Filtered by vendor Tenda
Subscriptions
Total
1579 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-1895 | 1 Tenda | 2 Tx3, Tx3 Firmware | 2025-03-05 | 6.5 Medium |
| A vulnerability classified as critical has been found in Tenda TX3 16.03.13.11_multi. This affects an unknown part of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-27065 | 1 Tenda | 2 W15e, W15e Firmware | 2025-02-27 | 7.5 High |
| Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the picName parameter in the formDelWewifiPi function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | ||||
| CVE-2023-27064 | 1 Tenda | 2 W15e, W15e Firmware | 2025-02-27 | 7.5 High |
| Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the index parameter in the formDelDnsForward function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | ||||
| CVE-2023-27063 | 1 Tenda | 2 W15e, W15e Firmware | 2025-02-27 | 9.8 Critical |
| Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the DNSDomainName parameter in the formModifyDnsForward function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | ||||
| CVE-2023-27062 | 1 Tenda | 2 W15e, W15e Firmware | 2025-02-27 | 7.5 High |
| Tenda V15V1.0 was discovered to contain a buffer overflow vulnerability via the gotoUrl parameter in the formPortalAuth function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | ||||
| CVE-2023-27061 | 1 Tenda | 2 W15e, W15e Firmware | 2025-02-27 | 9.8 Critical |
| Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the wifiFilterListRemark parameter in the modifyWifiFilterRules function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | ||||
| CVE-2023-26806 | 1 Tenda | 2 W20e, W20e Firmware | 2025-02-27 | 9.8 Critical |
| Tenda W20E v15.11.0.6(US_W20EV4.0br_v15.11.0.6(1068_1546_841 is vulnerable to Buffer Overflow via function formSetSysTime, | ||||
| CVE-2023-26805 | 1 Tenda | 2 W20e, W20e Firmware | 2025-02-27 | 9.8 Critical |
| Tenda W20E v15.11.0.6 (US_W20EV4.0br_v15.11.0.6(1068_1546_841)_CN_TDC) is vulnerable to Buffer Overflow via function formIPMacBindModify. | ||||
| CVE-2023-27239 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2025-02-27 | 9.8 Critical |
| Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the shareSpeed parameter at /goform/WifiGuestSet. | ||||
| CVE-2023-27240 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2025-02-27 | 9.8 Critical |
| Tenda AX3 V16.03.12.11 was discovered to contain a command injection vulnerability via the lanip parameter at /goform/AdvSetLanip. | ||||
| CVE-2023-27079 | 1 Tenda | 2 G103, G103 Firmware | 2025-02-25 | 7.5 High |
| Command Injection vulnerability found in Tenda G103 v.1.0.05 allows an attacker to obtain sensitive information via a crafted package | ||||
| CVE-2023-27042 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2025-02-20 | 8.8 High |
| Tenda AX3 V16.03.12.11 is vulnerable to Buffer Overflow via /goform/SetFirewallCfg. | ||||
| CVE-2024-2485 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-02-13 | 8.8 High |
| A vulnerability was found in Tenda AC18 15.03.05.05 and classified as critical. Affected by this issue is the function formSetSpeedWan of the file /goform/SetSpeedWan. The manipulation of the argument speed_dir leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256892. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-26976 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-02-13 | 7.5 High |
| Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function. | ||||
| CVE-2024-36604 | 1 Tenda | 2 O3, O3 Firmware | 2025-02-13 | 9.8 Critical |
| Tenda O3V2 v1.0.0.12(3880) was discovered to contain a Blind Command Injection via stpEn parameter in the SetStp function. This vulnerability allows attackers to execute arbitrary commands with root privileges. | ||||
| CVE-2023-25212 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2025-02-13 | 9.8 Critical |
| Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the fromSetWirelessRepeat function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | ||||
| CVE-2023-25211 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2025-02-13 | 9.8 Critical |
| Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the R7WebsSecurityHandler function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | ||||
| CVE-2023-25210 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2025-02-13 | 9.8 Critical |
| Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the fromSetSysTime function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | ||||
| CVE-2023-25213 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2025-02-12 | 9.8 Critical |
| Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the check_param_changed function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | ||||
| CVE-2023-25220 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2025-02-12 | 9.8 Critical |
| Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the add_white_node function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. | ||||