Vulnerabilities (CVE)

Filtered by vendor Tenda Subscribe
Total 800 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-27080 1 Tenda 2 M3, M3 Firmware 2024-02-28 10.0 HIGH 9.8 CRITICAL
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setWorkmode.
CVE-2021-42659 1 Tenda 2 Ac9, Ac9 Firmware 2024-02-28 6.1 MEDIUM 6.5 MEDIUM
There is a buffer overflow vulnerability in the Web server httpd of the router in Tenda router devices such as Tenda AC9 V1.0 V15.03.02.19(6318) and Tenda AC9 V3.0 V15.03.06.42_multi. When setting the virtual service, the httpd program will crash and exit when the super-long list parameter occurs.
CVE-2022-26536 1 Tenda 2 M3, M3 Firmware 2024-02-28 10.0 HIGH 9.8 CRITICAL
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setFixTools.
CVE-2022-25558 1 Tenda 2 Ax1806, Ax1806 Firmware 2024-02-28 7.8 HIGH 7.5 HIGH
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetProvince. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ProvinceCode parameter.
CVE-2022-25435 1 Tenda 2 Ac9, Ac9 Firmware 2024-02-28 10.0 HIGH 9.8 CRITICAL
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetStaticRoutecfg function.
CVE-2021-46321 1 Tenda 2 Ac11, Ac11 Firmware 2024-02-28 7.5 HIGH 9.8 CRITICAL
Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the wifiBasicCfg module. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.
CVE-2022-28082 1 Tenda 2 Ax12, Ax12 Firmware 2024-02-28 7.5 HIGH 9.8 CRITICAL
Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the list parameter at /goform/SetNetControlList.
CVE-2022-25560 1 Tenda 2 Ax12, Ax12 Firmware 2024-02-28 7.8 HIGH 7.5 HIGH
Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_4327CC. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.
CVE-2021-45392 1 Tenda 2 Ax12, Ax12 Firmware 2024-02-28 7.8 HIGH 7.5 HIGH
A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01.21_CN in the sub_422CE4 function in page /goform/setIPv6Status via the prefixDelegate parameter, which causes a Denial of Service.
CVE-2022-25566 1 Tenda 2 Ax1806, Ax1806 Firmware 2024-02-28 7.8 HIGH 7.5 HIGH
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter.
CVE-2022-25561 1 Tenda 2 Ax12, Ax12 Firmware 2024-02-28 7.8 HIGH 7.5 HIGH
Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_42DE00. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.
CVE-2022-25549 1 Tenda 2 Ax1806, Ax1806 Firmware 2024-02-28 7.8 HIGH 7.5 HIGH
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsEn parameter.
CVE-2021-45391 1 Tenda 2 Ax12, Ax12 Firmware 2024-02-28 5.0 MEDIUM 7.5 HIGH
A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01.21_CN in the sub_422CE4 function in the goform/setIPv6Status binary file /usr/sbin/httpd via the conType parameter, which causes a Denial of Service.
CVE-2022-25449 1 Tenda 2 Ac6, Ac6 Firmware 2024-02-28 10.0 HIGH 9.8 CRITICAL
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the deviceId parameter in the saveParentControlInfo function.
CVE-2022-30033 1 Tenda 2 Tx9 Pro, Tx9 Pro Firmware 2024-02-28 7.8 HIGH 7.5 HIGH
Tenda TX9 Pro V22.03.02.10 is vulnerable to Buffer Overflow via the functtion setIPv6Status() in httpd module.
CVE-2022-26278 1 Tenda 2 Ac9, Ac9 Firmware 2024-02-28 10.0 HIGH 9.8 CRITICAL
Tenda AC9 v15.03.2.21_cn was discovered to contain a stack overflow via the time parameter in the PowerSaveSet function.
CVE-2020-26728 1 Tenda 2 Ac9, Ac9 Firmware 2024-02-28 7.5 HIGH 9.8 CRITICAL
A vulnerability was discovered in Tenda AC9 v3.0 V15.03.06.42_multi and Tenda AC9 V1.0 V15.03.05.19(6318)_CN which allows for remote code execution via shell metacharacters in the guestuser field to the __fastcall function with a POST request.
CVE-2022-30477 1 Tenda 2 Ac18, Ac18 Firmware 2024-02-28 7.5 HIGH 9.8 CRITICAL
Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetClientState request.
CVE-2022-25557 1 Tenda 2 Ax1806, Ax1806 Firmware 2024-02-28 7.8 HIGH 7.5 HIGH
Tenda AX1806 v1.0.0.1 was discovered to contain a heap overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the urls parameter.
CVE-2021-46393 1 Tenda 2 Ax3, Ax3 Firmware 2024-02-28 7.5 HIGH 9.8 CRITICAL
There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v10 variable is directly retrieved from the http request parameter startIp. Then v10 will be splice to stack by function sscanf without any security check,which causes stack overflow. By POSTing the page /goform/SetPptpServerCfg with proper startIp, the attacker can easily perform remote code execution with carefully crafted overflow data.