Total
61 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-7561 | 2 Tenda, Tendacn | 2 Ac9, Ac9 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Stack-based Buffer Overflow in httpd on Tenda AC9 devices V15.03.05.14_EN allows remote attackers to cause a denial of service or possibly have unspecified other impact. | |||||
| CVE-2017-16936 | 1 Tenda | 6 Ac15, Ac15 Firmware, Ac18 and 3 more | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| Directory Traversal vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated attackers to read arbitrary files via a cgi-bin/luci/request?op=1&path= URI that uses directory traversal sequences after a /usb/ substring. | |||||
| CVE-2017-16923 | 1 Tenda | 6 Ac15, Ac15 Firmware, Ac18 and 3 more | 2024-11-21 | 8.3 HIGH | 8.8 HIGH |
| Command Injection vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated attackers to execute arbitrary OS commands via a crafted cgi-bin/luci/usbeject?dev_name= GET request from the LAN. This occurs because the "sub_A6E8 usbeject_process_entry" function executes a system function with untrusted input. | |||||
| CVE-2024-10280 | 1 Tenda | 20 Ac10, Ac10 Firmware, Ac10u and 17 more | 2024-11-01 | 6.8 MEDIUM | 7.5 HIGH |
| A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-38823 | 1 Tenda | 8 Ac18, Ac18 Firmware, Ac19 and 5 more | 2024-07-29 | N/A | 9.8 CRITICAL |
| Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 and v.1.0 allows a remote attacker to execute arbitrary code via the formSetCfm function in bin/httpd. | |||||
| CVE-2024-24543 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
| Buffer Overflow vulnerability in the function setSchedWifi in Tenda AC9 v.3.0, firmware version v.15.03.06.42_multi allows a remote attacker to cause a denial of service or run arbitrary code via crafted overflow data. | |||||
| CVE-2023-41559 | 1 Tenda | 6 Ac5, Ac5 Firmware, Ac7 and 3 more | 2024-02-28 | N/A | 9.8 CRITICAL |
| Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter page at url /goform/NatStaticSetting. | |||||
| CVE-2023-38936 | 1 Tenda | 18 Ac10, Ac10 Firmware, Ac1206 and 15 more | 2024-02-28 | N/A | 9.8 CRITICAL |
| Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6, AC9 V3.0 V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function. | |||||
| CVE-2023-38937 | 1 Tenda | 14 Ac10, Ac10 Firmware, Ac1206 and 11 more | 2024-02-28 | N/A | 9.8 CRITICAL |
| Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, AC9 V3.0 V15.03.06.42_multi and AC10 v4.0 V16.03.10.13 were discovered to contain a stack overflow via the list parameter in the formSetVirtualSer function. | |||||
| CVE-2023-41561 | 1 Tenda | 4 Ac5, Ac5 Firmware, Ac9 and 1 more | 2024-02-28 | N/A | 9.8 CRITICAL |
| Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter startIp and endIp at url /goform/SetPptpServerCfg. | |||||
| CVE-2023-38935 | 1 Tenda | 10 Ac10, Ac10 Firmware, Ac1206 and 7 more | 2024-02-28 | N/A | 9.8 CRITICAL |
| Tenda AC1206 V15.03.06.23, AC8 V4 V16.03.34.06, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and AC9 V3.0 V15.03.06.42_multi were discovered to contain a tack overflow via the list parameter in the formSetQosBand function. | |||||
| CVE-2023-41552 | 1 Tenda | 4 Ac7, Ac7 Firmware, Ac9 and 1 more | 2024-02-28 | N/A | 9.8 CRITICAL |
| Tenda AC7 V1.0 V15.03.06.44 and Tenda AC9 V3.0 V15.03.06.42_multi were discovered to contain a stack overflow via parameter ssid at url /goform/fast_setting_wifi_set. | |||||
| CVE-2023-38933 | 1 Tenda | 18 Ac10, Ac10 Firmware, Ac1206 and 15 more | 2024-02-28 | N/A | 9.8 CRITICAL |
| Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6 and AC9 V3.0 V15.03.06.42_multi, and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function. | |||||
| CVE-2023-37716 | 1 Tenda | 14 Ac10, Ac10 Firmware, Ac1206 and 11 more | 2024-02-28 | N/A | 9.8 CRITICAL |
| Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromNatStaticSetting. | |||||
| CVE-2023-41562 | 1 Tenda | 6 Ac5, Ac5 Firmware, Ac7 and 3 more | 2024-02-28 | N/A | 9.8 CRITICAL |
| Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter time at url /goform/PowerSaveSet. | |||||
| CVE-2023-41556 | 1 Tenda | 6 Ac5, Ac5 Firmware, Ac7 and 3 more | 2024-02-28 | N/A | 9.8 CRITICAL |
| Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter list at url /goform/SetIpMacBind. | |||||
| CVE-2023-41563 | 1 Tenda | 4 Ac5, Ac5 Firmware, Ac9 and 1 more | 2024-02-28 | N/A | 9.8 CRITICAL |
| Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter mac at url /goform/GetParentControlInfo. | |||||
| CVE-2023-41553 | 1 Tenda | 4 Ac5, Ac5 Firmware, Ac9 and 1 more | 2024-02-28 | N/A | 9.8 CRITICAL |
| Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter list at url /goform/SetStaticRouteCfg. | |||||
| CVE-2023-41560 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
| Tenda AC9 V3.0 V15.03.06.42_multi was discovered to contain a stack overflow via parameter firewallEn at url /goform/SetFirewallCfg. | |||||
| CVE-2023-37717 | 1 Tenda | 14 Ac10, Ac10 Firmware, Ac1206 and 11 more | 2024-02-28 | N/A | 9.8 CRITICAL |
| Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromDhcpListClient. | |||||