Total
73 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-42163 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-05-15 | N/A | 9.8 CRITICAL |
| Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromNatStaticSetting. | |||||
| CVE-2022-42171 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-05-15 | N/A | 9.8 CRITICAL |
| Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/saveParentControlInfo. | |||||
| CVE-2022-42170 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-05-15 | N/A | 9.8 CRITICAL |
| Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formWifiWpsStart. | |||||
| CVE-2022-42169 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-05-15 | N/A | 9.8 CRITICAL |
| Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/addWifiMacFilter. | |||||
| CVE-2022-42168 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-05-15 | N/A | 9.8 CRITICAL |
| Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/fromSetIpMacBind. | |||||
| CVE-2022-42167 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-05-15 | N/A | 9.8 CRITICAL |
| Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetFirewallCfg. | |||||
| CVE-2022-42164 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-05-15 | N/A | 9.8 CRITICAL |
| Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetClientState. | |||||
| CVE-2022-42166 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-05-13 | N/A | 9.8 CRITICAL |
| Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetSpeedWan. | |||||
| CVE-2022-42165 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-05-13 | N/A | 9.8 CRITICAL |
| Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetDeviceName. | |||||
| CVE-2025-25457 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-04-22 | N/A | 7.5 HIGH |
| Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via cloneType2. | |||||
| CVE-2025-25453 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-04-22 | N/A | 4.6 MEDIUM |
| Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via serviceName2. | |||||
| CVE-2025-25458 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-04-22 | N/A | 4.6 MEDIUM |
| Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via serverName2. | |||||
| CVE-2025-25456 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-04-22 | N/A | 9.8 CRITICAL |
| Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via mac2. | |||||
| CVE-2025-25454 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-04-22 | N/A | 7.5 HIGH |
| Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanSpeed2. | |||||
| CVE-2025-25455 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-04-22 | N/A | 7.5 HIGH |
| Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanMTU2. | |||||
| CVE-2022-46109 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-04-17 | N/A | 7.5 HIGH |
| Tenda AC15 V15.03.06.23 is vulnerable to Buffer Overflow via function formSetClientState. | |||||
| CVE-2025-3161 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-04-09 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. This issue affects the function ShutdownSetAdd of the file /goform/ShutdownSetAdd. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2018-14558 | 1 Tenda | 6 Ac10, Ac10 Firmware, Ac7 and 3 more | 2025-03-20 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted goform/setUsbUnload request. This occurs because the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input. | |||||
| CVE-2025-25675 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-03-17 | N/A | 9.8 CRITICAL |
| Tenda AC10 V1.0 V15.03.06.23 has a command injection vulnerablility located in the formexeCommand function. The str variable receives the cmdinput parameter from a POST request and is later assigned to the cmd_buf variable, which is directly used in the doSystemCmd function, causing an arbitrary command execution. | |||||
| CVE-2025-25674 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-03-17 | N/A | 9.8 CRITICAL |
| Tenda AC10 V1.0 V15.03.06.23 is vulnerable to Buffer Overflow in form_fast_setting_wifi_set via the parameter ssid. | |||||