Tenda

A critical stack-based buffer overflow vulnerability exists in Tenda O3V2 1.0.0.12(3880) in the httpd component's fromSysToolTime function within /goform/setSysTimeInfo. An authenticated remote attacker can exploit this by manipulating the Time argument to achieve arbitrary code execution with high confidentiality, integrity, and availability impact (CVSS 8.8). Public exploit disclosure and active exploitation indicators elevate real-world risk significantly.

A vulnerability, which was classified as critical, has been found in Tenda O3V2 1.0.0.12(3880). This issue affects the function fromTraceroutGet of the file /goform/getTraceroute of the component httpd. The manipulation of the argument dest leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

A vulnerability classified as critical was found in Tenda O3V2 1.0.0.12(3880). This vulnerability affects the function fromNetToolGet of the file /goform/setPingInfo of the component httpd. The manipulation of the argument domain leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

A security vulnerability in Tenda CP3 Pro Firmware (CVSS 7.5) that allows remote attackers. Risk factors: public PoC available.

A vulnerability was found in Campcodes Payroll Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=save_employee_attendance. The manipulation of the argument employee_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

A vulnerability was found in Campcodes Payroll Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /ajax.php?action=delete_employee_attendance_single. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the fromSetRouteStatic function via the list parameter.

Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetQosBand function via the list parameter.

Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetFirewallCfg function via the firewallEn parameter.

Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the SetSysTimeCfg function via the time parameter.

Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the addWifiMacFilter function via the parameter deviceId.

A vulnerability was found in Tenda AC5 15.03.06.47 and classified as critical. Affected by this issue is some unknown functionality of the file /goform/SetSysTimeCfg. The manipulation of the argument time/timeZone leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

A vulnerability has been found in Tenda AC5 15.03.06.47 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

A buffer overflow vulnerability exists in the fromNatStaticSetting function of Tenda AC6 <=V15.03.05.19 via the page parameter.

Blind SQL Injection vulnerability in Suhas Surse WP Employee Attendance System affecting versions through 3.5, allowing authenticated attackers with high privileges to extract sensitive database information. While the CVSS score of 7.6 indicates moderate-to-high severity, the attack requires administrator-level credentials and the confidentiality impact is high; however, integrity and availability impacts are limited. No current KEV designation or widespread public POC availability has been reported, though the vulnerability's nature as SQL injection makes exploitation theoretically straightforward for skilled attackers.

Critical remote buffer overflow vulnerability in Tenda FH1203 firmware version 2.0.1.6 affecting the /goform/AdvSetLanip endpoint. An authenticated attacker can exploit improper input validation of the lanMask parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability). A public proof-of-concept exploit exists, indicating active disclosure and potential real-world exploitation risk.

Critical buffer overflow vulnerability in Tenda FH1205 firmware version 2.0.0.7 affecting the lanMask parameter in the /goform/AdvSetLanip endpoint. An authenticated remote attacker can exploit this to achieve code execution with full system compromise (confidentiality, integrity, and availability impact). A public proof-of-concept exists, making this an active exploitation risk.

Critical stack-based buffer overflow vulnerability in Tenda FH1205 firmware version 2.0.0.7(775) affecting the /goform/VirtualSer endpoint's 'page' parameter. An authenticated remote attacker can exploit this to achieve complete system compromise including arbitrary code execution, data exfiltration, and service disruption. The vulnerability has public exploit disclosure and demonstrated proof-of-concept availability, elevating immediate risk despite requiring valid credentials.

Critical stack-based buffer overflow vulnerability in Tenda FH1201 firmware version 1.2.0.14(408) affecting the /goform/SafeMacFilter endpoint. An authenticated remote attacker can exploit the 'page' parameter to achieve remote code execution with high confidentiality, integrity, and availability impact. Public exploit code exists and the vulnerability is actively exploitable.

handcraftedinthealps goodby-csv is a highly memory efficient, flexible and extendable open-source CSV import/export library. Prior to 1.4.3, goodby-csv could be used as part of a chain of methods that is exploitable when an insecure deserialization vulnerability exists in an application. This so-called "gadget chain" presents no direct threat but is a vector that can be used to achieve remote code execution if the application deserializes untrusted data due to another vulnerability. The problem is patched with Version 1.4.3.

A buffer overflow vulnerability exists in Tenda AC6 router firmware version 15.03.05.16 that allows unauthenticated remote attackers to trigger a denial of service condition by sending oversized parameters (schedStartTime and schedEndTime) to the /goform/openSchedWifi endpoint. The vulnerability is network-accessible without authentication or user interaction, making it trivially exploitable for DoS attacks against affected routers. While the CVSS score indicates high severity (7.5), the actual impact appears limited to availability (DoS only), with no confirmed code execution or data disclosure capability.

A critical stack-based buffer overflow vulnerability exists in Tenda FH1202 firmware version 1.2.0.14 within the /goform/VirtualSer endpoint's fromVirtualSer function, triggered by unsanitized 'page' parameter manipulation. An authenticated attacker can exploit this remotely to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit disclosure and proof-of-concept availability significantly elevate real-world exploitation risk.

A vulnerability, which was classified as problematic, was found in Tenda AC9 15.03.02.13. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

A vulnerability was found in Tenda TDSEE App up to 1.7.12. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /app/ConfirmSmsCode of the component Password Reset Confirmation Code Handler. The manipulation leads to improper restriction of excessive authentication attempts. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.7.15 is able to address this issue. It is recommended to upgrade the affected component.

A critical stack-based buffer overflow vulnerability exists in Tenda AC5 router firmware version 15.03.06.47, affecting the rebootTime parameter in the /goform/SetRebootTimer endpoint. An authenticated remote attacker can exploit this vulnerability to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability). Public exploitation code is available, and the vulnerability has been disclosed, increasing real-world exploitation risk.

Critical remote buffer overflow vulnerability in Tenda AC7 wireless router firmware version 15.03.06.44, affecting the PPTP user list configuration function. An authenticated remote attacker can exploit this vulnerability to achieve arbitrary code execution with complete system compromise (confidentiality, integrity, and availability impact). Public exploit code has been disclosed and the vulnerability meets criteria for active exploitation risk.

Critical remote buffer overflow vulnerability in Tenda AC7 router firmware version 15.03.06.44, affecting the LAN IP configuration function. An authenticated attacker can exploit improper input validation in the 'lanMask' parameter to achieve remote code execution with high confidentiality, integrity, and availability impact. Public exploit code is available and the vulnerability meets criteria for active exploitation.

Critical stack-based buffer overflow vulnerability in Tenda AC6 firmware version 15.03.05.16 that allows authenticated remote attackers to execute arbitrary code by sending a specially crafted rebootTime parameter to the SetRebootTimer endpoint. The vulnerability has been publicly disclosed with working exploits available, posing immediate risk to deployed devices, though exploitation requires valid user credentials.

Critical remote buffer overflow vulnerability in Tenda AC6 firmware version 15.03.05.16 affecting the LAN IP configuration endpoint. An authenticated remote attacker can exploit improper input validation in the lanMask parameter of the /goform/AdvSetLanip function to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code has been disclosed, making this an active threat with elevated real-world risk despite the authentication requirement.

A buffer overflow vulnerability in A vulnerability classified as critical (CVSS 8.8). Risk factors: public PoC available.

Critical buffer overflow vulnerability in Tenda AC6 router firmware version 15.03.05.16, affecting the PPTP user list configuration function accessible via the /goform/setPptpUserList endpoint. An authenticated attacker can remotely exploit this vulnerability by manipulating the 'list' argument to achieve code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code is available and the vulnerability meets criteria for active exploitation risk.

A critical buffer overflow vulnerability exists in Tenda AC15 firmware version 15.03.05.19_multi affecting the HTTP POST request handler for the /goform/AdvSetLanip endpoint. An authenticated remote attacker can exploit improper input validation of the lanMask parameter to achieve buffer overflow, leading to arbitrary code execution, information disclosure, and denial of service. Public exploit code is available and the vulnerability is actively disclosed, increasing real-world exploitation risk.

Critical buffer overflow vulnerability in Tenda AC15 firmware version 15.03.05.19_multi affecting the HTTP POST request handler's LED configuration function. An authenticated remote attacker can exploit improper input validation on the 'Time' parameter to achieve buffer overflow, leading to complete system compromise including confidentiality, integrity, and availability violations. Public exploit code has been disclosed and the vulnerability meets criteria for active exploitation risk.

A buffer overflow vulnerability in A vulnerability (CVSS 8.8). Risk factors: public PoC available.

A buffer overflow vulnerability in A vulnerability (CVSS 8.8). Risk factors: public PoC available.

Critical stack-based buffer overflow vulnerability in Tenda AC9 router firmware version 15.03.02.13, exploitable via the HTTP POST handler's formSetSafeWanWebMan function through manipulation of the remoteIp parameter. An authenticated remote attacker can achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). A public proof-of-concept exploit exists, elevating real-world exploitation risk significantly.

A critical buffer overflow vulnerability exists in Tenda AC9 router firmware version 15.03.02.13, affecting the POST request handler for LAN IP configuration. An authenticated attacker can exploit the lanMask parameter in the /goform/AdvSetLanip endpoint to trigger a buffer overflow, achieving remote code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code is available and the vulnerability is actively exploitable with authenticated access.

A vulnerability was found in Tenda AC9 15.03.02.13. It has been rated as critical. This issue affects the function formSetIptv of the file /goform/SetIPTVCfg of the component POST Request Handler. The manipulation of the argument list leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Critical stack-based buffer overflow vulnerability in Tenda AC8 router firmware version 16.03.34.09, affecting the wireless repeat configuration function. An authenticated remote attacker can exploit this vulnerability via the wpapsk_crypto parameter to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). Public proof-of-concept code exists and exploitation is feasible, making this an actively exploitable threat requiring immediate patching.

Critical stack-based buffer overflow vulnerability in Tenda AC8 router firmware version 16.03.34.09, exploitable via the timeType parameter in the /goform/SetSysTimeCfg endpoint. An authenticated remote attacker can leverage this vulnerability to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit disclosure and confirmed proof-of-concept availability indicate active threat potential, though exploitation requires valid authentication credentials.

Critical buffer overflow vulnerability in Tenda AC5 router firmware (version 1.0/15.03.06.47) affecting the LAN IP configuration function. An authenticated attacker can remotely exploit improper input validation on the 'lanMask' parameter to achieve remote code execution with high confidentiality, integrity, and availability impact. Public exploit code is available and the vulnerability meets active exploitation criteria.

A buffer overflow vulnerability (CVSS 8.8). Risk factors: public PoC available.

A vulnerability has been found in Tenda CP3 11.10.00.2311090948 and classified as critical. Affected by this vulnerability is the function sub_F3C8C of the file apollo. The manipulation leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Critical stack-based buffer overflow vulnerability in Tenda CH22 router firmware version 1.0.0.1, affecting the formNatlimit function in the /goform/Natlimit endpoint. An authenticated remote attacker can exploit improper input validation on the 'page' parameter to achieve arbitrary code execution with full system privileges (confidentiality, integrity, and availability compromise). Public exploit code is available and the vulnerability meets active exploitation criteria.

A critical buffer overflow vulnerability exists in Tenda AC10 routers (versions up to 15.03.06.47) in the PPTP server configuration handler that allows authenticated remote attackers to execute arbitrary code or cause denial of service. The vulnerability affects the startIp/endIp parameters in the /goform/SetPptpServerCfg HTTP endpoint, requires valid credentials but no user interaction, and has publicly disclosed exploit code available, making it actively exploitable in real-world deployments.

Critical stack-based buffer overflow vulnerability in Tenda CH22 version 1.0.0.1 affecting the /goform/addUserName endpoint's Password parameter handling. An authenticated remote attacker can exploit this flaw to achieve complete system compromise including unauthorized access, data modification, and denial of service. Public exploit code has been disclosed and the vulnerability is actionable with low attack complexity, making it a high-priority threat.

Critical buffer overflow vulnerability in Tenda AC18 router firmware version 15.03.05.05, exploitable via the /goform/AdvSetLanip endpoint's lanMask parameter. An authenticated remote attacker can trigger memory corruption leading to complete system compromise (confidentiality, integrity, availability). A public exploit proof-of-concept exists, and the vulnerability is likely being actively weaponized given disclosure status and CVSS 8.8 severity.

Critical remote buffer overflow vulnerability in Tenda AC18 router firmware version 15.03.05.05, affecting the reboot timer configuration function. An authenticated attacker can exploit improper input validation on the 'rebootTime' parameter to achieve remote code execution with full system compromise (confidentiality, integrity, availability). Public exploit code exists and the vulnerability is actively exploitable with low attack complexity.

Critical buffer overflow vulnerability in Tenda AC18 router firmware version 15.03.05.05, affecting the PPTP user list management function accessible via /goform/setPptpUserList. An authenticated attacker can exploit this remotely to achieve remote code execution with high impact on confidentiality, integrity, and availability. A public exploit proof-of-concept exists, increasing real-world exploitation risk.

A vulnerability was found in Tenda AC18 15.03.05.05. It has been declared as critical. This vulnerability affects the function formSetIptv of the file /goform/SetIPTVCfg. The manipulation of the argument list leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Critical stack-based buffer overflow vulnerability in Tenda RX3 router firmware version 16.03.13.11_multi_TDE01, affecting the static route configuration endpoint. An authenticated remote attacker can exploit this vulnerability through manipulation of the 'list' argument in /goform/SetStaticRouteCfg to achieve code execution with full system privileges (confidentiality, integrity, and availability impact). Public exploit code exists and the vulnerability has been disclosed, creating immediate exploitation risk despite requiring authenticated access.

Tenda AC6 V15.03.05.16 was discovered to contain a stack overflow via the time parameter in the setSmartPowerManagement function.

An issue in Tenda W18E v.2.0 v.16.01.0.11 allows an attacker to execute arbitrary code via the editing functionality of the account module in the goform/setmodules route. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability was found in Tenda A15 15.13.07.09/15.13.07.13. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

A vulnerability was found in Tenda A15 15.13.07.13. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability was found in Tenda AC7 15.03.06.44. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability was found in Tenda AC7 15.03.06.44. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda FH451 V1.0.0.9 is vulnerable to Remote Code Execution in the formSafeEmailFilter function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda AC10 v4 V16.03.10.13 is vulnerable to Buffer Overflow in the GetParentControlInfo function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda AC10 V1.0re_V15.03.06.46 is vulnerable to Buffer Overflow in the formSetPPTPUserList handler via the list POST parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda FH451 V1.0.0.9 has a stack overflow vulnerability in the function.P2pListFilter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda FH451 V1.0.0.9 has a stack overflow vulnerability in the function.frmL7ImForm. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

There is a stack overflow vulnerability in Tenda RX3 V1.0br_V16.03.13.11 In the fromSetWifiGusetBasic function of the web url /goform/ WifiGuestSet, the manipulation of the parameter shareSpeed leads. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

In Tenda RX3 V1.0br_V16.03.13.11 in the GetParentControlInfo function of the web url /goform/GetParentControlInfo, the manipulation of the parameter mac leads to stack overflow. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

A vulnerability, which was classified as critical, was found in Tenda AC8 16.03.34.06. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

A vulnerability was found in Tenda RX3 16.03.13.11_multi. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02 and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability was found in Tenda AC1206 up to 15.03.06.23. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

A vulnerability was found in Tenda AC1206 up to 15.03.06.23. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.8%.

Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSambaConf function via the usbname parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%.

Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via the deviceName parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%.

An issue was discovered on Tenda RX2 Pro 16.03.30.14 devices. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Cleartext transmission of sensitive information in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an unauthenticated attacker to authenticate to the web management portal by. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Cleartext transmission of sensitive information in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an attacker to decrypt traffic between the client and server by collecting the. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Initialization vector (IV) reuse in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an attacker to discern information about or more easily decrypt encrypted messages between. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Improper access controls in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to enable telnet access to the router's OS by sending a /goform/telnet. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Improper access controls in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to enable 'ate' (a remote system management binary) by sending a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Lack of access controls in the 'ate' management binary of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to perform unauthorized configuration changes for any router where. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Lack of input validation/sanitization in the 'ate' management service in the Tenda RX2 Pro 16.03.30.14 allows an unauthorized remote attacker to gain root shell access to the device by sending a. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use of weak credentials in the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated attacker to authenticate to the telnet service by calculating the root password based on easily-obtained device. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Reuse of a static AES key and initialization vector for encrypted traffic to the 'ate' management service of the Tenda RX2 Pro 16.03.30.14 allows an attacker to decrypt, replay, and/or forge traffic. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Lack of input validation/sanitization in the 'setLanCfg' API endpoint in httpd in the Tenda RX2 Pro 16.03.30.14 allows a remote attacker that is authorized to the web management portal to gain root. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetNetCheckTools function via the hostName parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%.

Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the level parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%.

Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the enable parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%.