Filtered by vendor Tenda
Subscriptions
Filtered by product Ac15
Subscriptions
Total
75 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-10442 | 1 Tenda | 4 Ac15, Ac15 Firmware, Ac9 and 1 more | 2025-09-19 | 6.3 Medium |
| A vulnerability was determined in Tenda AC9 and AC15 15.03.05.14. This affects the function formexeCommand of the file /goform/exeCommand. This manipulation of the argument cmdinput causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-10443 | 1 Tenda | 4 Ac15, Ac15 Firmware, Ac9 and 1 more | 2025-09-19 | 8.8 High |
| A vulnerability was identified in Tenda AC9 and AC15 15.03.05.14/15.03.05.18. This vulnerability affects the function formexeCommand of the file /goform/exeCommand. Such manipulation of the argument cmdinput leads to buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. | ||||
| CVE-2025-55564 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-09-03 | 7.5 High |
| Tenda AC15 v15.03.05.19_multi_TD01 has a stack overflow via the list parameter in the fromSetIpMacBind function. | ||||
| CVE-2024-4291 | 1 Tenda | 3 A301, A301 Firmware, Ac15 | 2025-08-27 | 8.8 High |
| A vulnerability was found in Tenda A301 15.13.08.12_multi_TDE01. It has been rated as critical. This issue affects the function formAddMacfilterRule of the file /goform/setBlackRule. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-262223. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-8979 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-08-18 | 6.6 Medium |
| A vulnerability was identified in Tenda AC15 15.13.07.13. Affected by this vulnerability is the function check_fw_type/split_fireware/check_fw of the component Firmware Update Handler. The manipulation leads to insufficient verification of data authenticity. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2020-10987 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-07-30 | 9.8 Critical |
| The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter. | ||||
| CVE-2025-0566 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-07-01 | 8.8 High |
| A vulnerability classified as critical has been found in Tenda AC15 15.13.07.13. This affects the function formSetDevNetName of the file /goform/SetDevNetName. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-32303 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-06-30 | 8 High |
| Tenda AC15 v15.03.20_multi, v15.03.05.19, and v15.03.05.18 firmware has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function. | ||||
| CVE-2025-5848 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-06-09 | 8.8 High |
| A vulnerability was found in Tenda AC15 15.03.05.19_multi and classified as critical. Affected by this issue is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component HTTP POST Request Handler. The manipulation of the argument list leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-5849 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-06-09 | 8.8 High |
| A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been classified as critical. This affects the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg of the component HTTP POST Request Handler. The manipulation of the argument remoteIp leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-5850 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-06-09 | 8.8 High |
| A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been declared as critical. This vulnerability affects the function formsetschedled of the file /goform/SetLEDCf of the component HTTP POST Request Handler. The manipulation of the argument Time leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-5851 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-06-09 | 8.8 High |
| A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been rated as critical. This issue affects the function fromadvsetlanip of the file /goform/AdvSetLanip of the component HTTP POST Request Handler. The manipulation of the argument lanMask leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-40851 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-05-22 | 9.8 Critical |
| Tenda AC15 V15.03.05.19 contained a stack overflow via the function fromAddressNat. | ||||
| CVE-2022-43259 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-05-12 | 7.5 High |
| Tenda AC15 V15.03.05.18 was discovered to contain a stack overflow via the timeZone parameter in the form_fast_setting_wifi_set function. | ||||
| CVE-2022-44169 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-04-29 | 7.5 High |
| Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function formSetVirtualSer. | ||||
| CVE-2022-44156 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-04-29 | 7.5 High |
| Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetIpMacBind. | ||||
| CVE-2022-44168 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-04-29 | 7.5 High |
| Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function fromSetRouteStatic.. | ||||
| CVE-2022-44167 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-04-29 | 7.5 High |
| Tenda AC15 V15.03.05.18 is avulnerable to Buffer Overflow via function formSetPPTPServer. | ||||
| CVE-2025-3786 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-04-22 | 8.8 High |
| A vulnerability was found in Tenda AC15 up to 15.03.05.19 and classified as critical. This issue affects the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument mac leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-29462 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-04-22 | 9.8 Critical |
| A buffer overflow vulnerability has been discovered in Tenda Ac15 V15.13.07.13. The vulnerability occurs when the webCgiGetUploadFile function calls the socketRead function to process HTTP request messages, resulting in the overwriting of a buffer on the stack. | ||||