Skip to main content

Tenda

Vendor security scorecard – 141 CVEs in the selected period

Period: 30d 90d 6m 1y All
Risk 1129
141
CVEs
16
Critical
108
High
0
KEV
64
PoC
124
Unpatched C/H
0.0%
Patch Rate
0.3%
Avg EPSS

Severity Breakdown

CRITICAL
16
HIGH
108
MEDIUM
9
LOW
8

Monthly CVE Trend

Top Risky CVEs

CVE Summary Severity CVSS EPSS Priority Signals
CVE-2018-25316 Tenda W308R v2 V5.07.48 contains a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. CRITICAL 9.3 0.0% 67
PoC No patch
CVE-2018-25317 Tenda W3002R/A302/W309R wireless routers version V5.07.64_en contain a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. CRITICAL 9.3 0.0% 67
PoC No patch
CVE-2018-25318 Tenda FH303/A300 firmware V5.07.68_EN contains a session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient cookie validation. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. CRITICAL 9.3 0.0% 67
PoC No patch
CVE-2026-15695 Stack-based buffer overflow in the Tenda BE12 Pro Wi-Fi router (firmware 16.03.66.23) lets an attacker corrupt the stack by supplying an oversized 'page' argument to the /goform/DhcpListClient web endpoint handled by the fromDhcpListClient function. The flaw is reachable over the network and publicly available exploit code exists (disclosed via VulDB), though it is not listed in CISA KEV and no EPSS score was provided. Per the supplied CVSS 4.0 vector (PR:L) the attack requires low-level authentication to the device, and successful exploitation can crash the router or potentially achieve arbitrary code execution. HIGH 7.4 0.8% 58
PoC No patch
CVE-2026-13518 Stack-based buffer overflow in the Tenda JD12L router (firmware 16.03.53.23) lets a remote attacker corrupt memory by manipulating the 'page' parameter handled by the fromAddressNat function at the /goform/addressNat endpoint, potentially achieving code execution or device crash. Publicly available exploit code exists and the issue was disclosed by VulDB, though there is no public exploit identified as actively exploited in the wild. With a CVSS 4.0 base score of 7.4 and PR:L, exploitation requires some level of authenticated access to the web management interface. HIGH 7.4 0.5% 57
PoC No patch
CVE-2026-13517 Stack-based buffer overflow in the Tenda JD12L router (firmware 16.03.53.23) allows remote attackers to corrupt memory by manipulating the security_5g argument sent to the formWifiBasicSet handler at /goform/WifiBasicSet, potentially achieving denial of service or arbitrary code execution on the device. The flaw is network-reachable but, per the CVSS 4.0 vector, requires low-level authentication (PR:L), and publicly available exploit code exists. There is no public exploit identified as actively exploited in CISA KEV, and the EPSS score was not provided. HIGH 7.4 0.5% 57
PoC No patch
CVE-2026-13519 Stack-based buffer overflow in the Tenda JD12L router (firmware 16.03.53.23) lets remote attackers corrupt memory via the 'page' parameter handled by the fromNatStaticSetting function at the /goform/NatStaticSetting endpoint. Publicly available exploit code exists, and the CVSS 4.0 vector (PR:L) indicates an authenticated user on the device's web interface can trigger high confidentiality, integrity and availability impact. There is no public exploit identified as actively used in the wild - exploitation is proof-of-concept only at this time. HIGH 7.4 0.5% 57
PoC No patch
CVE-2026-7096 OS command injection in Tenda HG3 router version 2.0 (build 300003070) allows authenticated remote attackers to execute arbitrary system commands with router privileges via the fmgpon_loid parameter in the formgponConf administrative function. Public exploit code is available and confirmed usable for attacks per VulDB reporting, significantly lowering the skill barrier for exploitation despite requiring valid administrative credentials. HIGH 7.4 0.3% 57
PoC No patch
CVE-2026-7160 A vulnerability was determined in Tenda HG3 2.0. This vulnerability affects the function formTracert of the file /boaform/formTracert. Executing a man HIGH 7.4 0.3% 57
PoC No patch
CVE-2026-7056 Buffer overflow in Tenda F456 router firmware 1.0.0.5 allows authenticated remote attackers to achieve arbitrary code execution with high impact to confidentiality, integrity, and availability. The vulnerability resides in the SafeUrlFilter functionality of the httpd web server component, triggered by manipulating the 'page' parameter. A public proof-of-concept exploit is available on GitHub, significantly lowering the barrier to exploitation, though no CISA KEV listing or widespread exploitation has been confirmed at time of analysis. HIGH 7.4 0.1% 57
PoC No patch
CVE-2026-10188 Stack-based buffer overflow in Tenda W12 firmware 3.0.0.7(4763) allows remote attackers with low privileges to corrupt memory via the staMac parameter processed by the cgistaKickOff function in /bin/httpd. Publicly available exploit code exists (hosted at cdn2.v50to.cc), elevating practical risk despite no current CISA KEV listing. The CVSS 4.0 score of 7.4 reflects high confidentiality, integrity, and availability impact achievable over the network against this enterprise wireless access point. HIGH 7.4 0.1% 57
PoC No patch
CVE-2026-10189 Stack-based buffer overflow in Tenda W12 firmware 3.0.0.7(4763) allows authenticated remote attackers to corrupt memory in the embedded HTTP daemon via the 'sec' parameter of the cgiSysTimeInfoSet handler. Publicly available exploit code exists for this issue, raising the practical risk for exposed management interfaces despite no public exploit identified at time of analysis in the CISA KEV catalog. HIGH 7.4 0.1% 57
PoC No patch
CVE-2026-10191 Stack-based buffer overflow in Tenda W12 firmware 3.0.0.7(4763) allows remote authenticated attackers to corrupt memory in the embedded HTTP daemon by supplying an oversized wifiMacFilterSet.macList.mac parameter to the cgiWifiMacFilterSet handler in /bin/httpd. Publicly available exploit code exists, raising the practical risk of device compromise, denial of service, or potential code execution on affected access points, though no CISA KEV listing or active exploitation has been confirmed. HIGH 7.4 0.1% 57
PoC No patch
CVE-2026-10192 Stack-based buffer overflow in Tenda W12 firmware 3.0.0.7(4763) allows remote attackers to corrupt memory in the embedded HTTP daemon by supplying a crafted Time argument to the set_local_time_0 function in /bin/httpd. Publicly available exploit code exists, and the CVSS 4.0 base score of 7.4 reflects high impact to confidentiality, integrity, and availability with low-privilege network access. No CISA KEV listing or EPSS score is provided, so widespread opportunistic exploitation is not confirmed at this time. HIGH 7.4 0.1% 57
PoC No patch
CVE-2026-11503 Stack-based buffer overflow in the Tenda CX12L router (firmware 16.03.53.12) allows authenticated remote attackers to corrupt memory via the ssid parameter of the /goform/fast_setting_wifi_set endpoint, handled by the form_fast_setting_wifi_set function. Publicly available exploit code exists per VulDB disclosure, raising the likelihood of opportunistic exploitation against exposed management interfaces. The CVSS 4.0 score of 7.4 reflects high confidentiality, integrity, and availability impact bounded by a low-privilege requirement. HIGH 7.4 0.1% 57
PoC No patch

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy