CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1814 – Tenda AC6 WifiExtraSet stack-based overflow
https://notcve.org/view.php?id=CVE-2025-1814
02 Mar 2025 — A vulnerability, which was classified as critical, has been found in Tenda AC6 15.03.05.16. Affected by this issue is some unknown functionality of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Raining-101/IOT_cve/blob/main/ac6.md_goform_WifiExtraSet.md • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-0349 – Tenda AC6 GetParentControlInfo stack-based overflow
https://notcve.org/view.php?id=CVE-2025-0349
09 Jan 2025 — A vulnerability classified as critical has been found in Tenda AC6 15.03.05.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument src leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/wy876/cve/issues/5 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-40837
https://notcve.org/view.php?id=CVE-2023-40837
30 Aug 2023 — Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_ADD50' contains a command execution vulnerability. In the "formSetIptv" function, obtaining the "list" and "vlanId" fields, unfiltered passing these two fields as parameters to the "sub_ADD50" function to execute commands. La función "sub_ADD50" de Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin contiene una vulnerabilidad de ejecución de comandos. En la función "formSetIptv", al obtener los campos "list" y "vlanId", sin filtrar pasa estos ... • https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/cmd/2/2.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-40838
https://notcve.org/view.php?id=CVE-2023-40838
30 Aug 2023 — Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_3A1D0' contains a command execution vulnerability. La función 'sub_3A1D0' de Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin contiene una vulnerabilidad de ejecución de comandos. • https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/cmd/1/1.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-40839
https://notcve.org/view.php?id=CVE-2023-40839
30 Aug 2023 — Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_ADF3C' contains a command execution vulnerability. In the "formSetIptv" function, obtaining the "list" and "vlanId" fields, unfiltered passing these two fields as parameters to the "sub_ADF3C" function to execute commands. La función "sub_ADF3C" de Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin contiene una vulnerabilidad de ejecución de comandos. En la función "formSetIptv", al obtener los campos "list" y "vlanId", sin filtrar pasa estos ... • https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/cmd/3/3.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-40840
https://notcve.org/view.php?id=CVE-2023-40840
30 Aug 2023 — Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function "fromGetWirelessRepeat." Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin es vulnerable al desbordamiento del búfer a través de la función "fromGetWirelessRepeat". • https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/6/6.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-40841
https://notcve.org/view.php?id=CVE-2023-40841
30 Aug 2023 — Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function "add_white_node," Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin es vulnerable al desbordamiento del búfer a través de la función "add_white_node". • https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/5/5.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-40842
https://notcve.org/view.php?id=CVE-2023-40842
30 Aug 2023 — Tengda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function "R7WebsSecurityHandler." Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin es vulnerable al desbordamiento del búfer a través de la función "R7WebsSecurityHandler". • https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/4/4.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-40843
https://notcve.org/view.php?id=CVE-2023-40843
30 Aug 2023 — Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function "sub_73004." Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin es vulnerable al desbordamiento del búfer a través de la función "sub_73004". • https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/8/8.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-40844
https://notcve.org/view.php?id=CVE-2023-40844
30 Aug 2023 — Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function 'formWifiBasicSet.' Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin es vulnerable al desbordamiento del búfer a través de la función 'formWifiBasicSet'. • https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/2/2.md • CWE-787: Out-of-bounds Write •