Skip to main content

Tenda

1818 CVEs vendor

Monthly

CVE-2025-9791 HIGH POC This Week

A weakness has been identified in Tenda AC20 16.03.08.05. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac20 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.4%
CVE-2025-9778 LOW Monitor

A security vulnerability has been detected in Tenda W12 up to 3.0.0.6(3948). Rated low severity (CVSS 1.8). No vendor patch available.

Authentication Bypass Tenda
NVD GitHub VulDB
CVSS 4.0
0.9
EPSS
0.0%
CVE-2025-9748 HIGH POC This Week

A vulnerability was determined in Tenda CH22 1.0.0.1. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ch22 Firmware
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.2%
CVE-2025-9731 LOW Monitor

A vulnerability was determined in Tenda AC9 15.03.05.19. Rated low severity (CVSS 2.0). No vendor patch available.

Authentication Bypass Tenda
NVD GitHub VulDB
CVSS 4.0
1.1
EPSS
0.0%
CVE-2025-9605 HIGH POC This Week

A security vulnerability has been detected in Tenda AC21 and AC23 16.03.08.16. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac21 Firmware Ac23 Firmware
NVD GitHub VulDB
CVSS 4.0
8.9
EPSS
0.5%
CVE-2025-57220 MEDIUM This Month

An input validation flaw in the 'ate' service of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 to escalate privileges to root via a crafted UDP packet. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tenda Privilege Escalation Ac10 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-57219 MEDIUM This Month

Incorrect access control in the endpoint /goform/ate of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 allows attackers to escalate privileges or access sensitive components via a crafted request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tenda Ac10 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-57215 HIGH This Month

Tenda AC10 v4.0 firmware v16.03.10.20 was discovered to contain a stack overflow via the function get_parentControl_list_Info. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tenda Buffer Overflow Stack Overflow Ac10 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57218 MEDIUM POC This Month

Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the security_5g parameter in the function sub_46284C. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Stack Overflow Ac10 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-57217 MEDIUM This Month

Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the Password parameter in the function R7WebsSecurityHandler. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tenda Buffer Overflow Stack Overflow Ac10 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-52054 MEDIUM POC This Month

An issue was discovered in Tenda AC8 v4.0 AC1200 Dual-band Gigabit Wireless Router AC8v4.0 Firmware 16.03.33.05. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Tenda Ac8 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-55495 MEDIUM POC This Week

Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac6 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-9523 HIGH POC This Week

A vulnerability was detected in Tenda AC1206 15.03.06.23. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac1206 Firmware
NVD GitHub VulDB
CVSS 4.0
8.9
EPSS
0.6%
CVE-2025-9443 HIGH POC This Month

A flaw has been found in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ch22 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.3%
CVE-2025-55613 CRITICAL POC Act Now

Tenda O3V2 1.0.0.12(3880) is vulnerable to Buffer Overflow in the fromSafeSetMacFilter function via the mac parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda O3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-55606 HIGH POC This Month

Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromAdvSetMacMtuWan function via the serverName parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ax3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-55605 HIGH POC This Month

Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the saveParentControlInfo function via the deviceName parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ax3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-55603 HIGH POC This Month

Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromSetSysTime function via the ntpServer parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ax3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-9309 LOW POC Monitor

A vulnerability was found in Tenda AC10 16.03.10.13. Rated low severity (CVSS 2.0). Public exploit code available and no vendor patch available.

Authentication Bypass Tenda
NVD GitHub VulDB
CVSS 4.0
1.1
EPSS
0.0%
CVE-2025-55564 HIGH POC This Week

Tenda AC15 v15.03.05.19_multi_TD01 has a stack overflow via the list parameter in the fromSetIpMacBind function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Stack Overflow Ac15 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-9299 HIGH POC This Month

A vulnerability has been found in Tenda M3 1.0.0.12. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda M3 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.5%
CVE-2025-9298 HIGH POC This Month

A flaw has been found in Tenda M3 1.0.0.12. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda M3 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.4%
CVE-2025-9297 HIGH POC This Week

A vulnerability was detected in Tenda i22 1.0.0.3(4687). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda I22 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.4%
CVE-2025-55498 HIGH POC This Month

Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the time parameter in the fromSetSysTime function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Stack Overflow Ac6 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-55482 HIGH POC This Month

Tenda AC6 V15.03.06.23_multi is vulnerable to Buffer Overflow in the formSetCfm function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Stack Overflow Ac6 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-55503 HIGH POC This Month

Tenda AC6 V15.03.06.23_multi has a stack overflow vulnerability via the deviceName parameter in the saveParentControlInfo function. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Stack Overflow Ac6 Firmware
NVD GitHub
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-55499 MEDIUM POC This Week

Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the ntpServer parameter in the fromSetSysTime function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac6 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-55483 HIGH POC This Month

Tenda AC6 V15.03.06.23_multi is vulnerable to Buffer Overflow in the function formSetMacFilterCfg via the parameters macFilterType and deviceList. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Stack Overflow Ac6 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-32010 HIGH This Month

A stack-based buffer overflow vulnerability exists in the Cloud API functionality of Tenda AC6 V5.0 V02.03.01.110. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Tenda Buffer Overflow Stack Overflow RCE Ac6 Firmware
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2025-31355 HIGH This Month

A firmware update vulnerability exists in the Firmware Signature Validation functionality of Tenda AC6 V5.0 V02.03.01.110. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Tenda RCE Ac6 Firmware
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-30256 HIGH This Month

A denial of service vulnerability exists in the HTTP Header Parsing functionality of Tenda AC6 V5.0 V02.03.01.110. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Tenda Ac6 Firmware
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-27129 CRITICAL This Week

An authentication bypass vulnerability exists in the HTTP authentication functionality of Tenda AC6 V5.0 V02.03.01.110. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tenda RCE Ac6 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-24496 HIGH This Month

An information disclosure vulnerability exists in the /goform/getproductInfo functionality of Tenda AC6 V5.0 V02.03.01.110. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tenda Information Disclosure Ac6 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-24322 HIGH This Month

An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5.0 V02.03.01.110. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Tenda RCE Ac6 Firmware
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-9091 LOW POC Monitor

A security flaw has been discovered in Tenda AC20 16.03.08.12. Rated low severity (CVSS 2.0). Public exploit code available and no vendor patch available.

Authentication Bypass Tenda
NVD GitHub VulDB
CVSS 4.0
1.1
EPSS
0.0%
CVE-2025-9090 LOW POC Monitor

A vulnerability was identified in Tenda AC20 16.03.08.12. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection
NVD GitHub VulDB Exploit-DB
CVSS 4.0
2.1
EPSS
2.0%
CVE-2025-9089 HIGH POC This Month

A vulnerability was determined in Tenda AC20 16.03.08.12. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac20 Firmware
NVD VulDB GitHub
CVSS 4.0
7.4
EPSS
0.2%
CVE-2025-9088 HIGH POC This Month

A vulnerability was found in Tenda AC20 16.03.08.12. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac20 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.2%
CVE-2025-9087 HIGH POC This Month

A vulnerability has been found in Tenda AC20 16.03.08.12. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac20 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.2%
CVE-2025-9046 HIGH POC This Month

A vulnerability was identified in Tenda AC20 16.03.08.12. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac20 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.4%
CVE-2025-9023 HIGH POC This Month

A vulnerability has been found in Tenda AC7 and AC18 15.03.05.19/15.03.06.44. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac7 Firmware Ac18 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.4%
CVE-2025-9007 HIGH POC This Month

A vulnerability has been found in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ch22 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.2%
CVE-2025-9006 HIGH POC This Month

A vulnerability was identified in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ch22 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.2%
CVE-2025-8980 MEDIUM This Month

A vulnerability has been found in Tenda G1 16.01.7.8(3660). Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Tenda Information Disclosure G1 Firmware
NVD GitHub VulDB
CVSS 4.0
6.6
EPSS
0.1%
CVE-2025-8979 MEDIUM POC This Week

A vulnerability was identified in Tenda AC15 15.13.07.13. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Tenda Information Disclosure Ac15 Firmware
NVD VulDB GitHub
CVSS 4.0
6.6
EPSS
0.2%
CVE-2025-8958 HIGH POC This Month

A vulnerability was identified in Tenda TX3 16.03.13.11_multi_TDE01. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Tx3 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.3%
CVE-2025-8940 HIGH POC This Month

A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac20 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.5%
CVE-2025-8939 HIGH POC This Month

A vulnerability was determined in Tenda AC20 up to 16.03.08.12. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac20 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.4%
CVE-2025-8810 HIGH POC This Month

A vulnerability classified as critical was found in Tenda AC20 16.03.08.05. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac20 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.2%
CVE-2025-8182 LOW Monitor

Weak password requirements in Tenda AC18 firmware version 15.03.05.19 allow remote attackers to conduct brute-force attacks against Samba authentication via the /etc_ro/smb.conf configuration file. The vulnerability requires high attack complexity and has been publicly disclosed, though exploitation difficulty remains elevated. CVSS 2.9 and EPSS 0.07% (20th percentile) indicate low real-world risk despite proof-of-concept availability.

Tenda Information Disclosure Brute Force Ac18 Firmware
NVD VulDB
CVSS 4.0
2.9
EPSS
0.1%
CVE-2025-51089 MEDIUM POC This Month

Heap-based buffer overflow in Tenda AC8V4 router firmware V16.03.34.06 allows unauthenticated remote attackers to corrupt heap memory via a crafted `mac` parameter sent to the `/goform/GetParentControlInfo` endpoint. The vulnerability requires no authentication or user interaction and is reachable over the network, making it exploitable against any device whose web management interface is accessible. A publicly available proof-of-concept exists on GitHub, and the EPSS score of 5.54% at the 92nd percentile indicates elevated real-world exploitation probability relative to the broader CVE population; no public exploit identified at time of analysis confirms CISA KEV listing.

Heap Overflow Tenda Buffer Overflow Ac8 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
5.5%
CVE-2025-51088 MEDIUM POC This Month

Stack-based buffer overflow in Tenda AC8V4 firmware V16.03.34.06 exposes the /goform/WifiGuestSet HTTP endpoint to unauthenticated remote attackers via the `shareSpeed` parameter, which lacks proper bounds checking before stack allocation. The official CVSS scores only availability impact (A:L), but stack overflows in embedded router firmware routinely yield remote code execution in practice - the 93rd-percentile EPSS score and a publicly available PoC reinforce elevated real-world risk. No public exploitation or CISA KEV listing has been confirmed at time of analysis, though the PoC lowers the barrier to active targeting of unpatched devices.

Buffer Overflow Tenda Stack Overflow Ac8 Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
6.8%
CVE-2025-51087 HIGH POC This Week

Stack-based buffer overflow in the Tenda AC8V4 router (firmware V16.03.34.06) lets remote attackers corrupt memory by supplying an oversized 'time' parameter to the /goform/saveParentControlInfo web endpoint. Per the published CVSS vector the flaw is network-reachable with no authentication (PR:N) and low complexity, and publicly available exploit code exists (no public exploit identified as actively exploited in CISA KEV). The EPSS score of 8.43% (94th percentile) marks it as elevated exploitation likelihood relative to the CVE population.

Buffer Overflow Tenda Stack Overflow Ac8 Firmware
NVD GitHub
CVSS 3.1
8.6
EPSS
8.4%
CVE-2025-51085 MEDIUM POC This Month

Stack-based buffer overflow in Tenda AC8V4 firmware version 16.03.34.06 allows unauthenticated remote attackers to crash the device by sending a crafted HTTP request to the /goform/SetSysTimeCfg endpoint with oversized timeZone or timeType parameters. The vulnerability requires no authentication or user interaction per the CVSS:3.1 vector (PR:N/UI:N), making it trivially exploitable against any network-accessible management interface. A publicly available proof-of-concept exists on GitHub, and the EPSS score of 6.77% at the 93rd percentile signals meaningfully elevated exploitation probability relative to most CVEs - no public exploit identified at time of analysis as confirmed by CISA KEV, but POC availability lowers the bar for less-skilled actors.

Buffer Overflow Tenda Stack Overflow Ac8 Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
6.8%
CVE-2025-51082 MEDIUM POC This Month

Stack-based buffer overflow in Tenda AC8V4 home router firmware V16.03.34.06 exposes remote unauthenticated attackers to device crash or potential arbitrary code execution by submitting an oversized timeZone parameter to the /goform/fast_setting_wifi_set endpoint. The CVSS vector confirms no authentication is required and no user interaction is needed; a public proof-of-concept is available on GitHub. No public exploit identified at time of analysis as actively exploited by CISA KEV, but the combination of zero-authentication network access and available POC meaningfully lowers the barrier for exploitation beyond the low EPSS score of 0.47% suggests.

Buffer Overflow Tenda Stack Overflow Ac8 Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2025-52363 MEDIUM POC This Month

Tenda CP3 Pro Firmware V22.5.4.93 contains a hardcoded root password hash in the /etc/passwd file and /etc/passwd-. An attacker with access to the firmware image can extract and attempt to crack the root password hash, potentially obtaining administrative access

Authentication Bypass Cp3 Pro Firmware Tenda
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-7598 HIGH POC This Week

CVE-2025-7598 is a critical stack-based buffer overflow vulnerability in Tenda AX1803 router (version 1.0.0.1) affecting the WiFi MAC filter configuration endpoint. An authenticated remote attacker can exploit improper input validation in the deviceList parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impacts). Public exploit code has been disclosed and the vulnerability may be actively exploited.

Buffer Overflow RCE Ax1803 Firmware Tenda
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-7597 HIGH POC This Week

CVE-2025-7597 is a critical stack-based buffer overflow vulnerability in Tenda AX1803 router firmware (version 1.0.0.1) affecting the MAC filter configuration function. An authenticated attacker can remotely exploit this via the deviceList parameter to achieve remote code execution with full system compromise (confidentiality, integrity, availability). A public exploit has been disclosed and the vulnerability may be actively exploited.

Buffer Overflow Ax1803 Firmware Tenda
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-7596 HIGH POC This Week

A critical stack-based buffer overflow vulnerability exists in Tenda FH1205 firmware version 2.0.0.7(775) within the WifiExtraSet web form handler, triggered via the wpapsk_crypto parameter. This authenticated remote vulnerability allows attackers with user-level privileges to achieve complete system compromise including code execution, data theft, and device disruption. The vulnerability has public exploit disclosure and active exploitation potential, making it a high-priority security concern for deployed devices.

Buffer Overflow Fh1205 Firmware Tenda
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-7586 HIGH POC This Week

A buffer overflow vulnerability in A vulnerability (CVSS 8.8). Risk factors: public PoC available.

Buffer Overflow Ac500 Firmware Tenda
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-7551 HIGH POC This Week

CVE-2025-7551 is a critical stack-based buffer overflow vulnerability in Tenda FH1201 firmware version 1.2.0.14(408) affecting the PPTP client configuration function. An authenticated remote attacker can exploit improper input validation in the modino/username parameters to overflow the stack, achieving code execution with high confidentiality, integrity, and availability impact. A public proof-of-concept exists and the vulnerability may be actively exploited.

Buffer Overflow Fh1201 Firmware Tenda
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-7550 HIGH POC This Week

CVE-2025-7550 is a critical stack-based buffer overflow vulnerability in Tenda FH1201 firmware version 1.2.0.14(408) affecting the /goform/GstDhcpSetSer endpoint. An authenticated remote attacker can exploit the 'dips' parameter to achieve arbitrary code execution with high impact on confidentiality, integrity, and availability. A public proof-of-concept exists, and the vulnerability exhibits active exploitation characteristics with a CVSS score of 8.8.

Buffer Overflow Fh1201 Firmware Tenda
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-7549 HIGH POC This Week

CVE-2025-7549 is a critical stack-based buffer overflow vulnerability in Tenda FH1201 firmware version 1.2.0.14(408) affecting the L7Prot form handler. An authenticated remote attacker can exploit the 'page' parameter to overflow the stack, achieving complete compromise of the device with high confidentiality, integrity, and availability impact. The vulnerability has public exploit disclosure and should be considered actively exploitable.

Buffer Overflow Fh1201 Firmware Tenda
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-7548 HIGH POC This Week

CVE-2025-7548 is a critical stack-based buffer overflow vulnerability in Tenda FH1201 wireless router firmware version 1.2.0.14(408) affecting the SafeEmailFilter function. An authenticated remote attacker can exploit an improper bounds check on the 'page' parameter to achieve arbitrary code execution with full system privileges (confidentiality, integrity, and availability compromise). Public exploit code exists for this vulnerability, elevating real-world risk significantly.

Buffer Overflow Fh1201 Firmware Tenda
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-7544 HIGH POC This Week

CVE-2025-7544 is a critical stack-based buffer overflow vulnerability in Tenda AC1206 firmware version 15.03.06.23, specifically in the formSetMacFilterCfg function accessible via the /goform/setMacFilterCfg endpoint. An authenticated remote attacker can exploit this vulnerability by manipulating the deviceList parameter to achieve remote code execution with high confidentiality, integrity, and availability impact. Public exploit disclosure and active exploitation indicators elevate real-world risk significantly.

Buffer Overflow Ac1206 Firmware Tenda
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-7532 HIGH POC This Week

CVE-2025-7532 is a critical stack-based buffer overflow vulnerability in Tenda FH1202 firmware version 1.2.0.14(408) affecting the webExcptypemanFilter function. An authenticated remote attacker can exploit improper input validation on the 'page' parameter to achieve code execution with full system compromise (confidentiality, integrity, and availability impact). A public exploit has been disclosed and the vulnerability meets criteria for active exploitation risk.

Buffer Overflow Fh1202 Firmware Tenda
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-7531 HIGH POC This Week

CVE-2025-7531 is a critical stack-based buffer overflow vulnerability in Tenda FH1202 firmware version 1.2.0.14(408) affecting the PPTP user settings function. An authenticated remote attacker can exploit improper input validation on the 'delno' parameter to achieve code execution with full system compromise (confidentiality, integrity, and availability). The vulnerability has public exploit code available and represents active exploitation risk.

Buffer Overflow Fh1202 Firmware Tenda
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-7530 HIGH POC This Week

CVE-2025-7530 is a critical stack-based buffer overflow vulnerability in Tenda FH1202 firmware version 1.2.0.14(408) affecting the PPTP client configuration function. An authenticated remote attacker can exploit this vulnerability by supplying a malicious Username argument to the /goform/PPTPDClient endpoint, potentially achieving remote code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code is available and the vulnerability meets criteria for active exploitation risk.

Buffer Overflow Fh1202 Firmware Tenda
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-7529 HIGH POC This Week

CVE-2025-7529 is a critical stack-based buffer overflow vulnerability in Tenda FH1202 firmware version 1.2.0.14(408) that allows authenticated remote attackers to achieve complete system compromise through manipulation of the 'page' parameter in the /goform/Natlimit endpoint. With a CVSS score of 8.8, public exploit disclosure, and confirmation of active exploitation potential, this vulnerability poses significant real-world risk to deployed Tenda router installations.

Buffer Overflow Fh1202 Firmware Tenda
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-7528 HIGH POC This Week

CVE-2025-7528 is a critical stack-based buffer overflow vulnerability in Tenda FH1202 firmware version 1.2.0.14(408) affecting the /goform/GstDhcpSetSer endpoint. An authenticated attacker can remotely exploit this vulnerability by manipulating the 'dips' parameter to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). The vulnerability has public exploit code available and meets criteria for active exploitation risk.

Buffer Overflow Fh1202 Firmware Tenda RCE
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-7527 HIGH POC This Week

A critical stack-based buffer overflow vulnerability exists in Tenda FH1202 firmware version 1.2.0.14(408) affecting the /goform/AdvSetWan endpoint. An authenticated remote attacker can overflow the PPPOEPassword parameter to achieve arbitrary code execution with full system privileges (confidentiality, integrity, and availability compromise). Public exploit code is available and the vulnerability meets criteria for active exploitation risk.

Buffer Overflow Fh1202 Firmware Tenda
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-7506 HIGH POC This Week

CVE-2025-7506 is a critical stack-based buffer overflow vulnerability in Tenda FH451 router firmware version 1.0.0.9, exploitable via the HTTP POST parameter 'page' in the /goform/Natlimit endpoint. An authenticated remote attacker can achieve complete system compromise (code execution, data exfiltration, denial of service) without user interaction. Public exploit code is available, indicating active disclosure and likely exploitation in the wild.

Buffer Overflow Fh451 Firmware Tenda
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-7505 HIGH POC This Week

CVE-2025-7505 is a critical stack-based buffer overflow vulnerability in Tenda FH451 v1.0.0.9 affecting the HTTP POST request handler's L7 protocol filter functionality. An authenticated attacker can remotely exploit this vulnerability by manipulating the 'page' parameter to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code has been disclosed and the vulnerability meets CISA KEV criteria for active exploitation risk.

Buffer Overflow Fh451 Firmware Tenda
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-7468 HIGH POC This Week

A buffer overflow vulnerability in A vulnerability (CVSS 8.8). Risk factors: public PoC available.

Buffer Overflow Fh1201 Firmware Tenda
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-7465 HIGH POC This Week

CVE-2025-7465 is a critical remote buffer overflow vulnerability in Tenda FH1201 firmware version 1.2.0.14 affecting the HTTP POST request handler's fromRouteStatic function. An authenticated attacker can exploit improper input validation on the 'page' parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). A public proof-of-concept exploit exists and the vulnerability may be actively exploited in the wild.

Buffer Overflow Fh1201 Firmware Tenda
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-7463 HIGH POC This Week

A critical buffer overflow vulnerability exists in Tenda FH1201 wireless router firmware version 1.2.0.14, located in the HTTP POST handler for wireless safety settings. An authenticated attacker can remotely exploit this vulnerability by sending a crafted request with an oversized 'mit_ssid' parameter to the /goform/AdvSetWrlsafeset endpoint, achieving remote code execution with complete system compromise (confidentiality, integrity, and availability). A public proof-of-concept exploit is available, and this vulnerability meets CISA KEV criteria for active exploitation in the wild.

Buffer Overflow Fh1201 Firmware Tenda
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-7434 HIGH POC This Week

CVE-2025-7434 is a critical stack-based buffer overflow vulnerability in Tenda FH451 wireless routers (versions up to 1.0.0.9) affecting the POST request handler for the /goform/addressNat endpoint. An authenticated remote attacker can exploit improper input validation on the 'page' parameter to overflow the stack, achieving arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code exists and the vulnerability may be actively exploited in the wild.

Buffer Overflow Fh451 Firmware Tenda
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-7423 HIGH POC This Week

CVE-2025-7423 is a critical stack-based buffer overflow vulnerability in Tenda O3V2 router firmware (version 1.0.0.12(3880)) affecting the WiFi MAC filter functionality. An authenticated attacker can remotely exploit this vulnerability by sending a malicious macList parameter to the /goform/setWrlFilterList endpoint, achieving arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). The vulnerability has public exploit disclosure and may be actively exploited in the wild.

Buffer Overflow O3 Firmware Tenda
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-7422 HIGH POC This Week

A buffer overflow vulnerability in A vulnerability classified as critical (CVSS 8.8). Risk factors: public PoC available.

Buffer Overflow O3 Firmware Tenda
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-7421 HIGH POC This Week

A critical stack-based buffer overflow vulnerability exists in Tenda O3V2 firmware version 1.0.0.12(3880) in the MAC filter modification function. An authenticated remote attacker can exploit improper input validation of the 'mac' parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). The vulnerability has public exploit disclosure and demonstrates high real-world exploitability.

Buffer Overflow O3 Firmware Tenda
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-7420 HIGH POC This Week

CVE-2025-7420 is a critical stack-based buffer overflow vulnerability in Tenda O3V2 router firmware (version 1.0.0.12(3880)) affecting the httpd component's WiFi configuration handler. An authenticated remote attacker can overflow the stack via the 'extChannel' parameter in the /goform/setWrlBasicInfo endpoint, achieving complete system compromise including arbitrary code execution, data theft, and denial of service. Public exploit code has been disclosed and the vulnerability meets CVSS 8.8 severity criteria, indicating high real-world risk for affected router deployments.

Buffer Overflow RCE O3 Firmware Tenda
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-7419 HIGH POC This Week

A critical stack-based buffer overflow vulnerability exists in Tenda O3V2 router firmware version 1.0.0.12(3880), affecting the httpd daemon's speed test functionality. An authenticated remote attacker can exploit the destIP parameter in the /goform/setRateTest endpoint to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability). Public exploit code is available and the vulnerability meets criteria for active exploitation risk.

Buffer Overflow O3 Firmware Tenda
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-7418 HIGH POC This Week

A buffer overflow vulnerability in A vulnerability (CVSS 8.8). Risk factors: public PoC available.

Buffer Overflow O3 Firmware Tenda
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-7417 HIGH POC This Week

CVE-2025-7417 is a critical stack-based buffer overflow vulnerability in Tenda O3V2 router firmware (version 1.0.0.12(3880)) affecting the /goform/setPingInfo endpoint. An authenticated attacker can exploit improper input validation on the 'ip' parameter to achieve remote code execution with high impact on confidentiality, integrity, and availability. A public proof-of-concept exploit exists, and the vulnerability is actively exploitable in real-world environments.

Buffer Overflow O3 Firmware Tenda
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-7416 HIGH POC This Week

A critical stack-based buffer overflow vulnerability exists in Tenda O3V2 1.0.0.12(3880) in the httpd component's fromSysToolTime function within /goform/setSysTimeInfo. An authenticated remote attacker can exploit this by manipulating the Time argument to achieve arbitrary code execution with high confidentiality, integrity, and availability impact (CVSS 8.8). Public exploit disclosure and active exploitation indicators elevate real-world risk significantly.

Buffer Overflow O3 Firmware Tenda
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-7415 LOW POC Monitor

A vulnerability, which was classified as critical, has been found in Tenda O3V2 1.0.0.12(3880). This issue affects the function fromTraceroutGet of the file /goform/getTraceroute of the component httpd. The manipulation of the argument dest leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Command Injection Tenda
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.6%
CVE-2025-7414 LOW POC Monitor

A vulnerability classified as critical was found in Tenda O3V2 1.0.0.12(3880). This vulnerability affects the function fromNetToolGet of the file /goform/setPingInfo of the component httpd. The manipulation of the argument domain leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Command Injection Tenda
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.7%
CVE-2025-52364 HIGH POC This Week

A security vulnerability in Tenda CP3 Pro Firmware (CVSS 7.5) that allows remote attackers. Risk factors: public PoC available.

Information Disclosure Cp3 Pro Firmware Tenda
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-50263 HIGH POC This Week

Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the fromSetRouteStatic function via the list parameter.

Buffer Overflow Ac6 Firmware Tenda
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-50262 HIGH POC This Week

Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetQosBand function via the list parameter.

Buffer Overflow Ac6 Firmware Tenda
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
EPSS 0% CVSS 7.4
HIGH POC This Week

A weakness has been identified in Tenda AC20 16.03.08.05. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac20 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 0.9
LOW Monitor

A security vulnerability has been detected in Tenda W12 up to 3.0.0.6(3948). Rated low severity (CVSS 1.8). No vendor patch available.

Authentication Bypass Tenda
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH POC This Week

A vulnerability was determined in Tenda CH22 1.0.0.1. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ch22 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 1.1
LOW Monitor

A vulnerability was determined in Tenda AC9 15.03.05.19. Rated low severity (CVSS 2.0). No vendor patch available.

Authentication Bypass Tenda
NVD GitHub VulDB
EPSS 0% CVSS 8.9
HIGH POC This Week

A security vulnerability has been detected in Tenda AC21 and AC23 16.03.08.16. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac21 Firmware +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

An input validation flaw in the 'ate' service of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 to escalate privileges to root via a crafted UDP packet. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tenda Privilege Escalation Ac10 Firmware
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Incorrect access control in the endpoint /goform/ate of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 allows attackers to escalate privileges or access sensitive components via a crafted request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tenda Ac10 Firmware
NVD
EPSS 0% CVSS 7.5
HIGH This Month

Tenda AC10 v4.0 firmware v16.03.10.20 was discovered to contain a stack overflow via the function get_parentControl_list_Info. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tenda Buffer Overflow Stack Overflow +1
NVD
EPSS 0% CVSS 5.3
MEDIUM POC This Month

Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the security_5g parameter in the function sub_46284C. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Stack Overflow +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the Password parameter in the function R7WebsSecurityHandler. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tenda Buffer Overflow Stack Overflow +1
NVD
EPSS 0% CVSS 5.3
MEDIUM POC This Month

An issue was discovered in Tenda AC8 v4.0 AC1200 Dual-band Gigabit Wireless Router AC8v4.0 Firmware 16.03.33.05. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Tenda Ac8 Firmware
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Week

Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac6 Firmware
NVD GitHub
EPSS 1% CVSS 8.9
HIGH POC This Week

A vulnerability was detected in Tenda AC1206 15.03.06.23. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac1206 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH POC This Month

A flaw has been found in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ch22 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Tenda O3V2 1.0.0.12(3880) is vulnerable to Buffer Overflow in the fromSafeSetMacFilter function via the mac parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda O3 Firmware
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Month

Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromAdvSetMacMtuWan function via the serverName parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ax3 Firmware
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Month

Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the saveParentControlInfo function via the deviceName parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ax3 Firmware
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Month

Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromSetSysTime function via the ntpServer parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ax3 Firmware
NVD GitHub
EPSS 0% CVSS 1.1
LOW POC Monitor

A vulnerability was found in Tenda AC10 16.03.10.13. Rated low severity (CVSS 2.0). Public exploit code available and no vendor patch available.

Authentication Bypass Tenda
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH POC This Week

Tenda AC15 v15.03.05.19_multi_TD01 has a stack overflow via the list parameter in the fromSetIpMacBind function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Stack Overflow +1
NVD GitHub
EPSS 0% CVSS 7.4
HIGH POC This Month

A vulnerability has been found in Tenda M3 1.0.0.12. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda M3 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH POC This Month

A flaw has been found in Tenda M3 1.0.0.12. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda M3 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH POC This Week

A vulnerability was detected in Tenda i22 1.0.0.3(4687). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda I22 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH POC This Month

Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the time parameter in the fromSetSysTime function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Stack Overflow +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Month

Tenda AC6 V15.03.06.23_multi is vulnerable to Buffer Overflow in the formSetCfm function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Stack Overflow +1
NVD GitHub
EPSS 0% CVSS 7.3
HIGH POC This Month

Tenda AC6 V15.03.06.23_multi has a stack overflow vulnerability via the deviceName parameter in the saveParentControlInfo function. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Stack Overflow +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Week

Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the ntpServer parameter in the fromSetSysTime function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac6 Firmware
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Month

Tenda AC6 V15.03.06.23_multi is vulnerable to Buffer Overflow in the function formSetMacFilterCfg via the parameters macFilterType and deviceList. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Stack Overflow +1
NVD GitHub
EPSS 1% CVSS 8.1
HIGH This Month

A stack-based buffer overflow vulnerability exists in the Cloud API functionality of Tenda AC6 V5.0 V02.03.01.110. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Tenda Buffer Overflow Stack Overflow +2
NVD
EPSS 0% CVSS 7.2
HIGH This Month

A firmware update vulnerability exists in the Firmware Signature Validation functionality of Tenda AC6 V5.0 V02.03.01.110. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Tenda RCE Ac6 Firmware
NVD
EPSS 0% CVSS 8.6
HIGH This Month

A denial of service vulnerability exists in the HTTP Header Parsing functionality of Tenda AC6 V5.0 V02.03.01.110. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Tenda Ac6 Firmware
NVD
EPSS 0% CVSS 9.8
CRITICAL This Week

An authentication bypass vulnerability exists in the HTTP authentication functionality of Tenda AC6 V5.0 V02.03.01.110. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tenda RCE +1
NVD
EPSS 0% CVSS 7.5
HIGH This Month

An information disclosure vulnerability exists in the /goform/getproductInfo functionality of Tenda AC6 V5.0 V02.03.01.110. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tenda Information Disclosure Ac6 Firmware
NVD
EPSS 0% CVSS 8.1
HIGH This Month

An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5.0 V02.03.01.110. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Tenda RCE Ac6 Firmware
NVD
EPSS 0% CVSS 1.1
LOW POC Monitor

A security flaw has been discovered in Tenda AC20 16.03.08.12. Rated low severity (CVSS 2.0). Public exploit code available and no vendor patch available.

Authentication Bypass Tenda
NVD GitHub VulDB
EPSS 2% CVSS 2.1
LOW POC Monitor

A vulnerability was identified in Tenda AC20 16.03.08.12. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection
NVD GitHub VulDB Exploit-DB
EPSS 0% CVSS 7.4
HIGH POC This Month

A vulnerability was determined in Tenda AC20 16.03.08.12. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac20 Firmware
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Month

A vulnerability was found in Tenda AC20 16.03.08.12. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac20 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH POC This Month

A vulnerability has been found in Tenda AC20 16.03.08.12. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac20 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH POC This Month

A vulnerability was identified in Tenda AC20 16.03.08.12. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac20 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH POC This Month

A vulnerability has been found in Tenda AC7 and AC18 15.03.05.19/15.03.06.44. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac7 Firmware +1
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH POC This Month

A vulnerability has been found in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ch22 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH POC This Month

A vulnerability was identified in Tenda CH22 1.0.0.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ch22 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 6.6
MEDIUM This Month

A vulnerability has been found in Tenda G1 16.01.7.8(3660). Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Tenda Information Disclosure G1 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 6.6
MEDIUM POC This Week

A vulnerability was identified in Tenda AC15 15.13.07.13. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Tenda Information Disclosure Ac15 Firmware
NVD VulDB GitHub
EPSS 0% CVSS 7.4
HIGH POC This Month

A vulnerability was identified in Tenda TX3 16.03.13.11_multi_TDE01. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Tx3 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH POC This Month

A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac20 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH POC This Month

A vulnerability was determined in Tenda AC20 up to 16.03.08.12. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac20 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH POC This Month

A vulnerability classified as critical was found in Tenda AC20 16.03.08.05. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac20 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 2.9
LOW Monitor

Weak password requirements in Tenda AC18 firmware version 15.03.05.19 allow remote attackers to conduct brute-force attacks against Samba authentication via the /etc_ro/smb.conf configuration file. The vulnerability requires high attack complexity and has been publicly disclosed, though exploitation difficulty remains elevated. CVSS 2.9 and EPSS 0.07% (20th percentile) indicate low real-world risk despite proof-of-concept availability.

Tenda Information Disclosure Brute Force +1
NVD VulDB
EPSS 6% CVSS 6.5
MEDIUM POC This Month

Heap-based buffer overflow in Tenda AC8V4 router firmware V16.03.34.06 allows unauthenticated remote attackers to corrupt heap memory via a crafted `mac` parameter sent to the `/goform/GetParentControlInfo` endpoint. The vulnerability requires no authentication or user interaction and is reachable over the network, making it exploitable against any device whose web management interface is accessible. A publicly available proof-of-concept exists on GitHub, and the EPSS score of 5.54% at the 92nd percentile indicates elevated real-world exploitation probability relative to the broader CVE population; no public exploit identified at time of analysis confirms CISA KEV listing.

Heap Overflow Tenda Buffer Overflow +1
NVD GitHub
EPSS 7% CVSS 5.3
MEDIUM POC This Month

Stack-based buffer overflow in Tenda AC8V4 firmware V16.03.34.06 exposes the /goform/WifiGuestSet HTTP endpoint to unauthenticated remote attackers via the `shareSpeed` parameter, which lacks proper bounds checking before stack allocation. The official CVSS scores only availability impact (A:L), but stack overflows in embedded router firmware routinely yield remote code execution in practice - the 93rd-percentile EPSS score and a publicly available PoC reinforce elevated real-world risk. No public exploitation or CISA KEV listing has been confirmed at time of analysis, though the PoC lowers the barrier to active targeting of unpatched devices.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 8% CVSS 8.6
HIGH POC This Week

Stack-based buffer overflow in the Tenda AC8V4 router (firmware V16.03.34.06) lets remote attackers corrupt memory by supplying an oversized 'time' parameter to the /goform/saveParentControlInfo web endpoint. Per the published CVSS vector the flaw is network-reachable with no authentication (PR:N) and low complexity, and publicly available exploit code exists (no public exploit identified as actively exploited in CISA KEV). The EPSS score of 8.43% (94th percentile) marks it as elevated exploitation likelihood relative to the CVE population.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 7% CVSS 5.3
MEDIUM POC This Month

Stack-based buffer overflow in Tenda AC8V4 firmware version 16.03.34.06 allows unauthenticated remote attackers to crash the device by sending a crafted HTTP request to the /goform/SetSysTimeCfg endpoint with oversized timeZone or timeType parameters. The vulnerability requires no authentication or user interaction per the CVSS:3.1 vector (PR:N/UI:N), making it trivially exploitable against any network-accessible management interface. A publicly available proof-of-concept exists on GitHub, and the EPSS score of 6.77% at the 93rd percentile signals meaningfully elevated exploitation probability relative to most CVEs - no public exploit identified at time of analysis as confirmed by CISA KEV, but POC availability lowers the bar for less-skilled actors.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC This Month

Stack-based buffer overflow in Tenda AC8V4 home router firmware V16.03.34.06 exposes remote unauthenticated attackers to device crash or potential arbitrary code execution by submitting an oversized timeZone parameter to the /goform/fast_setting_wifi_set endpoint. The CVSS vector confirms no authentication is required and no user interaction is needed; a public proof-of-concept is available on GitHub. No public exploit identified at time of analysis as actively exploited by CISA KEV, but the combination of zero-authentication network access and available POC meaningfully lowers the barrier for exploitation beyond the low EPSS score of 0.47% suggests.

Buffer Overflow Tenda Stack Overflow +1
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM POC This Month

Tenda CP3 Pro Firmware V22.5.4.93 contains a hardcoded root password hash in the /etc/passwd file and /etc/passwd-. An attacker with access to the firmware image can extract and attempt to crack the root password hash, potentially obtaining administrative access

Authentication Bypass Cp3 Pro Firmware Tenda
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

CVE-2025-7598 is a critical stack-based buffer overflow vulnerability in Tenda AX1803 router (version 1.0.0.1) affecting the WiFi MAC filter configuration endpoint. An authenticated remote attacker can exploit improper input validation in the deviceList parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impacts). Public exploit code has been disclosed and the vulnerability may be actively exploited.

Buffer Overflow RCE Ax1803 Firmware +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

CVE-2025-7597 is a critical stack-based buffer overflow vulnerability in Tenda AX1803 router firmware (version 1.0.0.1) affecting the MAC filter configuration function. An authenticated attacker can remotely exploit this via the deviceList parameter to achieve remote code execution with full system compromise (confidentiality, integrity, availability). A public exploit has been disclosed and the vulnerability may be actively exploited.

Buffer Overflow Ax1803 Firmware Tenda
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

A critical stack-based buffer overflow vulnerability exists in Tenda FH1205 firmware version 2.0.0.7(775) within the WifiExtraSet web form handler, triggered via the wpapsk_crypto parameter. This authenticated remote vulnerability allows attackers with user-level privileges to achieve complete system compromise including code execution, data theft, and device disruption. The vulnerability has public exploit disclosure and active exploitation potential, making it a high-priority security concern for deployed devices.

Buffer Overflow Fh1205 Firmware Tenda
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

A buffer overflow vulnerability in A vulnerability (CVSS 8.8). Risk factors: public PoC available.

Buffer Overflow Ac500 Firmware Tenda
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

CVE-2025-7551 is a critical stack-based buffer overflow vulnerability in Tenda FH1201 firmware version 1.2.0.14(408) affecting the PPTP client configuration function. An authenticated remote attacker can exploit improper input validation in the modino/username parameters to overflow the stack, achieving code execution with high confidentiality, integrity, and availability impact. A public proof-of-concept exists and the vulnerability may be actively exploited.

Buffer Overflow Fh1201 Firmware Tenda
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

CVE-2025-7550 is a critical stack-based buffer overflow vulnerability in Tenda FH1201 firmware version 1.2.0.14(408) affecting the /goform/GstDhcpSetSer endpoint. An authenticated remote attacker can exploit the 'dips' parameter to achieve arbitrary code execution with high impact on confidentiality, integrity, and availability. A public proof-of-concept exists, and the vulnerability exhibits active exploitation characteristics with a CVSS score of 8.8.

Buffer Overflow Fh1201 Firmware Tenda
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

CVE-2025-7549 is a critical stack-based buffer overflow vulnerability in Tenda FH1201 firmware version 1.2.0.14(408) affecting the L7Prot form handler. An authenticated remote attacker can exploit the 'page' parameter to overflow the stack, achieving complete compromise of the device with high confidentiality, integrity, and availability impact. The vulnerability has public exploit disclosure and should be considered actively exploitable.

Buffer Overflow Fh1201 Firmware Tenda
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

CVE-2025-7548 is a critical stack-based buffer overflow vulnerability in Tenda FH1201 wireless router firmware version 1.2.0.14(408) affecting the SafeEmailFilter function. An authenticated remote attacker can exploit an improper bounds check on the 'page' parameter to achieve arbitrary code execution with full system privileges (confidentiality, integrity, and availability compromise). Public exploit code exists for this vulnerability, elevating real-world risk significantly.

Buffer Overflow Fh1201 Firmware Tenda
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

CVE-2025-7544 is a critical stack-based buffer overflow vulnerability in Tenda AC1206 firmware version 15.03.06.23, specifically in the formSetMacFilterCfg function accessible via the /goform/setMacFilterCfg endpoint. An authenticated remote attacker can exploit this vulnerability by manipulating the deviceList parameter to achieve remote code execution with high confidentiality, integrity, and availability impact. Public exploit disclosure and active exploitation indicators elevate real-world risk significantly.

Buffer Overflow Ac1206 Firmware Tenda
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

CVE-2025-7532 is a critical stack-based buffer overflow vulnerability in Tenda FH1202 firmware version 1.2.0.14(408) affecting the webExcptypemanFilter function. An authenticated remote attacker can exploit improper input validation on the 'page' parameter to achieve code execution with full system compromise (confidentiality, integrity, and availability impact). A public exploit has been disclosed and the vulnerability meets criteria for active exploitation risk.

Buffer Overflow Fh1202 Firmware Tenda
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

CVE-2025-7531 is a critical stack-based buffer overflow vulnerability in Tenda FH1202 firmware version 1.2.0.14(408) affecting the PPTP user settings function. An authenticated remote attacker can exploit improper input validation on the 'delno' parameter to achieve code execution with full system compromise (confidentiality, integrity, and availability). The vulnerability has public exploit code available and represents active exploitation risk.

Buffer Overflow Fh1202 Firmware Tenda
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

CVE-2025-7530 is a critical stack-based buffer overflow vulnerability in Tenda FH1202 firmware version 1.2.0.14(408) affecting the PPTP client configuration function. An authenticated remote attacker can exploit this vulnerability by supplying a malicious Username argument to the /goform/PPTPDClient endpoint, potentially achieving remote code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code is available and the vulnerability meets criteria for active exploitation risk.

Buffer Overflow Fh1202 Firmware Tenda
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

CVE-2025-7529 is a critical stack-based buffer overflow vulnerability in Tenda FH1202 firmware version 1.2.0.14(408) that allows authenticated remote attackers to achieve complete system compromise through manipulation of the 'page' parameter in the /goform/Natlimit endpoint. With a CVSS score of 8.8, public exploit disclosure, and confirmation of active exploitation potential, this vulnerability poses significant real-world risk to deployed Tenda router installations.

Buffer Overflow Fh1202 Firmware Tenda
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

CVE-2025-7528 is a critical stack-based buffer overflow vulnerability in Tenda FH1202 firmware version 1.2.0.14(408) affecting the /goform/GstDhcpSetSer endpoint. An authenticated attacker can remotely exploit this vulnerability by manipulating the 'dips' parameter to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). The vulnerability has public exploit code available and meets criteria for active exploitation risk.

Buffer Overflow Fh1202 Firmware Tenda +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

A critical stack-based buffer overflow vulnerability exists in Tenda FH1202 firmware version 1.2.0.14(408) affecting the /goform/AdvSetWan endpoint. An authenticated remote attacker can overflow the PPPOEPassword parameter to achieve arbitrary code execution with full system privileges (confidentiality, integrity, and availability compromise). Public exploit code is available and the vulnerability meets criteria for active exploitation risk.

Buffer Overflow Fh1202 Firmware Tenda
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

CVE-2025-7506 is a critical stack-based buffer overflow vulnerability in Tenda FH451 router firmware version 1.0.0.9, exploitable via the HTTP POST parameter 'page' in the /goform/Natlimit endpoint. An authenticated remote attacker can achieve complete system compromise (code execution, data exfiltration, denial of service) without user interaction. Public exploit code is available, indicating active disclosure and likely exploitation in the wild.

Buffer Overflow Fh451 Firmware Tenda
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

CVE-2025-7505 is a critical stack-based buffer overflow vulnerability in Tenda FH451 v1.0.0.9 affecting the HTTP POST request handler's L7 protocol filter functionality. An authenticated attacker can remotely exploit this vulnerability by manipulating the 'page' parameter to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code has been disclosed and the vulnerability meets CISA KEV criteria for active exploitation risk.

Buffer Overflow Fh451 Firmware Tenda
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

A buffer overflow vulnerability in A vulnerability (CVSS 8.8). Risk factors: public PoC available.

Buffer Overflow Fh1201 Firmware Tenda
NVD VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

CVE-2025-7465 is a critical remote buffer overflow vulnerability in Tenda FH1201 firmware version 1.2.0.14 affecting the HTTP POST request handler's fromRouteStatic function. An authenticated attacker can exploit improper input validation on the 'page' parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). A public proof-of-concept exploit exists and the vulnerability may be actively exploited in the wild.

Buffer Overflow Fh1201 Firmware Tenda
NVD VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

A critical buffer overflow vulnerability exists in Tenda FH1201 wireless router firmware version 1.2.0.14, located in the HTTP POST handler for wireless safety settings. An authenticated attacker can remotely exploit this vulnerability by sending a crafted request with an oversized 'mit_ssid' parameter to the /goform/AdvSetWrlsafeset endpoint, achieving remote code execution with complete system compromise (confidentiality, integrity, and availability). A public proof-of-concept exploit is available, and this vulnerability meets CISA KEV criteria for active exploitation in the wild.

Buffer Overflow Fh1201 Firmware Tenda
NVD VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

CVE-2025-7434 is a critical stack-based buffer overflow vulnerability in Tenda FH451 wireless routers (versions up to 1.0.0.9) affecting the POST request handler for the /goform/addressNat endpoint. An authenticated remote attacker can exploit improper input validation on the 'page' parameter to overflow the stack, achieving arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code exists and the vulnerability may be actively exploited in the wild.

Buffer Overflow Fh451 Firmware Tenda
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

CVE-2025-7423 is a critical stack-based buffer overflow vulnerability in Tenda O3V2 router firmware (version 1.0.0.12(3880)) affecting the WiFi MAC filter functionality. An authenticated attacker can remotely exploit this vulnerability by sending a malicious macList parameter to the /goform/setWrlFilterList endpoint, achieving arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). The vulnerability has public exploit disclosure and may be actively exploited in the wild.

Buffer Overflow O3 Firmware Tenda
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

A buffer overflow vulnerability in A vulnerability classified as critical (CVSS 8.8). Risk factors: public PoC available.

Buffer Overflow O3 Firmware Tenda
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

A critical stack-based buffer overflow vulnerability exists in Tenda O3V2 firmware version 1.0.0.12(3880) in the MAC filter modification function. An authenticated remote attacker can exploit improper input validation of the 'mac' parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). The vulnerability has public exploit disclosure and demonstrates high real-world exploitability.

Buffer Overflow O3 Firmware Tenda
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

CVE-2025-7420 is a critical stack-based buffer overflow vulnerability in Tenda O3V2 router firmware (version 1.0.0.12(3880)) affecting the httpd component's WiFi configuration handler. An authenticated remote attacker can overflow the stack via the 'extChannel' parameter in the /goform/setWrlBasicInfo endpoint, achieving complete system compromise including arbitrary code execution, data theft, and denial of service. Public exploit code has been disclosed and the vulnerability meets CVSS 8.8 severity criteria, indicating high real-world risk for affected router deployments.

Buffer Overflow RCE O3 Firmware +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

A critical stack-based buffer overflow vulnerability exists in Tenda O3V2 router firmware version 1.0.0.12(3880), affecting the httpd daemon's speed test functionality. An authenticated remote attacker can exploit the destIP parameter in the /goform/setRateTest endpoint to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability). Public exploit code is available and the vulnerability meets criteria for active exploitation risk.

Buffer Overflow O3 Firmware Tenda
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

A buffer overflow vulnerability in A vulnerability (CVSS 8.8). Risk factors: public PoC available.

Buffer Overflow O3 Firmware Tenda
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

CVE-2025-7417 is a critical stack-based buffer overflow vulnerability in Tenda O3V2 router firmware (version 1.0.0.12(3880)) affecting the /goform/setPingInfo endpoint. An authenticated attacker can exploit improper input validation on the 'ip' parameter to achieve remote code execution with high impact on confidentiality, integrity, and availability. A public proof-of-concept exploit exists, and the vulnerability is actively exploitable in real-world environments.

Buffer Overflow O3 Firmware Tenda
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

A critical stack-based buffer overflow vulnerability exists in Tenda O3V2 1.0.0.12(3880) in the httpd component's fromSysToolTime function within /goform/setSysTimeInfo. An authenticated remote attacker can exploit this by manipulating the Time argument to achieve arbitrary code execution with high confidentiality, integrity, and availability impact (CVSS 8.8). Public exploit disclosure and active exploitation indicators elevate real-world risk significantly.

Buffer Overflow O3 Firmware Tenda
NVD GitHub VulDB
EPSS 1% CVSS 2.1
LOW POC Monitor

A vulnerability, which was classified as critical, has been found in Tenda O3V2 1.0.0.12(3880). This issue affects the function fromTraceroutGet of the file /goform/getTraceroute of the component httpd. The manipulation of the argument dest leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Command Injection Tenda
NVD GitHub VulDB
EPSS 1% CVSS 2.1
LOW POC Monitor

A vulnerability classified as critical was found in Tenda O3V2 1.0.0.12(3880). This vulnerability affects the function fromNetToolGet of the file /goform/setPingInfo of the component httpd. The manipulation of the argument domain leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Command Injection Tenda
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH POC This Week

A security vulnerability in Tenda CP3 Pro Firmware (CVSS 7.5) that allows remote attackers. Risk factors: public PoC available.

Information Disclosure Cp3 Pro Firmware Tenda
NVD
EPSS 0% CVSS 8.1
HIGH POC This Week

Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the fromSetRouteStatic function via the list parameter.

Buffer Overflow Ac6 Firmware Tenda
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetQosBand function via the list parameter.

Buffer Overflow Ac6 Firmware Tenda
NVD GitHub
Prev Page 5 of 21 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy