CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2025-0566 – Tenda AC15 SetDevNetName formSetDevNetName stack-based overflow
https://notcve.org/view.php?id=CVE-2025-0566
19 Jan 2025 — A vulnerability classified as critical has been found in Tenda AC15 15.13.07.13. This affects the function formSetDevNetName of the file /goform/SetDevNetName. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://pan.baidu.com/s/1DBDf27oCTIMkW-PSZwg02Q?pwd=tara • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 8.6EPSS: 0%CPEs: 3EXPL: 1CVE-2025-0528 – Tenda AC8/AC10/AC18 HTTP Request telnet command injection
https://notcve.org/view.php?id=CVE-2025-0528
17 Jan 2025 — A vulnerability, which was classified as critical, has been found in Tenda AC8, AC10 and AC18 16.03.10.20. Affected by this issue is some unknown functionality of the file /goform/telnet of the component HTTP Request Handler. The manipulation leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Pr0b1em/IoT/blob/master/TendaAC10v16.03.10.20telnet.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-57579
https://notcve.org/view.php?id=CVE-2024-57579
16 Jan 2025 — Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the limitSpeedUp parameter in the formSetClientState function. • https://github.com/qijiale/Tenda/tree/main/6 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-57580
https://notcve.org/view.php?id=CVE-2024-57580
16 Jan 2025 — Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function. • https://github.com/qijiale/Tenda/tree/main/7 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-57581
https://notcve.org/view.php?id=CVE-2024-57581
16 Jan 2025 — Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function. • https://github.com/qijiale/Tenda/tree/main/8 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-57582
https://notcve.org/view.php?id=CVE-2024-57582
16 Jan 2025 — Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the startIP parameter in the formSetPPTPServer function. • https://github.com/qijiale/Tenda/tree/main/9 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-57583
https://notcve.org/view.php?id=CVE-2024-57583
16 Jan 2025 — Tenda AC18 V15.03.05.19 was discovered to contain a command injection vulnerability via the usbName parameter in the formSetSambaConf function. • https://github.com/qijiale/Tenda/tree/main/10 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-0349 – Tenda AC6 GetParentControlInfo stack-based overflow
https://notcve.org/view.php?id=CVE-2025-0349
09 Jan 2025 — A vulnerability classified as critical has been found in Tenda AC6 15.03.05.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument src leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/wy876/cve/issues/5 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-52275 – Denial of Service on Tenda AC6V2 Due To Stack Overflow
https://notcve.org/view.php?id=CVE-2024-52275
04 Dec 2024 — Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (fromWizardHandle modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50. Vulnerabilidad de desbordamiento de búfer en la región stack de la memoria en Shenzhen Tenda Technology Co Tenda AC6V2 (desde los módulos WizardHandle) permite desbordamientos de búfer. Este problema afecta a Tenda AC6V2: hasta el 15.03.06.50. • https://www.tendacn.com/download/detail-3316.html • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-52274 – Denial of Service on Tenda AC6V2 Due To Stack Overflow
https://notcve.org/view.php?id=CVE-2024-52274
04 Dec 2024 — Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (setDoubleL2tpConfig->guest_ip_check(overflow arg: mask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50 Vulnerabilidad de desbordamiento de búfer en la región stack de la memoria en los módulos Shenzhen Tenda Technology Co Tenda AC6V2 (setDoubleL2tpConfig->guest_ip_check(overflow arg: mask). Permite desbordamientos de búfer. Este problema afecta a Tenda AC6V2: hasta 15.03.06.50 • https://www.vulsec.org/advisories • CWE-121: Stack-based Buffer Overflow •