Tenda: Security Vulnerabilities
A vulnerability classified as critical has been found in Tenda AC15 15.13.07.13. This affects the function formSetDevNetName of the file /goform/SetDevNetName. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
8.7
EPSS Score
0.08
Published
2025-01-19
A vulnerability, which was classified as critical, has been found in Tenda AC8, AC10 and AC18 16.03.10.20. Affected by this issue is some unknown functionality of the file /goform/telnet of the component HTTP Request Handler. The manipulation leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
8.6
EPSS Score
0.058
Published
2025-01-17
Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability. Affected by this vulnerability is the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedEndTime leads to stack-based buffer overflow.
CVSS Score
9.8
EPSS Score
0.005
Published
2025-01-16
Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability. Affected by this vulnerability is the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime leads to stack-based buffer overflow.
CVSS Score
8.8
EPSS Score
0.004
Published
2025-01-16
Incorrect access control in Tenda AC1200 Smart Dual-Band WiFi Router Model AC6 v2.0 Firmware v15.03.06.50 allows attackers to bypass authentication via a crafted web request.
CVSS Score
8.1
EPSS Score
0.003
Published
2025-01-16
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the limitSpeedUp parameter in the formSetClientState function.
CVSS Score
9.8
EPSS Score
0.007
Published
2025-01-16
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function.
CVSS Score
9.8
EPSS Score
0.007
Published
2025-01-16
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function.
CVSS Score
9.8
EPSS Score
0.007
Published
2025-01-16
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the startIP parameter in the formSetPPTPServer function.
CVSS Score
9.8
EPSS Score
0.007
Published
2025-01-16
Tenda AC18 V15.03.05.19 was discovered to contain a command injection vulnerability via the usbName parameter in the formSetSambaConf function.
CVSS Score
9.8
EPSS Score
0.015
Published
2025-01-16