Tenda

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the delDhcpIndex parameter in the formDelDhcpRule function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain multiple stack overflows in the formIPMacBindModify function via the ruleId, ip, mac, v6 and remark parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the dhcpIndex parameter in the addDhcpRule function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain multiple stack overflows in the formSetDebugCfg function via the pEnable, pLevel, and pModule parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the listStr parameter in the ipMacBindListStore function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability was detected in Tenda AC20 up to 16.03.08.12. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda AC8 v16.03.34.06 is vulnerable to Buffer Overflow in the formWifiBasicSet function via the parameter security or security_5g. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability was determined in Tenda CP6 11.10.00.243. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

A vulnerability was identified in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

A vulnerability was determined in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

A vulnerability was determined in Tenda F1202 1.2.0.9/1.2.0.14/1.2.0.20. Rated low severity (CVSS 1.8). No vendor patch available.

A weakness has been identified in Tenda AC20 16.03.08.05. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

A security vulnerability has been detected in Tenda W12 up to 3.0.0.6(3948). Rated low severity (CVSS 1.8). No vendor patch available.

A vulnerability was determined in Tenda CH22 1.0.0.1. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

A security flaw has been discovered in code-projects Human Resource Integrated System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability was determined in Tenda AC9 15.03.05.19. Rated low severity (CVSS 2.0). No vendor patch available.

A security vulnerability has been detected in Tenda AC21 and AC23 16.03.08.16. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

An input validation flaw in the 'ate' service of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 to escalate privileges to root via a crafted UDP packet. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Incorrect access control in the endpoint /goform/ate of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 allows attackers to escalate privileges or access sensitive components via a crafted request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tenda AC10 v4.0 firmware v16.03.10.20 was discovered to contain a stack overflow via the function get_parentControl_list_Info. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the security_5g parameter in the function sub_46284C. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the Password parameter in the function R7WebsSecurityHandler. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

An issue was discovered in Tenda AC8 v4.0 AC1200 Dual-band Gigabit Wireless Router AC8v4.0 Firmware 16.03.33.05. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability was detected in Tenda AC1206 15.03.06.23. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

A flaw has been found in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda O3V2 1.0.0.12(3880) is vulnerable to Buffer Overflow in the fromSafeSetMacFilter function via the mac parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromAdvSetMacMtuWan function via the serverName parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the saveParentControlInfo function via the deviceName parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromSetSysTime function via the ntpServer parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability was found in Tenda AC10 16.03.10.13. Rated low severity (CVSS 2.0). Public exploit code available and no vendor patch available.

Tenda AC15 v15.03.05.19_multi_TD01 has a stack overflow via the list parameter in the fromSetIpMacBind function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability has been found in Tenda M3 1.0.0.12. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

A flaw has been found in Tenda M3 1.0.0.12. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability was detected in Tenda i22 1.0.0.3(4687). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the time parameter in the fromSetSysTime function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda AC6 V15.03.06.23_multi is vulnerable to Buffer Overflow in the formSetCfm function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda AC6 V15.03.06.23_multi has a stack overflow vulnerability via the deviceName parameter in the saveParentControlInfo function. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the ntpServer parameter in the fromSetSysTime function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Tenda AC6 V15.03.06.23_multi is vulnerable to Buffer Overflow in the function formSetMacFilterCfg via the parameters macFilterType and deviceList. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

A stack-based buffer overflow vulnerability exists in the Cloud API functionality of Tenda AC6 V5.0 V02.03.01.110. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

A firmware update vulnerability exists in the Firmware Signature Validation functionality of Tenda AC6 V5.0 V02.03.01.110. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

A denial of service vulnerability exists in the HTTP Header Parsing functionality of Tenda AC6 V5.0 V02.03.01.110. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

An authentication bypass vulnerability exists in the HTTP authentication functionality of Tenda AC6 V5.0 V02.03.01.110. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

An information disclosure vulnerability exists in the /goform/getproductInfo functionality of Tenda AC6 V5.0 V02.03.01.110. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5.0 V02.03.01.110. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

A security flaw has been discovered in Tenda AC20 16.03.08.12. Rated low severity (CVSS 2.0). Public exploit code available and no vendor patch available.

A vulnerability was identified in Tenda AC20 16.03.08.12. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability was determined in Tenda AC20 16.03.08.12. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability was found in Tenda AC20 16.03.08.12. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability has been found in Tenda AC20 16.03.08.12. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability was identified in Tenda AC20 16.03.08.12. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability has been found in Tenda AC7 and AC18 15.03.05.19/15.03.06.44. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability has been found in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability was identified in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability has been found in Tenda G1 16.01.7.8(3660). Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

A vulnerability was identified in Tenda AC15 15.13.07.13. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

A vulnerability was identified in Tenda TX3 16.03.13.11_multi_TDE01. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability was determined in Tenda AC20 up to 16.03.08.12. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability classified as critical was found in Tenda AC20 16.03.08.05. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda CP3 Pro Firmware V22.5.4.93 contains a hardcoded root password hash in the /etc/passwd file and /etc/passwd-. An attacker with access to the firmware image can extract and attempt to crack the root password hash, potentially obtaining administrative access

CVE-2025-7598 is a critical stack-based buffer overflow vulnerability in Tenda AX1803 router (version 1.0.0.1) affecting the WiFi MAC filter configuration endpoint. An authenticated remote attacker can exploit improper input validation in the deviceList parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impacts). Public exploit code has been disclosed and the vulnerability may be actively exploited.

CVE-2025-7597 is a critical stack-based buffer overflow vulnerability in Tenda AX1803 router firmware (version 1.0.0.1) affecting the MAC filter configuration function. An authenticated attacker can remotely exploit this via the deviceList parameter to achieve remote code execution with full system compromise (confidentiality, integrity, availability). A public exploit has been disclosed and the vulnerability may be actively exploited.

A critical stack-based buffer overflow vulnerability exists in Tenda FH1205 firmware version 2.0.0.7(775) within the WifiExtraSet web form handler, triggered via the wpapsk_crypto parameter. This authenticated remote vulnerability allows attackers with user-level privileges to achieve complete system compromise including code execution, data theft, and device disruption. The vulnerability has public exploit disclosure and active exploitation potential, making it a high-priority security concern for deployed devices.

A buffer overflow vulnerability in A vulnerability (CVSS 8.8). Risk factors: public PoC available.

CVE-2025-7551 is a critical stack-based buffer overflow vulnerability in Tenda FH1201 firmware version 1.2.0.14(408) affecting the PPTP client configuration function. An authenticated remote attacker can exploit improper input validation in the modino/username parameters to overflow the stack, achieving code execution with high confidentiality, integrity, and availability impact. A public proof-of-concept exists and the vulnerability may be actively exploited.

CVE-2025-7550 is a critical stack-based buffer overflow vulnerability in Tenda FH1201 firmware version 1.2.0.14(408) affecting the /goform/GstDhcpSetSer endpoint. An authenticated remote attacker can exploit the 'dips' parameter to achieve arbitrary code execution with high impact on confidentiality, integrity, and availability. A public proof-of-concept exists, and the vulnerability exhibits active exploitation characteristics with a CVSS score of 8.8.

CVE-2025-7549 is a critical stack-based buffer overflow vulnerability in Tenda FH1201 firmware version 1.2.0.14(408) affecting the L7Prot form handler. An authenticated remote attacker can exploit the 'page' parameter to overflow the stack, achieving complete compromise of the device with high confidentiality, integrity, and availability impact. The vulnerability has public exploit disclosure and should be considered actively exploitable.

CVE-2025-7548 is a critical stack-based buffer overflow vulnerability in Tenda FH1201 wireless router firmware version 1.2.0.14(408) affecting the SafeEmailFilter function. An authenticated remote attacker can exploit an improper bounds check on the 'page' parameter to achieve arbitrary code execution with full system privileges (confidentiality, integrity, and availability compromise). Public exploit code exists for this vulnerability, elevating real-world risk significantly.

CVE-2025-7544 is a critical stack-based buffer overflow vulnerability in Tenda AC1206 firmware version 15.03.06.23, specifically in the formSetMacFilterCfg function accessible via the /goform/setMacFilterCfg endpoint. An authenticated remote attacker can exploit this vulnerability by manipulating the deviceList parameter to achieve remote code execution with high confidentiality, integrity, and availability impact. Public exploit disclosure and active exploitation indicators elevate real-world risk significantly.

CVE-2025-7532 is a critical stack-based buffer overflow vulnerability in Tenda FH1202 firmware version 1.2.0.14(408) affecting the webExcptypemanFilter function. An authenticated remote attacker can exploit improper input validation on the 'page' parameter to achieve code execution with full system compromise (confidentiality, integrity, and availability impact). A public exploit has been disclosed and the vulnerability meets criteria for active exploitation risk.

CVE-2025-7531 is a critical stack-based buffer overflow vulnerability in Tenda FH1202 firmware version 1.2.0.14(408) affecting the PPTP user settings function. An authenticated remote attacker can exploit improper input validation on the 'delno' parameter to achieve code execution with full system compromise (confidentiality, integrity, and availability). The vulnerability has public exploit code available and represents active exploitation risk.

CVE-2025-7530 is a critical stack-based buffer overflow vulnerability in Tenda FH1202 firmware version 1.2.0.14(408) affecting the PPTP client configuration function. An authenticated remote attacker can exploit this vulnerability by supplying a malicious Username argument to the /goform/PPTPDClient endpoint, potentially achieving remote code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code is available and the vulnerability meets criteria for active exploitation risk.

CVE-2025-7529 is a critical stack-based buffer overflow vulnerability in Tenda FH1202 firmware version 1.2.0.14(408) that allows authenticated remote attackers to achieve complete system compromise through manipulation of the 'page' parameter in the /goform/Natlimit endpoint. With a CVSS score of 8.8, public exploit disclosure, and confirmation of active exploitation potential, this vulnerability poses significant real-world risk to deployed Tenda router installations.

CVE-2025-7528 is a critical stack-based buffer overflow vulnerability in Tenda FH1202 firmware version 1.2.0.14(408) affecting the /goform/GstDhcpSetSer endpoint. An authenticated attacker can remotely exploit this vulnerability by manipulating the 'dips' parameter to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). The vulnerability has public exploit code available and meets criteria for active exploitation risk.

A critical stack-based buffer overflow vulnerability exists in Tenda FH1202 firmware version 1.2.0.14(408) affecting the /goform/AdvSetWan endpoint. An authenticated remote attacker can overflow the PPPOEPassword parameter to achieve arbitrary code execution with full system privileges (confidentiality, integrity, and availability compromise). Public exploit code is available and the vulnerability meets criteria for active exploitation risk.

CVE-2025-7506 is a critical stack-based buffer overflow vulnerability in Tenda FH451 router firmware version 1.0.0.9, exploitable via the HTTP POST parameter 'page' in the /goform/Natlimit endpoint. An authenticated remote attacker can achieve complete system compromise (code execution, data exfiltration, denial of service) without user interaction. Public exploit code is available, indicating active disclosure and likely exploitation in the wild.

CVE-2025-7505 is a critical stack-based buffer overflow vulnerability in Tenda FH451 v1.0.0.9 affecting the HTTP POST request handler's L7 protocol filter functionality. An authenticated attacker can remotely exploit this vulnerability by manipulating the 'page' parameter to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code has been disclosed and the vulnerability meets CISA KEV criteria for active exploitation risk.

A buffer overflow vulnerability in A vulnerability (CVSS 8.8). Risk factors: public PoC available.

CVE-2025-7465 is a critical remote buffer overflow vulnerability in Tenda FH1201 firmware version 1.2.0.14 affecting the HTTP POST request handler's fromRouteStatic function. An authenticated attacker can exploit improper input validation on the 'page' parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). A public proof-of-concept exploit exists and the vulnerability may be actively exploited in the wild.

A critical buffer overflow vulnerability exists in Tenda FH1201 wireless router firmware version 1.2.0.14, located in the HTTP POST handler for wireless safety settings. An authenticated attacker can remotely exploit this vulnerability by sending a crafted request with an oversized 'mit_ssid' parameter to the /goform/AdvSetWrlsafeset endpoint, achieving remote code execution with complete system compromise (confidentiality, integrity, and availability). A public proof-of-concept exploit is available, and this vulnerability meets CISA KEV criteria for active exploitation in the wild.

CVE-2025-7434 is a critical stack-based buffer overflow vulnerability in Tenda FH451 wireless routers (versions up to 1.0.0.9) affecting the POST request handler for the /goform/addressNat endpoint. An authenticated remote attacker can exploit improper input validation on the 'page' parameter to overflow the stack, achieving arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code exists and the vulnerability may be actively exploited in the wild.

CVE-2025-7423 is a critical stack-based buffer overflow vulnerability in Tenda O3V2 router firmware (version 1.0.0.12(3880)) affecting the WiFi MAC filter functionality. An authenticated attacker can remotely exploit this vulnerability by sending a malicious macList parameter to the /goform/setWrlFilterList endpoint, achieving arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). The vulnerability has public exploit disclosure and may be actively exploited in the wild.

A buffer overflow vulnerability in A vulnerability classified as critical (CVSS 8.8). Risk factors: public PoC available.

A critical stack-based buffer overflow vulnerability exists in Tenda O3V2 firmware version 1.0.0.12(3880) in the MAC filter modification function. An authenticated remote attacker can exploit improper input validation of the 'mac' parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). The vulnerability has public exploit disclosure and demonstrates high real-world exploitability.

CVE-2025-7420 is a critical stack-based buffer overflow vulnerability in Tenda O3V2 router firmware (version 1.0.0.12(3880)) affecting the httpd component's WiFi configuration handler. An authenticated remote attacker can overflow the stack via the 'extChannel' parameter in the /goform/setWrlBasicInfo endpoint, achieving complete system compromise including arbitrary code execution, data theft, and denial of service. Public exploit code has been disclosed and the vulnerability meets CVSS 8.8 severity criteria, indicating high real-world risk for affected router deployments.

A critical stack-based buffer overflow vulnerability exists in Tenda O3V2 router firmware version 1.0.0.12(3880), affecting the httpd daemon's speed test functionality. An authenticated remote attacker can exploit the destIP parameter in the /goform/setRateTest endpoint to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability). Public exploit code is available and the vulnerability meets criteria for active exploitation risk.

A buffer overflow vulnerability in A vulnerability (CVSS 8.8). Risk factors: public PoC available.

CVE-2025-7417 is a critical stack-based buffer overflow vulnerability in Tenda O3V2 router firmware (version 1.0.0.12(3880)) affecting the /goform/setPingInfo endpoint. An authenticated attacker can exploit improper input validation on the 'ip' parameter to achieve remote code execution with high impact on confidentiality, integrity, and availability. A public proof-of-concept exploit exists, and the vulnerability is actively exploitable in real-world environments.