tenda A18 Pro firmware version 02.03.02.28 allows authenticated remote attackers to achieve complete system compromise through the /goform/fast_setting_wifi_set endpoint. Public exploit code is available and actively being weaponized against this unpatched vulnerability. Attackers with network access and valid credentials can execute arbitrary code with full system privileges.
Remote code execution in Tenda AC8 firmware versions up to 16.03.50.11 results from a stack-based buffer overflow in the HTTP endpoint handling password change requests. An unauthenticated attacker can exploit this vulnerability over the network to execute arbitrary commands with full system privileges. Public exploit code exists for this vulnerability and no patch is currently available.
OS command injection in Tenda AC8 16.03.50.11 web interface allows authenticated remote attackers to execute arbitrary commands through the wans.policy.list1 parameter in the /cgi-bin/UploadCfg endpoint. Public exploit code exists for this vulnerability and no patch is currently available.
A critical authentication bypass vulnerability exists in Tenda AC8 router firmware version 16.03.50.11 where the IPv6 handler function check_is_ipv6 relies on IP address for authentication, allowing remote attackers to gain unauthorized access. The vulnerability has a publicly available proof-of-concept exploit on GitHub and scores 9.8 CVSS, enabling complete compromise of the affected device with no authentication required. While not currently listed in CISA KEV, the combination of public exploit availability and ease of exploitation makes this a high-priority vulnerability for organizations using affected Tenda routers.
Stack-based buffer overflow in Tenda i12 version 1.0.0.6(2204) allows remote authenticated attackers to achieve complete system compromise through improper input validation in the wifiSSIDget function. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can trigger the overflow via the index parameter to execute arbitrary code with elevated privileges.
Remote code execution in Tenda i12 firmware version 1.0.0.6(2204) via stack-based buffer overflow in the WifiMacFilterGet function allows authenticated attackers to achieve full system compromise. Public exploit code exists for this vulnerability, increasing risk of active exploitation. No patch is currently available.
Stack-based buffer overflow in Tenda i12 1.0.0.6(2204) allows remote attackers with user privileges to achieve complete system compromise through malicious input to the cmdinput parameter in /goform/exeCommand. Public exploit code exists for this vulnerability, and no patch is currently available to remediate the issue.
Remote code execution in Tenda W3 1.0.0.3(2204) via stack buffer overflow in the /goform/wifiSSIDset POST parameter handler allows authenticated attackers to achieve complete system compromise. The vulnerability exists in the index/GO parameter processing and can be exploited over the network without user interaction. Public exploit code is available for this vulnerability.
Stack-based buffer overflow in Tenda W3 1.0.0.3(2204) allows authenticated remote attackers to achieve code execution by manipulating the index parameter in POST requests to /goform/wifiSSIDget. Public exploit code exists for this vulnerability, and no patch is currently available.
Stack-based buffer overflow in Tenda W3 firmware version 1.0.0.3(2204) allows remote authenticated attackers to achieve complete system compromise through manipulation of the index/GO parameter in the /goform/WifiMacFilterSet POST handler. Public exploit code is available for this vulnerability, increasing the risk of active exploitation. No patch is currently available.
Stack-based buffer overflow in Tenda W3 1.0.0.3(2204) allows authenticated remote attackers to achieve full system compromise through manipulation of the wl_radio parameter in the WifiMacFilterGet POST handler. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available.
Stack-based buffer overflow in Tenda W3 1.0.0.3(2204) HTTP handler allows authenticated remote attackers to execute arbitrary code by sending a crafted request to the /goform/exeCommand endpoint with an oversized cmdinput parameter. Public exploit code exists for this vulnerability, and no patch is currently available.
Stack-based buffer overflow in Tenda W3 firmware version 1.0.0.3(2204) allows authenticated remote attackers to achieve complete system compromise through malicious ping parameters sent to the /goform/setAutoPing endpoint. Public exploit code is available for this vulnerability, increasing the risk of active exploitation. No patch is currently available, leaving affected devices exposed without mitigation options.
Stack-based buffer overflow in Tenda W3 firmware 1.0.0.3(2204) HTTP handler allows adjacent network attackers to achieve remote code execution without authentication. The vulnerability resides in the formSetCfm function's handling of the funcpara1 parameter at /goform/setcfm. Public exploit code is available on GitHub, though EPSS probability remains low at 0.03% (7th percentile), indicating limited real-world exploitation activity. CISA KEV does not list this vulnerability, suggesting no confirmed widespread or targeted exploitation campaigns.
Stack-based buffer overflow in Tenda i3 firmware version 1.0.0.6(2204) allows authenticated remote attackers to achieve full system compromise through the SSID configuration endpoint. The vulnerability exists in the formwrlSSIDset function due to improper input validation on the index/GO parameter, and public exploit code is available. No patch is currently available, making this a critical risk for affected network devices.
Stack-based buffer overflow in Tenda i3 1.0.0.6(2204) allows remote authenticated attackers to achieve complete system compromise through manipulation of the index parameter in the wifiSSIDget function. Public exploit code exists for this vulnerability, and no patch is currently available.
Tenda G1V3.1si V16.01.7.8 Firmware V16.01.7.8 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root. [CVSS 8.4 HIGH]
Tenda i24V3.0si V3.0.0.5 Firmware V3.0.0.5 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root. [CVSS 8.4 HIGH]
Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formGetIptv function and the list parameter, which can cause memory corruption and enable remote code execution. [CVSS 7.5 HIGH]
An issue was discovered in /goform/WifiWpsStart in Tenda AC6V2.0 V15.03.06.23_multi. The index and mode are controllable. [CVSS 7.5 HIGH]
Tenda FH1203 V2.0.1.6 contains a stack-based buffer overflow vulnerability in the modify_add_client_prio function, which is reachable via the formSetClientPrio CGI handler. [CVSS 7.5 HIGH]
Stack buffer overflow in Tenda A18 15.13.07.13 firmware allows authenticated remote attackers to execute arbitrary code through malformed boundary parameters in the /cgi-bin/UploadCfg HTTP endpoint. The vulnerability affects the webCgiGetUploadFile function within the Httpd service and has public exploit code available. Affected users should apply patches when available, as the vulnerability requires valid credentials but no user interaction.
Command injection in Tenda HG10 firmware allows remote attackers with high privileges to execute arbitrary system commands via the sysCmd parameter in /boaform/formSysCmd. Public exploit code exists for this vulnerability, and no patch is currently available. An authenticated attacker can exploit this to achieve limited unauthorized access and potential system compromise.
Command injection in Tenda HG10 firmware's login interface allows unauthenticated remote attackers to execute arbitrary commands by manipulating the Host parameter in the checkUserFromLanOrWan function. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires no user interaction and can fully compromise affected devices through remote code execution.
Hg10 Firmware versions up to - contains a vulnerability that allows attackers to command injection (CVSS 7.3).
Command injection in Tenda AC21 firmware versions 1.1.1.1/1.dmzip/16.03.08.16 allows authenticated remote attackers to execute arbitrary commands via the dmzIp parameter in the mDMZSetCfg function. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available.
Tenda AX3 firmware has another stack-based buffer overflow in formGetIptv through a different input path, enabling remote code execution.
Tenda AX3 firmware has a third stack-based buffer overflow in formGetIptv, allowing unauthenticated remote code execution through the router's web interface.
Tenda AX3 firmware has a second stack overflow in formSetIptv via the vlanId parameter, allowing remote code execution through the IPTV configuration endpoint.
Tenda AX3 firmware v16.03.12.11 has a stack overflow in formSetIptv via the list parameter, enabling remote attackers to crash the router or execute arbitrary code.
Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in the security_5g parameter of the sub_727F4 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in the security parameter of the sub_72290 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the time parameter of the sub_60CFC function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow in the ssid parameter of the form_fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the deviceList parameter of the formSetMacFilterCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the deviceList parameter of the formSetWifiMacFilterCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the security parameter of the sub_4C408 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the timeZone parameter of the fromSetSysTime function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the mac parameter of the sub_65B5C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the wanSpeed parameter of the sub_65B5C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the cloneType parameter of the sub_65B5C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the serverName parameter of the sub_65A28 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the serviceName parameter of the sub_65A28 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanMTU2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanSpeed2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the cloneType2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the serviceName2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the mac2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the security_5g parameter of the sub_4CA50 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Ac1206 Firmware versions up to 15.03.06.23 contains a vulnerability that allows attackers to command injection (CVSS 6.3).
Hard-coded credentials in the shadow file component of multiple Tenda network devices (i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G, TEG5328F) allow local authenticated attackers to gain high-privilege access. Public exploit code is available on GitHub, enabling authentication bypass on devices running firmware versions up to 65.10.15.6. The CWE-259 classification indicates credentials embedded in firmware that cannot be changed through normal configuration. With EPSS data unavailable and no CISA KEV listing, this appears to affect primarily SOHO and small business deployments where local access may be obtained through social engineering or physical access.
A vulnerability was found in Tenda W6-S 1.0.0.4(510). This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing a manipulation results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used.
A weakness has been identified in Tenda CH22 1.0.0.1. Impacted is an unknown function of the file /public/. Executing a manipulation can lead to path traversal. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
A vulnerability was determined in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/CheckTools of the component HTTP Request Handler. Executing a manipulation of the argument ipaddress can lead to command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
A vulnerability was detected in Tenda WH450 1.0.0.18. This affects an unknown part of the file /goform/L7Port of the component HTTP Request Handler. Performing a manipulation of the argument page results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.
Weak cryptographic hashing in the image_check function of Tenda AX9 firmware 22.03.01.46 allows remote attackers to compromise firmware integrity validation without authentication. The vulnerability has a CVSS score of 2.9 (very low severity) and publicly available exploit code exists, but the high attack complexity and difficult exploitability rating indicate practical barriers to successful exploitation. Real-world risk is minimal: while the vulnerability permits information disclosure related to hash values, it does not enable remote code execution or device takeover.
Tenda AX3 v16.03.12.11 contains a stack overflow in formSetIptv via the iptvType parameter, which can cause memory corruption and enable remote code execution (RCE).
Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the deviceId parameter in /goform/saveParentControlInfo. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the urls parameter of /goform/saveParentControlInfo. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the rebootTime parameter of /goform/SetSysAutoRebbotCfg. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.