1818
CVEs
625
Critical
970
High
3
KEV
1448
PoC
1588
Unpatched C/H
0.4%
Patch Rate
1.5%
Avg EPSS
Severity Breakdown
CRITICAL
625
HIGH
970
MEDIUM
181
LOW
41
Monthly CVE Trend
Affected Products (30)
Ac6 Firmware
115
Ac18 Firmware
112
Ac9 Firmware
94
Ac15 Firmware
93
Ac10 Firmware
87
Ax1806 Firmware
61
Ac7 Firmware
60
Fh1202 Firmware
58
Ac8 Firmware
56
Ax1803 Firmware
56
N A
51
W30e Firmware
50
Ac1206 Firmware
43
Fh1206 Firmware
38
M3 Firmware
37
Ac10U Firmware
37
Fh1201 Firmware
36
Ac5 Firmware
35
Fh1203 Firmware
35
F1203 Firmware
34
G3 Firmware
31
W15e Firmware
30
Fh1205 Firmware
29
Ax3 Firmware
27
F1202 Firmware
25
Ax12 Firmware
24
Ac21 Firmware
23
A15 Firmware
21
Ac23 Firmware
20
W9 Firmware
19
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2022-30023 | Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 43.6%. | HIGH | 8.8 | 43.6% | 108 |
PoC
No patch
|
| CVE-2015-5995 | Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote attackers to obtain administrative access via a certain admin substring in an HTTP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 38.2%. | CRITICAL | 9.8 | 38.2% | 107 |
PoC
No patch
|
| CVE-2014-5246 | The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_CN allows remote attackers to bypass authentication and gain administrator access by setting the admin:language cookie to zh-cn. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 23.8%. | CRITICAL | 10.0 | 23.8% | 94 |
PoC
No patch
|
| CVE-2025-45042 | Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.8%. | CRITICAL | 9.8 | 14.8% | 84 |
PoC
No patch
|
| CVE-2025-29384 | In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.6%. | CRITICAL | 9.8 | 14.6% | 84 |
PoC
No patch
|
| CVE-2025-44872 | Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via the deviceName parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%. | CRITICAL | 9.8 | 12.5% | 82 |
PoC
No patch
|
| CVE-2025-44877 | Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSambaConf function via the usbname parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%. | CRITICAL | 9.8 | 12.5% | 82 |
PoC
No patch
|
| CVE-2022-32386 | Tenda AC23 v16.03.07.44 was discovered to contain a buffer overflow via fromAdvSetMacMtuWan. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.2%. | CRITICAL | 9.8 | 11.2% | 80 |
PoC
No patch
|
| CVE-2025-25632 | Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.8%. | CRITICAL | 9.8 | 10.8% | 80 |
PoC
No patch
|
| CVE-2023-51972 | Tenda AX1803 v1.0.0.1 was discovered to contain a command injection vulnerability via the function fromAdvSetLanIp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 3.8% | 73 |
PoC
No patch
|
| CVE-2023-51812 | Tenda AX3 v16.03.12.11 was discovered to contain a remote code execution (RCE) vulnerability via the list parameter at /goform/SetNetControlList. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 2.6% | 72 |
PoC
No patch
|
| CVE-2025-45429 | In the Tenda ac9 v1.0 router with firmware V15.03.05.14_multi, there is a stack overflow vulnerability in /goform/WifiWpsStart, which may lead to remote arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 2.4% | 71 |
PoC
No patch
|
| CVE-2025-51087 | Stack-based buffer overflow in the Tenda AC8V4 router (firmware V16.03.34.06) lets remote attackers corrupt memory by supplying an oversized 'time' parameter to the /goform/saveParentControlInfo web endpoint. Per the published CVSS vector the flaw is network-reachable with no authentication (PR:N) and low complexity, and publicly available exploit code exists (no public exploit identified as actively exploited in CISA KEV). The EPSS score of 8.43% (94th percentile) marks it as elevated exploitation likelihood relative to the CVE population. | HIGH | 8.6 | 8.4% | 71 |
PoC
No patch
|
| CVE-2022-32385 | Tenda AC23 v16.03.07.44 is vulnerable to Stack Overflow that will allow for the execution of arbitrary code (remote). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 2.4% | 71 |
PoC
No patch
|
| CVE-2023-50983 | Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the sysScheduleRebootSet function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 2.3% | 71 |
PoC
No patch
|