415
CVEs
29
Critical
303
High
0
KEV
275
PoC
331
Unpatched C/H
0.2%
Patch Rate
0.3%
Avg EPSS
Severity Breakdown
CRITICAL
29
HIGH
303
MEDIUM
52
LOW
31
Monthly CVE Trend
Affected Products (30)
Ac6 Firmware
115
Ac18 Firmware
112
Ac9 Firmware
94
Ac15 Firmware
93
Ac10 Firmware
87
Ax1806 Firmware
61
Ac7 Firmware
60
Fh1202 Firmware
58
Ac8 Firmware
56
Ax1803 Firmware
56
N A
51
W30e Firmware
50
Ac1206 Firmware
43
Fh1206 Firmware
38
M3 Firmware
37
Ac10U Firmware
37
Fh1201 Firmware
36
Ac5 Firmware
35
Fh1203 Firmware
35
F1203 Firmware
34
G3 Firmware
31
W15e Firmware
30
Fh1205 Firmware
29
Ax3 Firmware
27
F1202 Firmware
25
Ax12 Firmware
24
Ac21 Firmware
23
A15 Firmware
21
Ac23 Firmware
20
W9 Firmware
19
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2025-51087 | Stack-based buffer overflow in the Tenda AC8V4 router (firmware V16.03.34.06) lets remote attackers corrupt memory by supplying an oversized 'time' parameter to the /goform/saveParentControlInfo web endpoint. Per the published CVSS vector the flaw is network-reachable with no authentication (PR:N) and low complexity, and publicly available exploit code exists (no public exploit identified as actively exploited in CISA KEV). The EPSS score of 8.43% (94th percentile) marks it as elevated exploitation likelihood relative to the CVE population. | HIGH | 8.6 | 8.4% | 71 |
PoC
No patch
|
| CVE-2025-69762 | Tenda AX3 firmware v16.03.12.11 has a stack overflow in formSetIptv via the list parameter, enabling remote attackers to crash the router or execute arbitrary code. | CRITICAL | 9.8 | 0.4% | 69 |
PoC
No patch
|
| CVE-2025-69763 | Tenda AX3 firmware has a second stack overflow in formSetIptv via the vlanId parameter, allowing remote code execution through the IPTV configuration endpoint. | CRITICAL | 9.8 | 0.4% | 69 |
PoC
No patch
|
| CVE-2025-69766 | Tenda AX3 firmware has a third stack-based buffer overflow in formGetIptv, allowing unauthenticated remote code execution through the router's web interface. | CRITICAL | 9.8 | 0.4% | 69 |
PoC
No patch
|
| CVE-2025-69764 | Tenda AX3 firmware has another stack-based buffer overflow in formGetIptv through a different input path, enabling remote code execution. | CRITICAL | 9.8 | 0.1% | 69 |
PoC
No patch
|
| CVE-2018-25316 | Tenda W308R v2 V5.07.48 contains a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.3 | 0.0% | 67 |
PoC
No patch
|
| CVE-2018-25317 | Tenda W3002R/A302/W309R wireless routers version V5.07.64_en contain a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.3 | 0.0% | 67 |
PoC
No patch
|
| CVE-2018-25318 | Tenda FH303/A300 firmware V5.07.68_EN contains a session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient cookie validation. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.3 | 0.0% | 67 |
PoC
No patch
|
| CVE-2025-9605 | A security vulnerability has been detected in Tenda AC21 and AC23 16.03.08.16. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 8.9 | 0.5% | 65 |
PoC
No patch
|
| CVE-2026-4252 | A critical authentication bypass vulnerability exists in Tenda AC8 router firmware version 16.03.50.11 where the IPv6 handler function check_is_ipv6 relies on IP address for authentication, allowing remote attackers to gain unauthorized access. The vulnerability has a publicly available proof-of-concept exploit on GitHub and scores 9.8 CVSS, enabling complete compromise of the affected device with no authentication required. While not currently listed in CISA KEV, the combination of public exploit availability and ease of exploitation makes this a high-priority vulnerability for organizations using affected Tenda routers. | HIGH | 8.9 | 0.1% | 65 |
PoC
No patch
|
| CVE-2026-4567 | Stack-based buffer overflow in Tenda A15 router firmware version 15.13.07.13 allows unauthenticated remote attackers to achieve complete system compromise through a malicious file upload to the UploadCfg function. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires no user interaction and can be executed over the network with trivial complexity. | HIGH | 8.9 | 0.1% | 65 |
PoC
No patch
|
| CVE-2025-57528 | An issue was discovered in Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01 allowing attackers to cause a denial of service via the funcname, funcpara1, funcpara2 parameters to the formSetCfm function. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available. | HIGH | 7.7 | 0.1% | 59 |
PoC
No patch
|
| CVE-2025-51089 | Heap-based buffer overflow in Tenda AC8V4 router firmware V16.03.34.06 allows unauthenticated remote attackers to corrupt heap memory via a crafted `mac` parameter sent to the `/goform/GetParentControlInfo` endpoint. The vulnerability requires no authentication or user interaction and is reachable over the network, making it exploitable against any device whose web management interface is accessible. A publicly available proof-of-concept exists on GitHub, and the EPSS score of 5.54% at the 92nd percentile indicates elevated real-world exploitation probability relative to the broader CVE population; no public exploit identified at time of analysis confirms CISA KEV listing. | MEDIUM | 6.5 | 5.5% | 58 |
PoC
No patch
|
| CVE-2026-15695 | Stack-based buffer overflow in the Tenda BE12 Pro Wi-Fi router (firmware 16.03.66.23) lets an attacker corrupt the stack by supplying an oversized 'page' argument to the /goform/DhcpListClient web endpoint handled by the fromDhcpListClient function. The flaw is reachable over the network and publicly available exploit code exists (disclosed via VulDB), though it is not listed in CISA KEV and no EPSS score was provided. Per the supplied CVSS 4.0 vector (PR:L) the attack requires low-level authentication to the device, and successful exploitation can crash the router or potentially achieve arbitrary code execution. | HIGH | 7.4 | 0.8% | 58 |
PoC
No patch
|
| CVE-2025-69765 | Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formGetIptv function and the list parameter, which can cause memory corruption and enable remote code execution. [CVSS 7.5 HIGH] | HIGH | 7.5 | 0.3% | 58 |
PoC
No patch
|