Filtered by vendor Tenda
Subscriptions
Total
1291 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-52273 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-05-28 | 9.8 Critical |
| Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (setDoublePppoeConfig->guest_ip_check(overflow arg: mask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50 | ||||
| CVE-2024-52272 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-05-28 | 9.8 Critical |
| Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (fromAdvSetLanip(overflow arg:lanMask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50 | ||||
| CVE-2024-52275 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-05-28 | 9.8 Critical |
| Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (fromWizardHandle modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50. | ||||
| CVE-2025-3236 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-05-28 | 5.3 Medium |
| A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been declared as critical. This vulnerability affects unknown code of the file /goform/VirSerDMZ of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3237 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-05-28 | 5.3 Medium |
| A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects some unknown processing of the file /goform/wrlwpsset. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0528 | 1 Tenda | 6 Ac10, Ac10 Firmware, Ac18 and 3 more | 2025-05-28 | 7.2 High |
| A vulnerability, which was classified as critical, has been found in Tenda AC8, AC10 and AC18 16.03.10.20. Affected by this issue is some unknown functionality of the file /goform/telnet of the component HTTP Request Handler. The manipulation leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-4291 | 1 Tenda | 2 A301, A301 Firmware | 2025-05-28 | 8.8 High |
| A vulnerability was found in Tenda A301 15.13.08.12_multi_TDE01. It has been rated as critical. This issue affects the function formAddMacfilterRule of the file /goform/setBlackRule. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-262223. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-44864 | 1 Tenda | 2 W20e, W20e Firmware | 2025-05-27 | 6.3 Medium |
| Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the module parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2025-44865 | 1 Tenda | 2 W20e, W20e Firmware | 2025-05-27 | 6.3 Medium |
| Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the enable parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2025-44866 | 1 Tenda | 2 W20e, W20e Firmware | 2025-05-27 | 6.3 Medium |
| Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetDebugCfg function via the level parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2025-44867 | 1 Tenda | 2 W20e, W20e Firmware | 2025-05-27 | 6.3 Medium |
| Tenda W20E V15.11.0.6 was found to contain a command injection vulnerability in the formSetNetCheckTools function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2025-4896 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-05-27 | 8.8 High |
| A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. Affected by this issue is some unknown functionality of the file /goform/UserCongratulationsExec. The manipulation of the argument getuid leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4897 | 1 Tenda | 2 A15, A15 Firmware | 2025-05-27 | 8.8 High |
| A vulnerability was found in Tenda A15 15.13.07.09/15.13.07.13. It has been classified as critical. This affects an unknown part of the file /goform/multimodalAdd of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-46631 | 1 Tenda | 2 Rx2 Pro, Rx2 Pro Firmware | 2025-05-27 | 6.5 Medium |
| Improper access controls in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to enable telnet access to the router's OS by sending a /goform/telnet web request. | ||||
| CVE-2025-46630 | 1 Tenda | 2 Rx2 Pro, Rx2 Pro Firmware | 2025-05-27 | 6.5 Medium |
| Improper access controls in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to enable 'ate' (a remote system management binary) by sending a /goform/ate web request. | ||||
| CVE-2025-46629 | 1 Tenda | 2 Rx2 Pro, Rx2 Pro Firmware | 2025-05-27 | 6.5 Medium |
| Lack of access controls in the 'ate' management binary of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to perform unauthorized configuration changes for any router where 'ate' has been enabled by sending a crafted UDP packet | ||||
| CVE-2025-46628 | 1 Tenda | 2 Rx2 Pro, Rx2 Pro Firmware | 2025-05-27 | 7.3 High |
| Lack of input validation/sanitization in the 'ate' management service in the Tenda RX2 Pro 16.03.30.14 allows an unauthorized remote attacker to gain root shell access to the device by sending a crafted UDP packet to the 'ate' service when it is enabled. Authentication is not needed. | ||||
| CVE-2025-46627 | 1 Tenda | 2 Rx2 Pro, Rx2 Pro Firmware | 2025-05-27 | 8.2 High |
| Use of weak credentials in the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated attacker to authenticate to the telnet service by calculating the root password based on easily-obtained device information. The password is based on the last two digits/octets of the MAC address. | ||||
| CVE-2025-46626 | 1 Tenda | 2 Rx2 Pro, Rx2 Pro Firmware | 2025-05-27 | 7.3 High |
| Reuse of a static AES key and initialization vector for encrypted traffic to the 'ate' management service of the Tenda RX2 Pro 16.03.30.14 allows an attacker to decrypt, replay, and/or forge traffic to the service. | ||||
| CVE-2025-46625 | 1 Tenda | 2 Rx2 Pro, Rx2 Pro Firmware | 2025-05-27 | 8.8 High |
| Lack of input validation/sanitization in the 'setLanCfg' API endpoint in httpd in the Tenda RX2 Pro 16.03.30.14 allows a remote attacker that is authorized to the web management portal to gain root shell access to the device by sending a crafted web request. This is persistent because the command injection is saved in the configuration of the device. | ||||