TendacnCVEs & Vulnerabilities

146 CVEs affecting Tendacn products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

g3 firmware 30g3 28ac6 27ac6 firmware 27ac9 25g1 firmware 25ac9 firmware 24ac10u firmware 23
CVE-2023-44017CRITICAL

Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the timeZone parameter in the fromSetSysTime function.

27 Sep 2023
9.8
CVSS
CVE-2023-44016CRITICAL

Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function.

27 Sep 2023
9.8
CVSS
CVE-2023-44015CRITICAL

Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the schedEndTime parameter in the setSchedWifi function.

27 Sep 2023
9.8
CVSS
CVE-2023-44014CRITICAL

Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain multiple stack overflows in the formSetMacFilterCfg function via the macFilterType and deviceList parameters.

27 Sep 2023
9.8
CVSS
CVE-2023-44013CRITICAL

Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the list parameter in the fromSetIpMacBind function.

27 Sep 2023
9.8
CVSS
CVE-2023-40942CRITICAL

Tenda AC9 V3.0BR_V15.03.06.42_multi_TD01 was discovered stack overflow via parameter 'firewall_value' at url /goform/SetFirewallCfg.

7 Sep 2023
9.8
CVSS
CVE-2023-37144CRITICAL

Tenda AC10 v15.03.06.26 was discovered to contain a command injection vulnerability via the mac parameter in the function formWriteFacMac.

7 Jul 2023
9.8
CVSS
CVE-2022-45661HIGH

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the time parameter in the setSmartPowerManagement function.

2 Dec 2022
7.5
CVSS
CVE-2022-45660HIGH

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the schedStartTime parameter in the setSchedWifi function.

2 Dec 2022
7.5
CVSS
CVE-2022-45659HIGH

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the wpapsk_crypto parameter in the fromSetWirelessRepeat function.

2 Dec 2022
7.5
CVSS
CVE-2022-45658HIGH

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the schedEndTime parameter in the setSchedWifi function.

2 Dec 2022
7.5
CVSS
CVE-2022-45657HIGH

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function.

2 Dec 2022
7.5
CVSS
CVE-2022-45656HIGH

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the time parameter in the fromSetSysTime function.

2 Dec 2022
7.5
CVSS
CVE-2022-45655HIGH

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the timeZone parameter in the form_fast_setting_wifi_set function.

2 Dec 2022
7.5
CVSS
CVE-2022-45654HIGH

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the ssid parameter in the form_fast_setting_wifi_set function.

2 Dec 2022
7.5
CVSS
CVE-2022-45653HIGH

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the page parameter in the fromNatStaticSetting function.

2 Dec 2022
7.5
CVSS
CVE-2022-45652HIGH

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the startIp parameter in the formSetPPTPServer function.

2 Dec 2022
7.5
CVSS
CVE-2022-45651HIGH

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the list parameter in the formSetVirtualSer function.

2 Dec 2022
7.5
CVSS
CVE-2022-45650HIGH

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the firewallEn parameter in the formSetFirewallCfg function.

2 Dec 2022
7.5
CVSS
CVE-2022-45649HIGH

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the endIp parameter in the formSetPPTPServer function.

2 Dec 2022
7.5
CVSS
CVE-2022-45648HIGH

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the devName parameter in the formSetDeviceName function.

2 Dec 2022
7.5
CVSS
CVE-2022-45647HIGH

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the limitSpeed parameter in the formSetClientState function.

2 Dec 2022
7.5
CVSS
CVE-2022-45646HIGH

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the limitSpeedUp parameter in the formSetClientState function.

2 Dec 2022
7.5
CVSS
CVE-2022-45645HIGH

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceMac parameter in the addWifiMacFilter function.

2 Dec 2022
7.5
CVSS
CVE-2022-45644HIGH

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceId parameter in the formSetClientState function.

2 Dec 2022
7.5
CVSS
CVE-2022-45643HIGH

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceId parameter in the addWifiMacFilter function.

2 Dec 2022
7.5
CVSS
CVE-2022-40869CRITICAL

Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function fromDhcpListClient with a combined parameter "list*" ("%s%d","list").

23 Sep 2022
9.8
CVSS
CVE-2022-40865CRITICAL

Tenda AC15 and AC18 routers V15.03.05.19 contain heap overflow vulnerabilities in the function setSchedWifi with the request /goform/openSchedWifi/

23 Sep 2022
9.8
CVSS
CVE-2022-40864CRITICAL

Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function setSmartPowerManagement with the request /goform/PowerSaveSet

23 Sep 2022
9.8
CVSS
CVE-2022-40862CRITICAL

Tenda AC15 and AC18 router V15.03.05.19 contains stack overflow vulnerability in the function fromNatStaticSetting with the request /goform/NatStaticSetting

23 Sep 2022
9.8
CVSS
CVE-2022-40860CRITICAL

Tenda AC15 router V15.03.05.19 contains a stack overflow vulnerability in the function formSetQosBand->FUN_0007dd20 with request /goform/SetNetControlList

23 Sep 2022
9.8
CVSS
CVE-2022-40853CRITICAL

Tenda AC15 router V15.03.05.19 contains a stack overflow via the list parameter at /goform/fast_setting_wifi_set

23 Sep 2022
9.8
CVSS
CVE-2022-38326CRITICAL

Tenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router V15.03.05.19_multi were discovered to contain a buffer overflow via the page parameter at /goform/NatStaticSetting.

15 Sep 2022
9.8
CVSS
CVE-2022-38325CRITICAL

Tenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router V15.03.05.19_multi were discovered to contain a buffer overflow via the filePath parameter at /goform/expandDlnaFile.

15 Sep 2022
9.8
CVSS
CVE-2022-37176CRITICAL

Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains a vulnerability which allows attackers to remove the Wi-Fi password and force the device into open security mode via a crafted packet sent to goform/setWizard.

30 Aug 2022
9.8
CVSS
CVE-2022-36552HIGH

Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains an issue in the component /cgi-bin/DownloadFlash which allows attackers to steal all data such as source code and system files via a crafted GET request.

30 Aug 2022
7.5
CVSS
CVE-2022-36233MEDIUM

Tenda AC9 V15.03.2.13 is vulnerable to Buffer Overflow via httpd, form_fast_setting_wifi_set. httpd.

20 Aug 2022
5.5
CVSS
CVE-2022-32386CRITICAL

Tenda AC23 v16.03.07.44 was discovered to contain a buffer overflow via fromAdvSetMacMtuWan.

6 Jul 2022
9.8
CVSS
CVE-2022-32385CRITICAL

Tenda AC23 v16.03.07.44 is vulnerable to Stack Overflow that will allow for the execution of arbitrary code (remote).

6 Jul 2022
9.8
CVSS
CVE-2022-32383CRITICAL

Tenda AC23 v16.03.07.44 was discovered to contain a stack overflow via the AdvSetMacMtuWan function.

6 Jul 2022
9.8
CVSS
CVE-2022-32384HIGH

Tenda AC23 v16.03.07.44 was discovered to contain a stack overflow via the security_5g parameter in the function formWifiBasicSet.

2 Jul 2022
8.8
CVSS
CVE-2022-26243HIGH

Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow in the setSmartPowerManagement function.

23 Mar 2022
7.5
CVSS
CVE-2021-38772HIGH

Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function.

23 Mar 2022
7.5
CVSS
CVE-2021-38278CRITICAL

Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow via the urls parameter in the saveParentControlInfo function.

23 Mar 2022
9.8
CVSS
CVE-2021-45401CRITICAL

A Command injection vulnerability exists in Tenda AC10U AC1200 Smart Dual-band Wireless Router AC10U V1.0 Firmware V15.03.06.49_multi via the setUsbUnload functionality. The vulnerability is caused because the client controlled "deviceName" value is passed directly to the "doSystemCmd" function.

18 Feb 2022
9.8
CVSS
CVE-2022-24172HIGH

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formAddDhcpBindRule. This vulnerability allows attackers to cause a Denial of Service (DoS) via the addDhcpRules parameter.

4 Feb 2022
7.5
CVSS
CVE-2022-24171CRITICAL

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetPppoeServer. This vulnerability allows attackers to execute arbitrary commands via the pppoeServerIP, pppoeServerStartIP, and pppoeServerEndIP parameters.

4 Feb 2022
9.8
CVSS
CVE-2022-24170CRITICAL

Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetIpSecTunnel. This vulnerability allows attackers to execute arbitrary commands via the IPsecLocalNet and IPsecRemoteNet parameters.

4 Feb 2022
9.8
CVSS
Tendacn CVEs & Vulnerabilities — 146 Tracked — Page 2