Filtered by vendor Tenda
Subscribe
Total
1164 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-48130 | 1 Tenda | 2 W20e, W20e Firmware | 2025-03-26 | N/A | 9.8 CRITICAL |
| Tenda W20E v15.11.0.6 was discovered to contain multiple stack overflows in the function formSetStaticRoute via the parameters staticRouteNet, staticRouteMask, staticRouteGateway, staticRouteWAN. | |||||
| CVE-2025-29218 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-26 | N/A | 6.5 MEDIUM |
| Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow in the wifiPwd parameter at /goform/setModules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2024-46434 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-25 | N/A | 8.8 HIGH |
| Tenda W18E V16.01.0.8(1625) suffers from authentication bypass in the web management portal allowing an unauthorized remote attacker to gain administrative access by sending a specially crafted HTTP request. | |||||
| CVE-2024-46433 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-25 | N/A | 8.8 HIGH |
| A default credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using the default rzadmin account with administrative privileges. | |||||
| CVE-2024-46432 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-25 | N/A | 8.8 HIGH |
| Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. An attacker can send a specially crafted HTTP POST request to the setQuickCfgWifiAndLogin function, which allows unauthorized changes to WiFi configuration settings and administrative credentials. | |||||
| CVE-2024-46431 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-25 | N/A | 8.0 HIGH |
| Tenda W18E V16.01.0.8(1625) is vulnerable to Buffer Overflow. An attacker with access to the web management portal can exploit this vulnerability by sending specially crafted data to the delWewifiPic function. | |||||
| CVE-2024-46430 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-25 | N/A | 6.5 MEDIUM |
| Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. Unauthorized password change via the web management portal allows an unauthenticated remote attacker to change the administrator password by sending a specially crafted HTTP POST request to the setLoginPassword function, bypassing the authentication mechanism. | |||||
| CVE-2024-46435 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-25 | N/A | 8.0 HIGH |
| A stack overflow vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an authenticated remote attacker to cause a denial of service or potentially execute arbitrary code. This vulnerability occurs due to improper input validation when handling user-supplied data in the delFacebookPic function. | |||||
| CVE-2024-46436 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-25 | N/A | 8.3 HIGH |
| Hardcoded credentials in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to gain root access to the device over the telnet service. | |||||
| CVE-2024-46437 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-25 | N/A | 6.5 MEDIUM |
| A sensitive information disclosure vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an unauthenticated remote attacker to retrieve sensitive configuration information, including WiFi SSID, WiFi password, and base64-encoded administrator credentials, by sending a specially crafted HTTP POST request to the getQuickCfgWifiAndLogin function, bypassing authentication checks. | |||||
| CVE-2025-29217 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-25 | N/A | 6.5 MEDIUM |
| Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow in the wifiSSID parameter at /goform/setModules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2025-29215 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2025-03-25 | N/A | 6.5 MEDIUM |
| Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow via the sub_43fdcc function at /goform/SetNetControlList. | |||||
| CVE-2025-29214 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2025-03-25 | N/A | 7.5 HIGH |
| Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow via the sub_42F69C function at /goform/setMacFilterCfg. | |||||
| CVE-2025-29101 | 1 Tenda | 2 Ac8, Ac8 Firmware | 2025-03-25 | N/A | 7.5 HIGH |
| Tenda AC8V4.0 V16.03.34.06 was discovered to contain a stack overflow via the deviceid parameter in the get_parentControl_list_Info function. | |||||
| CVE-2024-42978 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2025-03-25 | N/A | 9.8 CRITICAL |
| An issue in the handler function in /goform/telnet of Tenda FH1206 v02.03.01.35 allows attackers to execute arbitrary commands via a crafted HTTP request. | |||||
| CVE-2023-24332 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-03-25 | N/A | 8.1 HIGH |
| A stack overflow vulnerability in Tenda AC6 with firmware version US_AC6V5.0re_V03.03.02.01_cn_TDC01 allows attackers to run arbitrary commands via crafted POST request to /goform/PowerSaveSet. | |||||
| CVE-2023-24333 | 1 Tenda | 2 Ac21, Ac21 Firmware | 2025-03-25 | N/A | 8.8 HIGH |
| A stack overflow vulnerability in Tenda AC21 with firmware version US_AC21V1.0re_V16.03.08.15_cn_TDC01 allows attackers to run arbitrary commands via crafted POST request to /goform/openSchedWifi. | |||||
| CVE-2023-24334 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2025-03-25 | N/A | 8.0 HIGH |
| A stack overflow vulnerability in Tenda AC23 with firmware version US_AC23V1.0re_V16.03.07.45_cn_TDC01 allows attackers to run arbitrary commands via schedStartTime parameter. | |||||
| CVE-2024-30620 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2025-03-25 | N/A | 9.8 CRITICAL |
| Tenda AX1803 v1.0.0.1 contains a stack overflow via the serviceName parameter in the function fromAdvSetMacMtuWan. | |||||
| CVE-2024-57582 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-03-22 | N/A | 9.8 CRITICAL |
| Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the startIP parameter in the formSetPPTPServer function. | |||||