Filtered by vendor Tenda
Subscriptions
Total
1159 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-44551 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2025-03-26 | 9.8 Critical |
| Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formGetIptv. | ||||
| CVE-2022-48130 | 1 Tenda | 2 W20e, W20e Firmware | 2025-03-26 | 9.8 Critical |
| Tenda W20E v15.11.0.6 was discovered to contain multiple stack overflows in the function formSetStaticRoute via the parameters staticRouteNet, staticRouteMask, staticRouteGateway, staticRouteWAN. | ||||
| CVE-2025-29218 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-26 | 6.5 Medium |
| Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow in the wifiPwd parameter at /goform/setModules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2024-46434 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-25 | 8.8 High |
| Tenda W18E V16.01.0.8(1625) suffers from authentication bypass in the web management portal allowing an unauthorized remote attacker to gain administrative access by sending a specially crafted HTTP request. | ||||
| CVE-2024-46433 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-25 | 8.8 High |
| A default credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using the default rzadmin account with administrative privileges. | ||||
| CVE-2024-46432 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-25 | 8.8 High |
| Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. An attacker can send a specially crafted HTTP POST request to the setQuickCfgWifiAndLogin function, which allows unauthorized changes to WiFi configuration settings and administrative credentials. | ||||
| CVE-2024-46431 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-25 | 8 High |
| Tenda W18E V16.01.0.8(1625) is vulnerable to Buffer Overflow. An attacker with access to the web management portal can exploit this vulnerability by sending specially crafted data to the delWewifiPic function. | ||||
| CVE-2024-46430 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-25 | 6.5 Medium |
| Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. Unauthorized password change via the web management portal allows an unauthenticated remote attacker to change the administrator password by sending a specially crafted HTTP POST request to the setLoginPassword function, bypassing the authentication mechanism. | ||||
| CVE-2024-46435 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-25 | 8 High |
| A stack overflow vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an authenticated remote attacker to cause a denial of service or potentially execute arbitrary code. This vulnerability occurs due to improper input validation when handling user-supplied data in the delFacebookPic function. | ||||
| CVE-2024-46436 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-25 | 8.3 High |
| Hardcoded credentials in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to gain root access to the device over the telnet service. | ||||
| CVE-2024-46437 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-25 | 6.5 Medium |
| A sensitive information disclosure vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an unauthenticated remote attacker to retrieve sensitive configuration information, including WiFi SSID, WiFi password, and base64-encoded administrator credentials, by sending a specially crafted HTTP POST request to the getQuickCfgWifiAndLogin function, bypassing authentication checks. | ||||
| CVE-2025-29217 | 1 Tenda | 2 W18e, W18e Firmware | 2025-03-25 | 6.5 Medium |
| Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow in the wifiSSID parameter at /goform/setModules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2025-29215 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2025-03-25 | 6.5 Medium |
| Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow via the sub_43fdcc function at /goform/SetNetControlList. | ||||
| CVE-2025-29149 | 1 Tenda | 2 I12, I12 Framework | 2025-03-25 | 7.5 High |
| Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the ping1 parameter in the formSetAutoPing function. | ||||
| CVE-2025-29214 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2025-03-25 | 7.5 High |
| Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow via the sub_42F69C function at /goform/setMacFilterCfg. | ||||
| CVE-2025-29101 | 1 Tenda | 2 Ac8, Ac8 Firmware | 2025-03-25 | 7.5 High |
| Tenda AC8V4.0 V16.03.34.06 was discovered to contain a stack overflow via the deviceid parameter in the get_parentControl_list_Info function. | ||||
| CVE-2024-42978 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2025-03-25 | 9.8 Critical |
| An issue in the handler function in /goform/telnet of Tenda FH1206 v02.03.01.35 allows attackers to execute arbitrary commands via a crafted HTTP request. | ||||
| CVE-2023-24332 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-03-25 | 8.1 High |
| A stack overflow vulnerability in Tenda AC6 with firmware version US_AC6V5.0re_V03.03.02.01_cn_TDC01 allows attackers to run arbitrary commands via crafted POST request to /goform/PowerSaveSet. | ||||
| CVE-2023-24333 | 1 Tenda | 2 Ac21, Ac21 Firmware | 2025-03-25 | 8.8 High |
| A stack overflow vulnerability in Tenda AC21 with firmware version US_AC21V1.0re_V16.03.08.15_cn_TDC01 allows attackers to run arbitrary commands via crafted POST request to /goform/openSchedWifi. | ||||
| CVE-2023-24334 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2025-03-25 | 8.0 High |
| A stack overflow vulnerability in Tenda AC23 with firmware version US_AC23V1.0re_V16.03.07.45_cn_TDC01 allows attackers to run arbitrary commands via schedStartTime parameter. | ||||