Filtered by vendor Tenda
Subscriptions
Total
1534 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-42053 | 1 Tenda | 2 W15e, W15e Firmware | 2025-07-07 | 7.8 High |
| Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a command injection vulnerability via the PortMappingServer parameter in the setPortMapping function. | ||||
| CVE-2022-40846 | 1 Tenda | 2 W15e, W15e Firmware | 2025-07-07 | 4.8 Medium |
| In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), a Stored Cross Site Scripting (XSS) vulnerability exists allowing an attacker to execute JavaScript code via the applications stored hostname. | ||||
| CVE-2022-40844 | 1 Tenda | 2 W15e, W15e Firmware | 2025-07-07 | 5.4 Medium |
| In Tenda (Shenzhen Tenda Technology Co., Ltd) AC1200 Router model W15Ev2 V15.11.0.10(1576), a Stored Cross Site Scripting (XSS) issue exists allowing an attacker to execute JavaScript code via the applications website filtering tab, specifically the URL body. | ||||
| CVE-2021-3186 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2025-07-07 | 5.4 Medium |
| A Stored Cross-site scripting (XSS) vulnerability in /main.html Wifi Settings in Tenda AC5 AC1200 version V15.03.06.47_multi allows remote attackers to inject arbitrary web script or HTML via the Wifi Name parameter. | ||||
| CVE-2020-28095 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-07-07 | 7.5 High |
| On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, a large HTTP POST request sent to the change password API will trigger the router to crash and enter an infinite boot loop. | ||||
| CVE-2024-46450 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-07-07 | 8.1 High |
| Incorrect access control in Tenda AC1200 Smart Dual-Band WiFi Router Model AC6 v2.0 Firmware v15.03.06.50 allows attackers to bypass authentication via a crafted web request. | ||||
| CVE-2024-40503 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2025-07-07 | 6.5 Medium |
| An issue in Tenda AX12 v.16.03.49.18_cn+ allows a remote attacker to cause a denial of service via the Routing functionality and ICMP packet handling. | ||||
| CVE-2024-48192 | 1 Tenda | 2 G3, G3 Firmware | 2025-07-07 | 8 High |
| Tenda G3 v15.01.0.5(2848_755)_EN was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root | ||||
| CVE-2024-40412 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2025-07-07 | 6.8 Medium |
| Tenda AX12 v1.0 v22.03.01.46 contains a stack overflow in the deviceList parameter of the sub_42E410 function. | ||||
| CVE-2024-40515 | 2 Tenda, Tendacn | 3 Ax2 Pro, Ax2 Pro Firmware, Ax2 Pro | 2025-07-07 | 9.8 Critical |
| An issue in SHENZHEN TENDA TECHNOLOGY CO.,LTD Tenda AX2pro V16.03.29.48_cn allows a remote attacker to execute arbitrary code via the Routing functionality. | ||||
| CVE-2024-33365 | 2 Tenda, Tendacn | 3 Ac10, Ac10 Firmware, Ac10 Firmware | 2025-07-07 | 7.5 High |
| Buffer Overflow vulnerability in Tenda AC10 v4 US_AC10V4.0si_V16.03.10.20_cn allows a remote attacker to execute arbitrary code via the Virtual_Data_Check function in the bin/httpd component. | ||||
| CVE-2025-50258 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-07-07 | 8.1 High |
| Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the SetSysTimeCfg function via the time parameter. | ||||
| CVE-2025-50262 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-07-07 | 7.5 High |
| Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetQosBand function via the list parameter. | ||||
| CVE-2025-50641 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-07-07 | 6.5 Medium |
| Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the addWifiMacFilter function via the parameter deviceId. | ||||
| CVE-2025-6887 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2025-07-06 | 8.8 High |
| A vulnerability was found in Tenda AC5 15.03.06.47 and classified as critical. Affected by this issue is some unknown functionality of the file /goform/SetSysTimeCfg. The manipulation of the argument time/timeZone leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6886 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2025-07-06 | 8.8 High |
| A vulnerability has been found in Tenda AC5 15.03.06.47 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-50528 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-07-01 | 7.3 High |
| A buffer overflow vulnerability exists in the fromNatStaticSetting function of Tenda AC6 <=V15.03.05.19 via the page parameter. | ||||
| CVE-2025-0566 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-07-01 | 8.8 High |
| A vulnerability classified as critical has been found in Tenda AC15 15.13.07.13. This affects the function formSetDevNetName of the file /goform/SetDevNetName. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-34338 | 1 Tenda | 3 O3, O3 Firmware, O3v2 | 2025-06-30 | 7.2 High |
| Tenda O3V2 with firmware versions V1.0.0.10 and V1.0.0.12 was discovered to contain a Blind Command Injection via dest parameter in /goform/getTraceroute. This vulnerability allows attackers to execute arbitrary commands with root privileges. Authentication is required to exploit this vulnerability. | ||||
| CVE-2024-25343 | 1 Tenda | 2 N300, N300 Firmware | 2025-06-30 | 9.1 Critical |
| Tenda N300 F3 router vulnerability allows users to bypass intended security policy and create weak passwords. | ||||