CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1898 – Tenda TX3 openSchedWifi buffer overflow
https://notcve.org/view.php?id=CVE-2025-1898
04 Mar 2025 — A vulnerability, which was classified as critical, was found in Tenda TX3 16.03.13.11_multi. Affected is an unknown function of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/2664521593/mycve/blob/main/Tenda/TX3/tenda_tx3_bof_4.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1897 – Tenda TX3 SetNetControlList buffer overflow
https://notcve.org/view.php?id=CVE-2025-1897
04 Mar 2025 — A vulnerability, which was classified as critical, has been found in Tenda TX3 16.03.13.11_multi. This issue affects some unknown processing of the file /goform/SetNetControlList. The manipulation of the argument list leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/2664521593/mycve/blob/main/Tenda/TX3/tenda_tx3_bof_3.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1896 – Tenda TX3 SetStaticRouteCfg buffer overflow
https://notcve.org/view.php?id=CVE-2025-1896
04 Mar 2025 — A vulnerability classified as critical was found in Tenda TX3 16.03.13.11_multi. This vulnerability affects unknown code of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/2664521593/mycve/blob/main/Tenda/TX3/tenda_tx3_bof_2.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1895 – Tenda TX3 setMacFilterCfg buffer overflow
https://notcve.org/view.php?id=CVE-2025-1895
04 Mar 2025 — A vulnerability classified as critical has been found in Tenda TX3 16.03.13.11_multi. This affects an unknown part of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/2664521593/mycve/blob/main/Tenda/TX3/tenda_tx3_bof_1.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1853 – Tenda AC8 Parameter SetIpMacBind sub_49E098 stack-based overflow
https://notcve.org/view.php?id=CVE-2025-1853
03 Mar 2025 — A vulnerability was found in Tenda AC8 16.03.34.06 and classified as critical. This issue affects the function sub_49E098 of the file /goform/SetIpMacBind of the component Parameter Handler. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Raining-101/IOT_cve/blob/main/tenda-ac8_sub_49E098.md • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 45EXPL: 1CVE-2025-1851 – Tenda AC7 SetFirewallCfg formSetFirewallCfg stack-based overflow
https://notcve.org/view.php?id=CVE-2025-1851
03 Mar 2025 — A vulnerability, which was classified as critical, was found in Tenda AC7 up to 15.03.06.44. This affects the function formSetFirewallCfg of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Raining-101/IOT_cve/blob/main/ac7_V15.03.06.44_SetFirewallCfg.md • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 6.5EPSS: 2%CPEs: 1EXPL: 1CVE-2025-1819 – Tenda AC7 1200M telnet TendaTelnet os command injection
https://notcve.org/view.php?id=CVE-2025-1819
02 Mar 2025 — A vulnerability, which was classified as critical, was found in Tenda AC7 1200M 15.03.06.44. Affected is the function TendaTelnet of the file /goform/telnet. The manipulation of the argument lan_ip leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Raining-101/IOT_cve/blob/main/Tenda%20a7%20V15.03.06.44%20Command%20injection.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1814 – Tenda AC6 WifiExtraSet stack-based overflow
https://notcve.org/view.php?id=CVE-2025-1814
02 Mar 2025 — A vulnerability, which was classified as critical, has been found in Tenda AC6 15.03.05.16. Affected by this issue is some unknown functionality of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Raining-101/IOT_cve/blob/main/ac6.md_goform_WifiExtraSet.md • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25343
https://notcve.org/view.php?id=CVE-2025-25343
12 Feb 2025 — Tenda AC6 V15.03.05.16 firmware has a buffer overflow vulnerability in the formexeCommand function. • https://github.com/wy876/cve/issues/4 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-0848 – Tenda A18 HTTP POST Request SetCmdlineRun stack-based overflow
https://notcve.org/view.php?id=CVE-2025-0848
30 Jan 2025 — A vulnerability was found in Tenda A18 up to 15.13.07.09. It has been rated as critical. This issue affects the function SetCmdlineRun of the file /goform/SetCmdlineRun of the component HTTP POST Request Handler. The manipulation of the argument wpapsk_crypto5g leads to stack-based buffer overflow. The attack may be initiated remotely. • https://github.com/alc9700jmo/CVE/issues/9 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •