Filtered by vendor Tenda
Subscriptions
Total
1395 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-46635 | 1 Tenda | 2 Rx2 Pro, Rx2 Pro Firmware | 2025-05-27 | 7.1 High |
| An issue was discovered on Tenda RX2 Pro 16.03.30.14 devices. Improper network isolation between the guest Wi-Fi network and other network interfaces on the router allows an attacker (who is authenticated to the guest Wi-Fi) to access resources on the router and/or resources and devices on other networks hosted by the router by configuring a static IP address (within the non-guest subnet) on their host. | ||||
| CVE-2025-46634 | 1 Tenda | 2 Rx2 Pro, Rx2 Pro Firmware | 2025-05-27 | 8.2 High |
| Cleartext transmission of sensitive information in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an unauthenticated attacker to authenticate to the web management portal by collecting credentials from observed/collected traffic. It implements encryption, but not until after the user has transmitted the hash of their password in cleartext. The hash can be replayed to authenticate. | ||||
| CVE-2025-46633 | 1 Tenda | 2 Rx2 Pro, Rx2 Pro Firmware | 2025-05-27 | 8.2 High |
| Cleartext transmission of sensitive information in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an attacker to decrypt traffic between the client and server by collecting the symmetric AES key from collected and/or observed traffic. The AES key in sent in cleartext in response to successful authentication. The IV is always EU5H62G9ICGRNI43. | ||||
| CVE-2025-46632 | 1 Tenda | 2 Rx2 Pro, Rx2 Pro Firmware | 2025-05-27 | 6.5 Medium |
| Initialization vector (IV) reuse in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an attacker to discern information about or more easily decrypt encrypted messages between client and server. | ||||
| CVE-2025-4810 | 1 Tenda | 2 Ac7, Ac7 Firmware | 2025-05-24 | 8.8 High |
| A vulnerability was found in Tenda AC7 15.03.06.44. It has been declared as critical. Affected by this vulnerability is the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument reboot_time leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4809 | 1 Tenda | 2 Ac7, Ac7 Firmware | 2025-05-24 | 8.8 High |
| A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. Affected is the function fromSafeSetMacFilter of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-45513 | 1 Tenda | 2 Fh451, Fh451 Firmware | 2025-05-24 | 9.8 Critical |
| Tenda FH451 V1.0.0.9 has a stack overflow vulnerability in the function.P2pListFilter. | ||||
| CVE-2025-44176 | 1 Tenda | 2 Fh451, Fh451 Firmware | 2025-05-23 | 6.5 Medium |
| Tenda FH451 V1.0.0.9 is vulnerable to Remote Code Execution in the formSafeEmailFilter function. | ||||
| CVE-2022-40868 | 1 Tenda | 2 W20e, W20e Firmware | 2025-05-22 | 9.8 Critical |
| Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formDelDhcpRule with the request /goform/delDhcpRules/ | ||||
| CVE-2022-40867 | 1 Tenda | 2 W20e, W20e Firmware | 2025-05-22 | 9.8 Critical |
| Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formIPMacBindDel with the request /goform/delIpMacBind/ | ||||
| CVE-2022-40866 | 1 Tenda | 2 W20e, W20e Firmware | 2025-05-22 | 9.8 Critical |
| Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formSetDebugCfg with request /goform/setDebugCfg/ | ||||
| CVE-2022-40861 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-05-22 | 7.2 High |
| Tenda AC18 router V15.03.05.19 contains a stack overflow vulnerability in the formSetQosBand->FUN_0007db78 function with the request /goform/SetNetControlList/ | ||||
| CVE-2022-40855 | 1 Tenda | 2 W20e, W20e Firmware | 2025-05-22 | 9.8 Critical |
| Tenda W20E router V15.11.0.6 contains a stack overflow in the function formSetPortMapping with post request 'goform/setPortMapping/'. This vulnerability allows attackers to cause a Denial of Service (DoS) or Remote Code Execution (RCE) via the portMappingServer, portMappingProtocol, portMappingWan, porMappingtInternal, and portMappingExternal parameters. | ||||
| CVE-2022-40854 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-05-22 | 9.8 Critical |
| Tenda AC18 router contained a stack overflow vulnerability in /goform/fast_setting_wifi_set | ||||
| CVE-2022-40851 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-05-22 | 9.8 Critical |
| Tenda AC15 V15.03.05.19 contained a stack overflow via the function fromAddressNat. | ||||
| CVE-2022-40105 | 1 Tenda | 2 I9, I9 Firmware | 2025-05-22 | 7.5 High |
| Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formWifiMacFilterGet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. | ||||
| CVE-2022-40104 | 1 Tenda | 2 I9, I9 Firmware | 2025-05-22 | 7.5 High |
| Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formwrlSSIDget function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. | ||||
| CVE-2022-40103 | 1 Tenda | 2 I9, I9 Firmware | 2025-05-22 | 5.5 Medium |
| Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formSetAutoPing function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. | ||||
| CVE-2022-40102 | 1 Tenda | 2 I9, I9 Firmware | 2025-05-22 | 7.5 High |
| Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formwrlSSIDset function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. | ||||
| CVE-2022-40101 | 1 Tenda | 2 I9, I9 Firmware | 2025-05-22 | 7.5 High |
| Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formWifiMacFilterSet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. | ||||