Total
                    88 CVE
                
            | CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 | 
|---|---|---|---|---|---|
| CVE-2018-14558 | 1 Tenda | 6 Ac10, Ac10 Firmware, Ac7 and 3 more | 2025-10-22 | 10.0 HIGH | 9.8 CRITICAL | 
| An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted goform/setUsbUnload request. This occurs because the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input. | |||||
| CVE-2025-57639 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2025-09-25 | N/A | 6.5 MEDIUM | 
| OS Command injection vulnerability in Tenda AC9 1.0 was discovered to contain a command injection vulnerability via the usb.samba.guest.user parameter in the formSetSambaConf function of the httpd file. | |||||
| CVE-2025-57638 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2025-09-25 | N/A | 7.5 HIGH | 
| Buffer overflow vulnerability in Tenda AC9 1.0 via the user supplied sys.vendor configuration value. | |||||
| CVE-2025-10442 | 1 Tenda | 4 Ac15, Ac15 Firmware, Ac9 and 1 more | 2025-09-19 | 6.5 MEDIUM | 6.3 MEDIUM | 
| A vulnerability was determined in Tenda AC9 and AC15 15.03.05.14. This affects the function formexeCommand of the file /goform/exeCommand. This manipulation of the argument cmdinput causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-10443 | 1 Tenda | 4 Ac15, Ac15 Firmware, Ac9 and 1 more | 2025-09-19 | 9.0 HIGH | 8.8 HIGH | 
| A vulnerability was identified in Tenda AC9 and AC15 15.03.05.14/15.03.05.18. This vulnerability affects the function formexeCommand of the file /goform/exeCommand. Such manipulation of the argument cmdinput leads to buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. | |||||
| CVE-2025-9731 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2025-09-04 | 1.0 LOW | 2.5 LOW | 
| A vulnerability was determined in Tenda AC9 15.03.05.19. The impacted element is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation causes hard-coded credentials. It is possible to launch the attack on the local host. The attack's complexity is rated as high. The exploitability is regarded as difficult. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-5900 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2025-06-16 | 5.0 MEDIUM | 4.3 MEDIUM | 
| A vulnerability, which was classified as problematic, was found in Tenda AC9 15.03.02.13. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-38823 | 1 Tenda | 8 Ac18, Ac18 Firmware, Ac19 and 5 more | 2025-06-10 | N/A | 9.8 CRITICAL | 
| Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 and v.1.0 allows a remote attacker to execute arbitrary code via the formSetCfm function in bin/httpd. | |||||
| CVE-2025-5836 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2025-06-09 | 6.5 MEDIUM | 6.3 MEDIUM | 
| A vulnerability was found in Tenda AC9 15.03.02.13. It has been rated as critical. This issue affects the function formSetIptv of the file /goform/SetIPTVCfg of the component POST Request Handler. The manipulation of the argument list leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5839 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2025-06-09 | 9.0 HIGH | 8.8 HIGH | 
| A vulnerability, which was classified as critical, has been found in Tenda AC9 15.03.02.13. Affected by this issue is the function fromadvsetlanip of the file /goform/AdvSetLanip of the component POST Request Handler. The manipulation of the argument lanMask leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5847 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2025-06-09 | 9.0 HIGH | 8.8 HIGH | 
| A vulnerability has been found in Tenda AC9 15.03.02.13 and classified as critical. Affected by this vulnerability is the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg of the component HTTP POST Request Handler. The manipulation of the argument remoteIp leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-44877 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2025-05-27 | N/A | 9.8 CRITICAL | 
| Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formSetSambaConf function via the usbname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2025-44872 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2025-05-27 | N/A | 9.8 CRITICAL | 
| Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via the deviceName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2024-24543 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2025-05-15 | N/A | 9.8 CRITICAL | 
| Buffer Overflow vulnerability in the function setSchedWifi in Tenda AC9 v.3.0, firmware version v.15.03.06.42_multi allows a remote attacker to cause a denial of service or run arbitrary code via crafted overflow data. | |||||
| CVE-2025-45042 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2025-05-07 | N/A | 9.8 CRITICAL | 
| Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet function. | |||||
| CVE-2025-45428 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2025-04-30 | N/A | 9.8 CRITICAL | 
| In Tenda ac9 v1.0 with firmware V15.03.05.14_multi, the rebootTime parameter of /goform/SetSysAutoRebbotCfg has a stack overflow vulnerability, which can lead to remote arbitrary code execution. | |||||
| CVE-2025-45429 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2025-04-30 | N/A | 9.8 CRITICAL | 
| In the Tenda ac9 v1.0 router with firmware V15.03.05.14_multi, there is a stack overflow vulnerability in /goform/WifiWpsStart, which may lead to remote arbitrary code execution. | |||||
| CVE-2025-45427 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2025-04-30 | N/A | 9.8 CRITICAL | 
| In Tenda AC9 v1.0 with firmware V15.03.05.14_multi, the security parameter of /goform/WifiBasicSet has a stack overflow vulnerability, which can lead to remote arbitrary code execution. | |||||
| CVE-2017-16923 | 1 Tenda | 6 Ac15, Ac15 Firmware, Ac18 and 3 more | 2025-04-20 | 8.3 HIGH | 8.8 HIGH | 
| Command Injection vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated attackers to execute arbitrary OS commands via a crafted cgi-bin/luci/usbeject?dev_name= GET request from the LAN. This occurs because the "sub_A6E8 usbeject_process_entry" function executes a system function with untrusted input. | |||||
| CVE-2017-16936 | 1 Tenda | 6 Ac15, Ac15 Firmware, Ac18 and 3 more | 2025-04-20 | 3.3 LOW | 6.5 MEDIUM | 
| Directory Traversal vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated attackers to read arbitrary files via a cgi-bin/luci/request?op=1&path= URI that uses directory traversal sequences after a /usb/ substring. | |||||
