Filtered by vendor Tenda
Subscriptions
Total
1198 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-32302 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-04-09 | 6.3 Medium |
| Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability via the PPW parameter in the fromWizardHandle function. | ||||
| CVE-2024-32315 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-04-09 | 4.7 Medium |
| Tenda FH1202 v1.2.0.14(408) firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting function. | ||||
| CVE-2023-46060 | 1 Tenda | 2 Ac500, Ac500 Firmware | 2025-04-09 | 7.5 High |
| A Buffer Overflow vulnerability in Tenda AC500 v.2.0.1.9 allows a remote attacker to cause a denial of service via the port parameter at the goform/setVlanInfo component. | ||||
| CVE-2024-32305 | 1 Tenda | 2 A18, A18 Firmware | 2025-04-09 | 8.8 High |
| Tenda A18 v15.03.05.05 firmware has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function. | ||||
| CVE-2024-35340 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2025-04-09 | 8.6 High |
| Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command injection vulnerability via the cmdinput parameter at ip/goform/formexeCommand. | ||||
| CVE-2024-35339 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2025-04-09 | 9.8 Critical |
| Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command injection vulnerability via the mac parameter at ip/goform/WriteFacMac. | ||||
| CVE-2024-3008 | 1 Tenda | 2 Fh1205, Fh1205 Firmware | 2025-04-08 | 8.8 High |
| A vulnerability, which was classified as critical, was found in Tenda FH1205 2.0.0.7(775). Affected is the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258294 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-30645 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-04-08 | 8.0 High |
| Tenda AC15V1.0 V15.03.20_multi has a command injection vulnerability via the deviceName parameter. | ||||
| CVE-2024-30613 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-04-08 | 4.3 Medium |
| Tenda AC15 v15.03.05.18 has a stack overflow vulnerability in the time parameter from the setSmartPowerManagement function. | ||||
| CVE-2025-2993 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-04-08 | 5.3 Medium |
| A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). Affected by this issue is some unknown functionality of the file /default.cfg. The manipulation of the argument these leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3167 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2025-04-08 | 6.5 Medium |
| A vulnerability, which was classified as problematic, has been found in Tenda AC23 16.03.07.52. This issue affects some unknown processing of the file /goform/VerAPIMant of the component API Interface. The manipulation of the argument getuid leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3203 | 1 Tenda | 2 W18e, W18e Firmware | 2025-04-08 | 4.3 Medium |
| A vulnerability classified as problematic was found in Tenda W18E 16.01.0.11. Affected by this vulnerability is the function formSetAccountList of the file /goform/setModules. The manipulation of the argument Password leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2995 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-04-08 | 5.3 Medium |
| A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. This vulnerability affects unknown code of the file /goform/SysToolChangePwd of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2996 | 1 Tenda | 2 Fh1202, Fh1202 Firmware | 2025-04-08 | 5.3 Medium |
| A vulnerability was found in Tenda FH1202 1.2.0.14(408) and classified as critical. This issue affects some unknown processing of the file /goform/SysToolDDNS of the component Web Management Interface. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-52788 | 1 Tenda | 2 W9, W9 Firmware | 2025-04-07 | 8 High |
| Tenda W9 v1.0.0.7(4456) was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root. | ||||
| CVE-2024-52789 | 1 Tenda | 2 W30e, W30e Firmware | 2025-04-07 | 8 High |
| Tenda W30E v2.0 V16.01.0.8 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root. | ||||
| CVE-2025-3259 | 1 Tenda | 2 Rx3, Rx3 Firmware | 2025-04-07 | 8.8 High |
| A vulnerability, which was classified as critical, has been found in Tenda RX3 16.03.13.11. This issue affects the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3328 | 1 Tenda | 2 Ac1206, Ac1206 Firmware | 2025-04-07 | 8.8 High |
| A vulnerability was found in Tenda AC1206 15.03.06.23. It has been classified as critical. Affected is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid/timeZone leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2024-40417 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2025-04-07 | 6.5 Medium |
| A vulnerability was found in Tenda AX1806 1.0.0.1. Affected by this issue is the function formSetRebootTimer of the file /goform/SetIpMacBind. The manipulation of the argument list leads to stack-based buffer overflow. | ||||
| CVE-2024-33181 | 2 Tenda, Tendacn | 3 Ac18, Ac18 Firmware, Ac18 Firmware | 2025-04-07 | 8.8 High |
| Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceMac parameter at ip/goform/addWifiMacFilter. | ||||