Tenda: Security Vulnerabilities
Tenda FH451 V1.0.0.9 has a stack overflow vulnerability in the function.P2pListFilter.
CVSS Score
9.8
EPSS Score
0.005
Published
2025-05-09
Tenda FH451 V1.0.0.9 has a stack overflow vulnerability in the function.frmL7ImForm.
CVSS Score
6.5
EPSS Score
0.002
Published
2025-05-07
There is a stack overflow vulnerability in Tenda RX3 V1.0br_V16.03.13.11 In the fromSetWifiGusetBasic function of the web url /goform/ WifiGuestSet, the manipulation of the parameter shareSpeed leads to stack overflow.
CVSS Score
9.8
EPSS Score
0.004
Published
2025-05-06
In Tenda RX3 V1.0br_V16.03.13.11 in the GetParentControlInfo function of the web url /goform/GetParentControlInfo, the manipulation of the parameter mac leads to stack overflow.
CVSS Score
6.5
EPSS Score
0.002
Published
2025-05-06
A vulnerability, which was classified as critical, was found in Tenda AC8 16.03.34.06. Affected is the function formGetRouterStatus of the file /goform/MtuSetMacWan. The manipulation of the argument shareSpeed leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
8.7
EPSS Score
0.007
Published
2025-05-06
A vulnerability was found in Tenda RX3 16.03.13.11_multi. It has been rated as critical. This issue affects some unknown processing of the file /goform/telnet. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
5.1
EPSS Score
0.117
Published
2025-05-06
A vulnerability was found in Tenda AC1206 up to 15.03.06.23. It has been rated as critical. This issue affects the function setSchedWifi of the file /goform/openSchedWifi. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
8.7
EPSS Score
0.007
Published
2025-05-06
A vulnerability was found in Tenda AC1206 up to 15.03.06.23. It has been declared as critical. This vulnerability affects the function formSetCfm of the file /goform/setcfm. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
8.7
EPSS Score
0.009
Published
2025-05-06
Tenda AC9 v15.03.05.14 was discovered to contain a command injection vulnerability via the Telnet function.
CVSS Score
9.8
EPSS Score
0.018
Published
2025-05-05
Tenda AC9 V15.03.06.42_multi was found to contain a command injection vulnerability in the formsetUsbUnload function via the deviceName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS Score
9.8
EPSS Score
0.02
Published
2025-05-02