Filtered by vendor Tenda
Subscribe
Total
627 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45505 | 1 Tenda | 2 W30e, W30e Firmware | 2025-04-23 | N/A | 7.5 HIGH |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the cmdinput parameter at /goform/exeCommand. | |||||
| CVE-2022-45504 | 1 Tenda | 2 W6-s, W6-s Firmware | 2025-04-23 | N/A | 7.5 HIGH |
| An issue in the component tpi_systool_handle(0) (/goform/SysToolRestoreSet) of Tenda W6-S v1.0.0.4(510) allows unauthenticated attackers to arbitrarily reboot the device. | |||||
| CVE-2022-45503 | 1 Tenda | 2 W6-s, W6-s Firmware | 2025-04-23 | N/A | 7.5 HIGH |
| Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the linkEn parameter at /goform/setAutoPing. | |||||
| CVE-2022-45501 | 1 Tenda | 2 W6-s, W6-s Firmware | 2025-04-23 | N/A | 7.5 HIGH |
| Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /goform/wifiSSIDset. | |||||
| CVE-2022-45499 | 1 Tenda | 2 W6-s, W6-s Firmware | 2025-04-23 | N/A | 7.5 HIGH |
| Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow via the wl_radio parameter at /goform/WifiMacFilterGet. | |||||
| CVE-2022-45498 | 1 Tenda | 2 W6-s, W6-s Firmware | 2025-04-23 | N/A | 7.5 HIGH |
| An issue in the component tpi_systool_handle(0) (/goform/SysToolReboot) of Tenda W6-S v1.0.0.4(510) allows unauthenticated attackers to arbitrarily reboot the device. | |||||
| CVE-2022-45043 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2025-04-22 | N/A | 8.8 HIGH |
| Tenda AX12 V22.03.01.16_cn is vulnerable to command injection via goform/fast_setting_internet_set. | |||||
| CVE-2022-45997 | 1 Tenda | 2 W15e, W20e Firmware | 2025-04-22 | N/A | 7.2 HIGH |
| Tenda W20E V16.01.0.6(3392) is vulnerable to Buffer Overflow. | |||||
| CVE-2022-45996 | 1 Tenda | 2 W15e, W20e Firmware | 2025-04-22 | N/A | 7.2 HIGH |
| Tenda W20E V16.01.0.6(3392) is vulnerable to Command injection via cmd_get_ping_output. | |||||
| CVE-2022-45980 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2025-04-22 | N/A | 8.8 HIGH |
| Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via /goform/SysToolRestoreSet . | |||||
| CVE-2022-45979 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2025-04-22 | N/A | 7.5 HIGH |
| Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the ssid parameter at /goform/fast_setting_wifi_set . | |||||
| CVE-2022-45977 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2025-04-22 | N/A | 8.8 HIGH |
| Tenda AX12 V22.03.01.21_CN was found to have a command injection vulnerability via /goform/setMacFilterCfg function. | |||||
| CVE-2025-25457 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-04-22 | N/A | 7.5 HIGH |
| Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via cloneType2. | |||||
| CVE-2025-25454 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-04-22 | N/A | 7.5 HIGH |
| Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanSpeed2. | |||||
| CVE-2025-25455 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-04-22 | N/A | 7.5 HIGH |
| Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanMTU2. | |||||
| CVE-2025-3786 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-04-22 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in Tenda AC15 up to 15.03.05.19 and classified as critical. This issue affects the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument mac leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-14515 | 1 Tenda | 2 W15e, W15e Firmware | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Heap-based Buffer Overflow on Tenda W15E devices before 15.11.0.14 allows remote attackers to cause a denial of service (temporary HTTP outage and forced logout) via unspecified vectors. | |||||
| CVE-2017-16923 | 1 Tenda | 6 Ac15, Ac15 Firmware, Ac18 and 3 more | 2025-04-20 | 8.3 HIGH | 8.8 HIGH |
| Command Injection vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated attackers to execute arbitrary OS commands via a crafted cgi-bin/luci/usbeject?dev_name= GET request from the LAN. This occurs because the "sub_A6E8 usbeject_process_entry" function executes a system function with untrusted input. | |||||
| CVE-2017-14514 | 1 Tenda | 2 W15e, W15e Firmware | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Directory Traversal on Tenda W15E devices before 15.11.0.14 allows remote attackers to read unencrypted files via a crafted URL. | |||||
| CVE-2022-46109 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-04-17 | N/A | 7.5 HIGH |
| Tenda AC15 V15.03.06.23 is vulnerable to Buffer Overflow via function formSetClientState. | |||||