480
CVEs
53
Critical
322
High
0
KEV
390
PoC
374
Unpatched C/H
0.4%
Patch Rate
0.6%
Avg EPSS
Severity Breakdown
CRITICAL
53
HIGH
322
MEDIUM
97
LOW
8
Monthly CVE Trend
Affected Products (30)
Stack Overflow
131
Ac6 Firmware
36
Command Injection
34
Memory Corruption
31
Ac18 Firmware
24
Ac9 Firmware
22
Ac10 Firmware
21
Ax3 Firmware
18
Ac8 Firmware
18
Fh1202 Firmware
17
PHP
15
Ac15 Firmware
14
Ac20 Firmware
13
G3 Firmware
13
W18E Firmware
13
Rx3 Firmware
12
O3 Firmware
11
Rx2 Pro Firmware
11
Ch22 Firmware
11
Ax1806 Firmware
11
Ac21 Firmware
11
Ac7 Firmware
10
Fax Server
8
Interactive Voice Response
8
Fh1201 Firmware
8
Ax1803 Firmware
7
Fh451 Firmware
7
W12 Firmware
6
Ac1206 Firmware
6
Tx3 Firmware
6
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2025-45042 | Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.8%. | CRITICAL | 9.8 | 14.8% | 84 |
PoC
No patch
|
| CVE-2025-29384 | In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.6%. | CRITICAL | 9.8 | 14.6% | 84 |
PoC
No patch
|
| CVE-2025-44872 | Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via the deviceName parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%. | CRITICAL | 9.8 | 12.5% | 82 |
PoC
No patch
|
| CVE-2025-44877 | Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSambaConf function via the usbname parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%. | CRITICAL | 9.8 | 12.5% | 82 |
PoC
No patch
|
| CVE-2025-25632 | Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.8%. | CRITICAL | 9.8 | 10.8% | 80 |
PoC
No patch
|
| CVE-2025-45429 | In the Tenda ac9 v1.0 router with firmware V15.03.05.14_multi, there is a stack overflow vulnerability in /goform/WifiWpsStart, which may lead to remote arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 2.4% | 71 |
PoC
No patch
|
| CVE-2025-45427 | In Tenda AC9 v1.0 with firmware V15.03.05.14_multi, the security parameter of /goform/WifiBasicSet has a stack overflow vulnerability, which can lead to remote arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 2.2% | 71 |
PoC
No patch
|
| CVE-2025-45428 | In Tenda ac9 v1.0 with firmware V15.03.05.14_multi, the rebootTime parameter of /goform/SetSysAutoRebbotCfg has a stack overflow vulnerability, which can lead to remote arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 2.2% | 71 |
PoC
No patch
|
| CVE-2025-29385 | In Tenda AC9 v1.0 V15.03.05.14_multi, the cloneType parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 1.1% | 70 |
PoC
No patch
|
| CVE-2025-29386 | In Tenda AC9 v1.0 V15.03.05.14_multi, the mac parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 1.1% | 70 |
PoC
No patch
|
| CVE-2025-25456 | Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via mac2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 0.4% | 69 |
PoC
No patch
|
| CVE-2025-69762 | Tenda AX3 firmware v16.03.12.11 has a stack overflow in formSetIptv via the list parameter, enabling remote attackers to crash the router or execute arbitrary code. | CRITICAL | 9.8 | 0.4% | 69 |
PoC
No patch
|
| CVE-2025-69763 | Tenda AX3 firmware has a second stack overflow in formSetIptv via the vlanId parameter, allowing remote code execution through the IPTV configuration endpoint. | CRITICAL | 9.8 | 0.4% | 69 |
PoC
No patch
|
| CVE-2025-69766 | Tenda AX3 firmware has a third stack-based buffer overflow in formGetIptv, allowing unauthenticated remote code execution through the router's web interface. | CRITICAL | 9.8 | 0.4% | 69 |
PoC
No patch
|
| CVE-2025-25343 | Tenda AC6 V15.03.05.16 firmware has a buffer overflow vulnerability in the formexeCommand function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 0.2% | 69 |
PoC
No patch
|