389
CVEs
14
Critical
294
High
0
KEV
312
PoC
307
Unpatched C/H
0.5%
Patch Rate
0.3%
Avg EPSS
Severity Breakdown
CRITICAL
14
HIGH
294
MEDIUM
44
LOW
37
Monthly CVE Trend
Affected Products (30)
Ac6 Firmware
36
Ac18 Firmware
24
Ac10 Firmware
20
Ac8 Firmware
18
Ax3 Firmware
18
Ac9 Firmware
18
Fh1202 Firmware
17
W18E Firmware
13
G3 Firmware
13
Ac15 Firmware
13
Ch22 Firmware
13
Rx3 Firmware
12
Ax1806 Firmware
11
Ac20 Firmware
11
Ac21 Firmware
11
Rx2 Pro Firmware
11
PHP
11
Ac7 Firmware
11
O3 Firmware
9
Fh1201 Firmware
8
Fax Server
8
Interactive Voice Response
8
Ax1803 Firmware
7
Fh451 Firmware
7
Tx3 Firmware
6
Ac1206 Firmware
6
W12 Firmware
6
I24 Firmware
5
Ac5 Firmware
5
Ac23 Firmware
5
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2025-69762 | Tenda AX3 firmware v16.03.12.11 has a stack overflow in formSetIptv via the list parameter, enabling remote attackers to crash the router or execute arbitrary code. | CRITICAL | 9.8 | 0.4% | 69 |
PoC
No patch
|
| CVE-2025-69763 | Tenda AX3 firmware has a second stack overflow in formSetIptv via the vlanId parameter, allowing remote code execution through the IPTV configuration endpoint. | CRITICAL | 9.8 | 0.4% | 69 |
PoC
No patch
|
| CVE-2025-69766 | Tenda AX3 firmware has a third stack-based buffer overflow in formGetIptv, allowing unauthenticated remote code execution through the router's web interface. | CRITICAL | 9.8 | 0.4% | 69 |
PoC
No patch
|
| CVE-2025-69764 | Tenda AX3 firmware has another stack-based buffer overflow in formGetIptv through a different input path, enabling remote code execution. | CRITICAL | 9.8 | 0.1% | 69 |
PoC
No patch
|
| CVE-2025-9605 | A security vulnerability has been detected in Tenda AC21 and AC23 16.03.08.16. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 8.9 | 0.5% | 65 |
PoC
No patch
|
| CVE-2026-4252 | A critical authentication bypass vulnerability exists in Tenda AC8 router firmware version 16.03.50.11 where the IPv6 handler function check_is_ipv6 relies on IP address for authentication, allowing remote attackers to gain unauthorized access. The vulnerability has a publicly available proof-of-concept exploit on GitHub and scores 9.8 CVSS, enabling complete compromise of the affected device with no authentication required. While not currently listed in CISA KEV, the combination of public exploit availability and ease of exploitation makes this a high-priority vulnerability for organizations using affected Tenda routers. | HIGH | 8.9 | 0.1% | 65 |
PoC
No patch
|
| CVE-2026-4567 | Stack-based buffer overflow in Tenda A15 router firmware version 15.13.07.13 allows unauthenticated remote attackers to achieve complete system compromise through a malicious file upload to the UploadCfg function. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires no user interaction and can be executed over the network with trivial complexity. | HIGH | 8.9 | 0.1% | 65 |
PoC
No patch
|
| CVE-2025-5527 | Critical stack-based buffer overflow vulnerability in Tenda RX3 router firmware version 16.03.13.11_multi_TDE01, affecting the static route configuration endpoint. An authenticated remote attacker can exploit this vulnerability through manipulation of the 'list' argument in /goform/SetStaticRouteCfg to achieve code execution with full system privileges (confidentiality, integrity, and availability impact). Public exploit code exists and the vulnerability has been disclosed, creating immediate exploitation risk despite requiring authenticated access. | HIGH | 8.8 | 0.6% | 65 |
PoC
No patch
|
| CVE-2025-5619 | Critical stack-based buffer overflow vulnerability in Tenda CH22 version 1.0.0.1 affecting the /goform/addUserName endpoint's Password parameter handling. An authenticated remote attacker can exploit this flaw to achieve complete system compromise including unauthorized access, data modification, and denial of service. Public exploit code has been disclosed and the vulnerability is actionable with low attack complexity, making it a high-priority threat. | HIGH | 8.8 | 0.5% | 65 |
PoC
No patch
|
| CVE-2025-5794 | A buffer overflow vulnerability (CVSS 8.8). Risk factors: public PoC available. | HIGH | 8.8 | 0.5% | 65 |
PoC
No patch
|
| CVE-2025-5795 | Critical buffer overflow vulnerability in Tenda AC5 router firmware (version 1.0/15.03.06.47) affecting the LAN IP configuration function. An authenticated attacker can remotely exploit improper input validation on the 'lanMask' parameter to achieve remote code execution with high confidentiality, integrity, and availability impact. Public exploit code is available and the vulnerability meets active exploitation criteria. | HIGH | 8.8 | 0.5% | 65 |
PoC
No patch
|
| CVE-2025-5798 | Critical stack-based buffer overflow vulnerability in Tenda AC8 router firmware version 16.03.34.09, exploitable via the timeType parameter in the /goform/SetSysTimeCfg endpoint. An authenticated remote attacker can leverage this vulnerability to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit disclosure and confirmed proof-of-concept availability indicate active threat potential, though exploitation requires valid authentication credentials. | HIGH | 8.8 | 0.5% | 65 |
PoC
No patch
|
| CVE-2025-5799 | Critical stack-based buffer overflow vulnerability in Tenda AC8 router firmware version 16.03.34.09, affecting the wireless repeat configuration function. An authenticated remote attacker can exploit this vulnerability via the wpapsk_crypto parameter to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). Public proof-of-concept code exists and exploitation is feasible, making this an actively exploitable threat requiring immediate patching. | HIGH | 8.8 | 0.5% | 65 |
PoC
No patch
|
| CVE-2025-5978 | A critical stack-based buffer overflow vulnerability exists in Tenda FH1202 firmware version 1.2.0.14 within the /goform/VirtualSer endpoint's fromVirtualSer function, triggered by unsanitized 'page' parameter manipulation. An authenticated attacker can exploit this remotely to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit disclosure and proof-of-concept availability significantly elevate real-world exploitation risk. | HIGH | 8.8 | 0.5% | 65 |
PoC
No patch
|
| CVE-2025-5861 | Critical remote buffer overflow vulnerability in Tenda AC7 router firmware version 15.03.06.44, affecting the LAN IP configuration function. An authenticated attacker can exploit improper input validation in the 'lanMask' parameter to achieve remote code execution with high confidentiality, integrity, and availability impact. Public exploit code is available and the vulnerability meets criteria for active exploitation. | HIGH | 8.8 | 0.4% | 64 |
PoC
No patch
|