Skip to main content

Tenda

1818 CVEs vendor

Monthly

CVE-2018-18706 HIGH POC This Week

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac7 Firmware Ac9 Firmware Ac10 Firmware +2
NVD GitHub
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-16334 HIGH POC This Week

An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Ac10 Firmware Ac9 Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
3.6%
CVE-2018-16333 HIGH POC This Week

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac18 Firmware Ac15 Firmware Ac10 Firmware +2
NVD GitHub
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-14497 MEDIUM POC This Month

Tenda D152 ADSL routers allow XSS via a crafted SSID. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tenda D152 Firmware
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
1.6%
CVE-2018-14492 HIGH POC This Week

Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac7 Firmware Ac9 Firmware +3
NVD GitHub
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-5768 CRITICAL Act Now

A remote, unauthenticated attacker can gain remote code execution on the the Tenda AC15 router with a specially crafted password parameter for the COOKIE header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Tenda Ac15 Firmware
NVD
CVSS 3.0
9.8
EPSS
3.6%
CVE-2018-5770 CRITICAL POC Act Now

An issue was discovered on Tenda AC15 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tenda Ac15 Firmware
NVD
CVSS 3.0
9.8
EPSS
2.8%
CVE-2018-7561 CRITICAL POC Act Now

Stack-based Buffer Overflow in httpd on Tenda AC9 devices V15.03.05.14_EN allows remote attackers to cause a denial of service or possibly have unspecified other impact. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Tenda Ac9 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-5767 CRITICAL POC THREAT Act Now

An issue was discovered on Tenda AC15 V15.03.1.16_multi devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Tenda Ac15 Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
48.0%
CVE-2017-16936 MEDIUM POC This Month

Directory Traversal vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Tenda Ac9 Firmware Ac15 Firmware Ac18 Firmware
NVD GitHub
CVSS 3.0
6.5
EPSS
0.8%
CVE-2017-16923 HIGH POC This Week

Command Injection vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Ac9 Firmware Ac15 Firmware Ac18 Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
3.5%
CVE-2017-14515 HIGH This Week

Heap-based Buffer Overflow on Tenda W15E devices before 15.11.0.14 allows remote attackers to cause a denial of service (temporary HTTP outage and forced logout) via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Tenda W15e Firmware
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-14514 HIGH This Week

Directory Traversal on Tenda W15E devices before 15.11.0.14 allows remote attackers to read unencrypted files via a crafted URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Tenda W15e Firmware
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-9139 LOW Monitor

There is a stack-based buffer overflow on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Tenda F1200 Firmware Fh1202 Firmware F1202 Firmware
NVD
CVSS 3.0
3.5
EPSS
0.1%
CVE-2017-9138 HIGH This Week

There is a debug-interface vulnerability on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Tenda F1200 Firmware Fh1202 Firmware F1202 Firmware
NVD
CVSS 3.0
8.0
EPSS
0.1%
CVE-2015-5995 CRITICAL POC THREAT Emergency

Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote attackers to obtain administrative access via a certain admin substring in an HTTP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 38.2%.

Privilege Escalation Tenda N3 Wireless N150 Medialink Mwn Wapr300N Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
38.2%
Threat
4.6
CVE-2014-7281 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Tenda A32 Firmware A32
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.3%
CVE-2014-5246 CRITICAL POC THREAT Emergency

The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_CN allows remote attackers to bypass authentication and gain administrator access by setting the admin:language cookie to zh-cn. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 23.8%.

Privilege Escalation Tenda A5S Firmware A5S
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
23.8%
Threat
4.2
EPSS 1% CVSS 7.5
HIGH POC This Week

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac7 Firmware +4
NVD GitHub
EPSS 4% CVSS 8.8
HIGH POC This Week

An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Ac10 Firmware +1
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac18 Firmware +4
NVD GitHub
EPSS 2% CVSS 5.4
MEDIUM POC This Month

Tenda D152 ADSL routers allow XSS via a crafted SSID. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tenda D152 Firmware
NVD Exploit-DB
EPSS 1% CVSS 7.5
HIGH POC This Week

Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda +5
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL Act Now

A remote, unauthenticated attacker can gain remote code execution on the the Tenda AC15 router with a specially crafted password parameter for the COOKIE header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Tenda +1
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered on Tenda AC15 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tenda Ac15 Firmware
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Stack-based Buffer Overflow in httpd on Tenda AC9 devices V15.03.05.14_EN allows remote attackers to cause a denial of service or possibly have unspecified other impact. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 48% CVSS 9.8
CRITICAL POC THREAT Act Now

An issue was discovered on Tenda AC15 V15.03.1.16_multi devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Tenda Ac15 Firmware
NVD Exploit-DB
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Directory Traversal vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Tenda Ac9 Firmware +2
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC This Week

Command Injection vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection Ac9 Firmware +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

Heap-based Buffer Overflow on Tenda W15E devices before 15.11.0.14 allows remote attackers to cause a denial of service (temporary HTTP outage and forced logout) via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Tenda +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Directory Traversal on Tenda W15E devices before 15.11.0.14 allows remote attackers to read unencrypted files via a crafted URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Tenda W15e Firmware
NVD
EPSS 0% CVSS 3.5
LOW Monitor

There is a stack-based buffer overflow on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Tenda F1200 Firmware +2
NVD
EPSS 0% CVSS 8.0
HIGH This Week

There is a debug-interface vulnerability on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Tenda F1200 Firmware +2
NVD
EPSS 38% 4.6 CVSS 9.8
CRITICAL POC THREAT Emergency

Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote attackers to obtain administrative access via a certain admin substring in an HTTP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 38.2%.

Privilege Escalation Tenda N3 Wireless N150 +1
NVD Exploit-DB
EPSS 0% CVSS 6.8
MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Tenda A32 Firmware +1
NVD Exploit-DB
EPSS 24% 4.2 CVSS 10.0
CRITICAL POC THREAT Emergency

The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_CN allows remote attackers to bypass authentication and gain administrator access by setting the admin:language cookie to zh-cn. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 23.8%.

Privilege Escalation Tenda A5S Firmware +1
NVD Exploit-DB
Prev Page 21 of 21

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy