546
CVEs
56
Critical
365
High
0
KEV
439
PoC
420
Unpatched C/H
0.4%
Patch Rate
0.6%
Avg EPSS
Severity Breakdown
CRITICAL
56
HIGH
365
MEDIUM
87
LOW
38
Monthly CVE Trend
Affected Products (30)
Ac6 Firmware
36
Ac18 Firmware
24
Ac10 Firmware
20
Ac8 Firmware
18
Ax3 Firmware
18
Ac9 Firmware
18
Fh1202 Firmware
17
W18E Firmware
13
G3 Firmware
13
Ac15 Firmware
13
Ch22 Firmware
13
Rx3 Firmware
12
Ax1806 Firmware
11
Ac20 Firmware
11
Ac21 Firmware
11
Rx2 Pro Firmware
11
PHP
11
Ac7 Firmware
11
O3 Firmware
9
Fh1201 Firmware
8
Fax Server
8
Interactive Voice Response
8
Ax1803 Firmware
7
Fh451 Firmware
7
Tx3 Firmware
6
Ac1206 Firmware
6
W12 Firmware
6
I24 Firmware
5
Ac5 Firmware
5
Ac23 Firmware
5
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2025-45042 | Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.8%. | CRITICAL | 9.8 | 14.8% | 84 |
PoC
No patch
|
| CVE-2025-29384 | In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.6%. | CRITICAL | 9.8 | 14.6% | 84 |
PoC
No patch
|
| CVE-2025-44872 | Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via the deviceName parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%. | CRITICAL | 9.8 | 12.5% | 82 |
PoC
No patch
|
| CVE-2025-44877 | Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSambaConf function via the usbname parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%. | CRITICAL | 9.8 | 12.5% | 82 |
PoC
No patch
|
| CVE-2025-25632 | Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.8%. | CRITICAL | 9.8 | 10.8% | 80 |
PoC
No patch
|
| CVE-2025-45429 | In the Tenda ac9 v1.0 router with firmware V15.03.05.14_multi, there is a stack overflow vulnerability in /goform/WifiWpsStart, which may lead to remote arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 2.4% | 71 |
PoC
No patch
|
| CVE-2025-45427 | In Tenda AC9 v1.0 with firmware V15.03.05.14_multi, the security parameter of /goform/WifiBasicSet has a stack overflow vulnerability, which can lead to remote arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 2.2% | 71 |
PoC
No patch
|
| CVE-2025-45428 | In Tenda ac9 v1.0 with firmware V15.03.05.14_multi, the rebootTime parameter of /goform/SetSysAutoRebbotCfg has a stack overflow vulnerability, which can lead to remote arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 2.2% | 71 |
PoC
No patch
|
| CVE-2025-29385 | In Tenda AC9 v1.0 V15.03.05.14_multi, the cloneType parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 1.1% | 70 |
PoC
No patch
|
| CVE-2025-29386 | In Tenda AC9 v1.0 V15.03.05.14_multi, the mac parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 1.1% | 70 |
PoC
No patch
|
| CVE-2025-25456 | Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via mac2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 0.4% | 69 |
PoC
No patch
|
| CVE-2025-69762 | Tenda AX3 firmware v16.03.12.11 has a stack overflow in formSetIptv via the list parameter, enabling remote attackers to crash the router or execute arbitrary code. | CRITICAL | 9.8 | 0.4% | 69 |
PoC
No patch
|
| CVE-2025-69763 | Tenda AX3 firmware has a second stack overflow in formSetIptv via the vlanId parameter, allowing remote code execution through the IPTV configuration endpoint. | CRITICAL | 9.8 | 0.4% | 69 |
PoC
No patch
|
| CVE-2025-69766 | Tenda AX3 firmware has a third stack-based buffer overflow in formGetIptv, allowing unauthenticated remote code execution through the router's web interface. | CRITICAL | 9.8 | 0.4% | 69 |
PoC
No patch
|
| CVE-2025-25343 | Tenda AC6 V15.03.05.16 firmware has a buffer overflow vulnerability in the formexeCommand function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 0.2% | 69 |
PoC
No patch
|