377
CVEs
22
Critical
279
High
0
KEV
309
PoC
300
Unpatched C/H
0.5%
Patch Rate
0.6%
Avg EPSS
Severity Breakdown
CRITICAL
22
HIGH
279
MEDIUM
69
LOW
7
Monthly CVE Trend
Affected Products (30)
Stack Overflow
131
Ac6 Firmware
36
Command Injection
34
Memory Corruption
31
Ac18 Firmware
24
Ac9 Firmware
22
Ac10 Firmware
21
Ax3 Firmware
18
Ac8 Firmware
18
Fh1202 Firmware
17
PHP
15
Ac15 Firmware
14
Ac20 Firmware
13
G3 Firmware
13
W18E Firmware
13
Rx3 Firmware
12
O3 Firmware
11
Rx2 Pro Firmware
11
Ch22 Firmware
11
Ax1806 Firmware
11
Ac21 Firmware
11
Ac7 Firmware
10
Fax Server
8
Interactive Voice Response
8
Fh1201 Firmware
8
Ax1803 Firmware
7
Fh451 Firmware
7
W12 Firmware
6
Ac1206 Firmware
6
Tx3 Firmware
6
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2025-45042 | Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.8%. | CRITICAL | 9.8 | 14.8% | 84 |
PoC
No patch
|
| CVE-2025-44872 | Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via the deviceName parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%. | CRITICAL | 9.8 | 12.5% | 82 |
PoC
No patch
|
| CVE-2025-44877 | Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSambaConf function via the usbname parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%. | CRITICAL | 9.8 | 12.5% | 82 |
PoC
No patch
|
| CVE-2025-45429 | In the Tenda ac9 v1.0 router with firmware V15.03.05.14_multi, there is a stack overflow vulnerability in /goform/WifiWpsStart, which may lead to remote arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 2.4% | 71 |
PoC
No patch
|
| CVE-2025-45427 | In Tenda AC9 v1.0 with firmware V15.03.05.14_multi, the security parameter of /goform/WifiBasicSet has a stack overflow vulnerability, which can lead to remote arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 2.2% | 71 |
PoC
No patch
|
| CVE-2025-45428 | In Tenda ac9 v1.0 with firmware V15.03.05.14_multi, the rebootTime parameter of /goform/SetSysAutoRebbotCfg has a stack overflow vulnerability, which can lead to remote arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 2.2% | 71 |
PoC
No patch
|
| CVE-2025-25456 | Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via mac2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 0.4% | 69 |
PoC
No patch
|
| CVE-2025-69762 | Tenda AX3 firmware v16.03.12.11 has a stack overflow in formSetIptv via the list parameter, enabling remote attackers to crash the router or execute arbitrary code. | CRITICAL | 9.8 | 0.4% | 69 |
PoC
No patch
|
| CVE-2025-69763 | Tenda AX3 firmware has a second stack overflow in formSetIptv via the vlanId parameter, allowing remote code execution through the IPTV configuration endpoint. | CRITICAL | 9.8 | 0.4% | 69 |
PoC
No patch
|
| CVE-2025-69766 | Tenda AX3 firmware has a third stack-based buffer overflow in formGetIptv, allowing unauthenticated remote code execution through the router's web interface. | CRITICAL | 9.8 | 0.4% | 69 |
PoC
No patch
|
| CVE-2025-69764 | Tenda AX3 firmware has another stack-based buffer overflow in formGetIptv through a different input path, enabling remote code execution. | CRITICAL | 9.8 | 0.1% | 69 |
PoC
No patch
|
| CVE-2025-3693 | A vulnerability was found in Tenda W12 3.0.0.5. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 8.7 | 2.2% | 66 |
PoC
No patch
|
| CVE-2025-9605 | A security vulnerability has been detected in Tenda AC21 and AC23 16.03.08.16. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 8.9 | 0.5% | 65 |
PoC
No patch
|
| CVE-2025-4354 | A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02 and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 8.7 | 1.4% | 65 |
PoC
No patch
|
| CVE-2025-4355 | A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 8.7 | 1.4% | 65 |
PoC
No patch
|