Tenda: >> Ac9 Firmware Security Vulnerabilities
In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.
CVSS Score
9.8
EPSS Score
0.122
Published
2025-03-14
In Tenda AC9 v1.0 V15.03.05.14_multi, the cloneType parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.
CVSS Score
9.8
EPSS Score
0.004
Published
2025-03-14
In Tenda AC9 v1.0 V15.03.05.14_multi, the mac parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.
CVSS Score
9.8
EPSS Score
0.004
Published
2025-03-14
In Tenda AC9 v1.0 V15.03.05.14_multi, the wanSpeed parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.
CVSS Score
7.1
EPSS Score
0.003
Published
2025-03-14
Tenda ac9 v1.0 firmware v15.03.05.19 is vulnerable to command injection in /goform/SetSambaCfg, which may lead to remote arbitrary code execution.
CVSS Score
9.8
EPSS Score
0.018
Published
2025-01-10
Tenda ac9 v1.0 firmware v15.03.05.19 contains a stack overflow vulnerability in /goform/SetOnlineDevName, which may lead to remote arbitrary code execution.
CVSS Score
9.8
EPSS Score
0.005
Published
2025-01-10
A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
6.5
EPSS Score
0.003
Published
2024-10-23
A Command Injection vulnerability exists in formWriteFacMac of the httpd binary in Tenda AC9 v15.03.06.42. As a result, attacker can execute OS commands with root privileges.
CVSS Score
9.8
EPSS Score
0.054
Published
2024-08-16
A Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the fromSetSysTime function.
CVSS Score
9.8
EPSS Score
0.046
Published
2024-02-26
A Stack Based Buffer Overflow vulnerability in tenda AC9 AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the fromSetIpMacBind function.
CVSS Score
8.8
EPSS Score
0.01
Published
2024-02-22