CVSS: 9.0EPSS: 0%CPEs: 45EXPL: 1CVE-2025-1851 – Tenda AC7 SetFirewallCfg formSetFirewallCfg stack-based overflow
https://notcve.org/view.php?id=CVE-2025-1851
03 Mar 2025 — A vulnerability, which was classified as critical, was found in Tenda AC7 up to 15.03.06.44. This affects the function formSetFirewallCfg of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Raining-101/IOT_cve/blob/main/ac7_V15.03.06.44_SetFirewallCfg.md • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 18EXPL: 1CVE-2023-38931
https://notcve.org/view.php?id=CVE-2023-38931
07 Aug 2023 — Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and FH1203 V2.0.1.6 were discovered to contain a stack overflow via the list parameter in the setaccount function. • https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/cloudv2_setaccount/README.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 18EXPL: 1CVE-2023-38933
https://notcve.org/view.php?id=CVE-2023-38933
07 Aug 2023 — Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6 and AC9 V3.0 V15.03.06.42_multi, and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function. • https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetClientState/README.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 18EXPL: 1CVE-2023-38936
https://notcve.org/view.php?id=CVE-2023-38936
07 Aug 2023 — Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6, AC9 V3.0 V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function. • https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetSpeedWan/README.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 16EXPL: 1CVE-2023-38937
https://notcve.org/view.php?id=CVE-2023-38937
07 Aug 2023 — Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, AC9 V3.0 V15.03.06.42_multi and AC10 v4.0 V16.03.10.13 were discovered to contain a stack overflow via the list parameter in the formSetVirtualSer function. • https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetVirtualSer/README.md • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 1CVE-2018-18727
https://notcve.org/view.php?id=CVE-2018-18727
28 Oct 2018 — An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceList' parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function. Se ha descubierto un problema en dispositivos Tenda AC7 V15.03.06.44_CN, ... • https://github.com/ZIllR0/Routers/blob/master/Tenda/stack1.md • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 1CVE-2018-18729
https://notcve.org/view.php?id=CVE-2018-18729
28 Oct 2018 — An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a heap-based buffer overflow vulnerability in the router's web server -- httpd. While processing the 'mac' parameter for a post request, the value is directly used in a strcpy to a variable placed on the heap, which can leak sensitive information or even hijack program control flow. Se ha descubierto un problema en dispositivos Tenda AC... • https://github.com/ZIllR0/Routers/blob/master/Tenda/heapoverflow1.md • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 1CVE-2018-18730
https://notcve.org/view.php?id=CVE-2018-18730
28 Oct 2018 — An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'startIp' and 'endIp' parameters for a post request, each value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function. Se ha descubierto un problema en dispositivos Tenda AC7 V15.0... • https://github.com/ZIllR0/Routers/blob/master/Tenda/stack3.md • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 1CVE-2018-18731
https://notcve.org/view.php?id=CVE-2018-18731
28 Oct 2018 — An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceMac' parameter for a post request, the value is directly used in a sprintf to a local variable placed on the stack, which overrides the return address of the function. Se ha descubierto un problema en dispositivos Tenda AC7 V15.03.06.44_CN, ... • https://github.com/ZIllR0/Routers/blob/master/Tenda/stack4.md • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 1CVE-2018-18732
https://notcve.org/view.php?id=CVE-2018-18732
28 Oct 2018 — An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'ntpServer' parameter for a post request, the value is directly used in a strcpy to a local variable placed on the stack, which overrides the return address of the function. Se ha descubierto un problema en dispositivos Tenda AC7 V15.03.06.44_CN, A... • https://github.com/ZIllR0/Routers/blob/master/Tenda/stack2.md • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •