Total
73 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2025-25457 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-04-22 | N/A | 7.5 HIGH |
Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via cloneType2. | |||||
CVE-2025-25453 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-04-22 | N/A | 4.6 MEDIUM |
Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via serviceName2. | |||||
CVE-2025-25458 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-04-22 | N/A | 4.6 MEDIUM |
Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via serverName2. | |||||
CVE-2025-25456 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-04-22 | N/A | 9.8 CRITICAL |
Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via mac2. | |||||
CVE-2025-25454 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-04-22 | N/A | 7.5 HIGH |
Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanSpeed2. | |||||
CVE-2025-25455 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-04-22 | N/A | 7.5 HIGH |
Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanMTU2. | |||||
CVE-2022-46109 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-04-17 | N/A | 7.5 HIGH |
Tenda AC15 V15.03.06.23 is vulnerable to Buffer Overflow via function formSetClientState. | |||||
CVE-2025-3161 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-04-09 | 9.0 HIGH | 8.8 HIGH |
A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. This issue affects the function ShutdownSetAdd of the file /goform/ShutdownSetAdd. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2018-14558 | 1 Tenda | 6 Ac10, Ac10 Firmware, Ac7 and 3 more | 2025-03-20 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted goform/setUsbUnload request. This occurs because the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input. | |||||
CVE-2025-25675 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-03-17 | N/A | 9.8 CRITICAL |
Tenda AC10 V1.0 V15.03.06.23 has a command injection vulnerablility located in the formexeCommand function. The str variable receives the cmdinput parameter from a POST request and is later assigned to the cmd_buf variable, which is directly used in the doSystemCmd function, causing an arbitrary command execution. | |||||
CVE-2025-25674 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-03-17 | N/A | 9.8 CRITICAL |
Tenda AC10 V1.0 V15.03.06.23 is vulnerable to Buffer Overflow in form_fast_setting_wifi_set via the parameter ssid. | |||||
CVE-2024-32317 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-03-17 | N/A | 7.5 HIGH |
Tenda AC10 v4.0 V16.03.10.13 and V16.03.10.20 firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting function. | |||||
CVE-2024-25373 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-03-17 | N/A | 4.6 MEDIUM |
Tenda AC10V4.0 V16.03.10.20 was discovered to contain a stack overflow via the page parameter in the sub_49B384 function. | |||||
CVE-2023-27016 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-02-12 | N/A | 9.8 CRITICAL |
Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the R7WebsSecurityHandler function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | |||||
CVE-2023-27015 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-02-12 | N/A | 9.8 CRITICAL |
Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_4A75C0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | |||||
CVE-2023-27014 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-02-12 | N/A | 9.8 CRITICAL |
Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_46AC38 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | |||||
CVE-2023-27013 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-02-12 | N/A | 9.8 CRITICAL |
Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | |||||
CVE-2023-27012 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-02-12 | N/A | 9.8 CRITICAL |
Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the setSchedWifi function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | |||||
CVE-2023-27019 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-02-12 | N/A | 9.8 CRITICAL |
Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_458FBC function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | |||||
CVE-2023-27021 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-02-12 | N/A | 9.8 CRITICAL |
Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the formSetFirewallCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. |