Shodan
Vulnerabilities
Vulnerable Software
Tenda:  >> Ax9 Firmware  Security Vulnerabilities
CVE-2025-14636
A security flaw has been discovered in Tenda AX9 22.03.01.46. This affects the function image_check of the component httpd. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high complexity level is associated with this attack. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be exploited.
CVSS Score
3.7
EPSS Score
0.0
Published
2025-12-13
CVE-2024-39963
AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX9 V22.03.01.46 and AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX12 V1.0 V22.03.01.46 were discovered to contain an authenticated remote command execution (RCE) vulnerability via the macFilterType parameter at /goform/setMacFilterCfg.
CVSS Score
8.0
EPSS Score
0.013
Published
2024-07-19
CVE-2023-47422
An access control issue in /usr/sbin/httpd in Tenda TX9 V1 V22.03.02.54, Tenda AX3 V3 V16.03.12.11, Tenda AX9 V1 V22.03.01.46, and Tenda AX12 V1 V22.03.01.46 allows attackers to bypass authentication on any endpoint via a crafted URL.
CVSS Score
8.8
EPSS Score
0.0
Published
2024-02-20
CVE-2023-49429
Tenda AX9 V22.03.01.46 was discovered to contain a SQL command injection vulnerability in the 'setDeviceInfo' feature through the 'mac' parameter at /goform/setModules.
CVSS Score
9.8
EPSS Score
0.019
Published
2023-12-07
CVE-2023-49430
Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetStaticRouteCfg.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-12-07
CVE-2023-49431
Tenda AX9 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac' parameter at /goform/SetOnlineDevName.
CVSS Score
9.8
EPSS Score
0.02
Published
2023-12-07
CVE-2023-49432
Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'deviceList' parameter at /goform/setMacFilterCfg.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-12-07
CVE-2023-49433
Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetVirtualServerCfg.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-12-07
CVE-2023-49434
Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetNetControlList.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-12-07
CVE-2023-49435
Tenda AX9 V22.03.01.46 is vulnerable to command injection.
CVSS Score
9.8
EPSS Score
0.044
Published
2023-12-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved