Filtered by vendor Tenda
Subscriptions
Total
1468 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-10442 | 1 Tenda | 4 Ac15, Ac15 Firmware, Ac9 and 1 more | 2025-09-19 | 6.3 Medium |
| A vulnerability was determined in Tenda AC9 and AC15 15.03.05.14. This affects the function formexeCommand of the file /goform/exeCommand. This manipulation of the argument cmdinput causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-10443 | 1 Tenda | 4 Ac15, Ac15 Firmware, Ac9 and 1 more | 2025-09-19 | 8.8 High |
| A vulnerability was identified in Tenda AC9 and AC15 15.03.05.14/15.03.05.18. This vulnerability affects the function formexeCommand of the file /goform/exeCommand. Such manipulation of the argument cmdinput leads to buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. | ||||
| CVE-2025-57062 | 1 Tenda | 2 G3, G3 Firmware | 2025-09-18 | 7.5 High |
| Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the delDhcpIndex parameter in the formDelDhcpRule function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | ||||
| CVE-2025-57069 | 1 Tenda | 2 G3, G3 Firmware | 2025-09-18 | 7.5 High |
| Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the pPppUser parameter in the getsinglepppuser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | ||||
| CVE-2025-57070 | 1 Tenda | 2 G3, G3 Firmware | 2025-09-18 | 7.5 High |
| Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the gstUp parameter in the guestWifiRuleRefresh function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | ||||
| CVE-2025-57087 | 1 Tenda | 2 W30e, W30e Firmware | 2025-09-18 | 7.5 High |
| Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the countryCode parameter in the werlessAdvancedSet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | ||||
| CVE-2025-57071 | 1 Tenda | 2 G3, G3 Firmware | 2025-09-18 | 7.5 High |
| Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the vpnUsers parameter in the formAddVpnUsers function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | ||||
| CVE-2025-57072 | 1 Tenda | 2 G3, G3 Firmware | 2025-09-18 | 7.5 High |
| Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the staticRouteGateway parameter in the formSetStaticRoute function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | ||||
| CVE-2025-57569 | 1 Tenda | 2 F3, F3 Firmware | 2025-09-17 | 5.6 Medium |
| Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the portList parameter in /goform/setNAT. | ||||
| CVE-2025-57570 | 1 Tenda | 2 F3, F3 Firmware | 2025-09-17 | 5.6 Medium |
| Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the QosList parameter in goform/setQoS. | ||||
| CVE-2025-57571 | 1 Tenda | 2 F3, F3 Firmware | 2025-09-17 | 5.6 Medium |
| Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow. via the macFilterList parameter in goform/setNAT. | ||||
| CVE-2025-57572 | 1 Tenda | 2 F3, F3 Firmware | 2025-09-17 | 5.6 Medium |
| Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the onlineList parameter in goform/setParentControl. | ||||
| CVE-2025-57573 | 1 Tenda | 2 F3, F3 Firmware | 2025-09-17 | 5.6 Medium |
| Tenda F3 V12.01.01.48_multi and after is vulnerable to Buffer Overflow via the wifiTimeClose parameter in goform/setWifi. | ||||
| CVE-2025-57078 | 1 Tenda | 2 G3, G3 Firmware | 2025-09-17 | 7.5 High |
| Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the pppoeServerWhiteMacIndex parameter in the formModifyPppAuthWhiteMac function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | ||||
| CVE-2025-57085 | 1 Tenda | 2 W30e, W30e Firmware | 2025-09-17 | 9.8 Critical |
| Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the v17 parameter in the UploadCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | ||||
| CVE-2025-57086 | 1 Tenda | 2 W30e, W30e Firmware | 2025-09-17 | 7.5 High |
| Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the String parameter in the formDeleteMeshNode function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | ||||
| CVE-2025-57060 | 1 Tenda | 2 G3, G3 Firmware | 2025-09-17 | 7.5 High |
| Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the rules parameter in the dns_forward_rule_store function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | ||||
| CVE-2025-10432 | 1 Tenda | 1 Ac1206 | 2025-09-17 | 9.8 Critical |
| A vulnerability was found in Tenda AC1206 15.03.06.23. This vulnerability affects the function check_param_changed of the file /goform/AdvSetMacMtuWa of the component HTTP Request Handler. Performing manipulation of the argument wanMTU results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used. | ||||
| CVE-2025-57064 | 1 Tenda | 2 G3, G3 Firmware | 2025-09-15 | 7.5 High |
| Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the bindDhcpIndex parameter in the modifyDhcpRule function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | ||||
| CVE-2025-57063 | 1 Tenda | 2 G3, G3 Firmware | 2025-09-15 | 7.5 High |
| Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the portMappingIndex parameter in the formDelPortMapping function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | ||||