CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1853 – Tenda AC8 Parameter SetIpMacBind sub_49E098 stack-based overflow
https://notcve.org/view.php?id=CVE-2025-1853
03 Mar 2025 — A vulnerability was found in Tenda AC8 16.03.34.06 and classified as critical. This issue affects the function sub_49E098 of the file /goform/SetIpMacBind of the component Parameter Handler. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Raining-101/IOT_cve/blob/main/tenda-ac8_sub_49E098.md • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10130 – Tenda AC8 SetSysAutoRebbotCfg formSetRebootTimer stack-based overflow
https://notcve.org/view.php?id=CVE-2024-10130
18 Oct 2024 — A vulnerability classified as critical was found in Tenda AC8 16.03.34.06. This vulnerability affects the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.280918 • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10123 – Tenda AC8 saveParentControlInfo compare_parentcontrol_time stack-based overflow
https://notcve.org/view.php?id=CVE-2024-10123
18 Oct 2024 — A vulnerability was found in Tenda AC8 16.03.34.06. It has been declared as critical. Affected by this vulnerability is the function compare_parentcontrol_time of the file /goform/saveParentControlInfo. The manipulation of the argument time leads to stack-based buffer overflow. The attack can be launched remotely. • https://github.com/JohenanLi/router_vuls/blob/main/ac8v4/compare_parentcontrol_time_vul.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-4744 – Tenda AC8 formSetDeviceName stack-based overflow
https://notcve.org/view.php?id=CVE-2023-4744
03 Sep 2023 — A vulnerability was found in Tenda AC8 16.03.34.06_cn_TDC01. It has been declared as critical. Affected by this vulnerability is the function formSetDeviceName. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. • https://github.com/GleamingEyes/vul/blob/main/tenda_ac8/ac8_1.md • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 18EXPL: 1CVE-2023-38931
https://notcve.org/view.php?id=CVE-2023-38931
07 Aug 2023 — Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and FH1203 V2.0.1.6 were discovered to contain a stack overflow via the list parameter in the setaccount function. • https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/cloudv2_setaccount/README.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 1CVE-2023-38935
https://notcve.org/view.php?id=CVE-2023-38935
07 Aug 2023 — Tenda AC1206 V15.03.06.23, AC8 V4 V16.03.34.06, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and AC9 V3.0 V15.03.06.42_multi were discovered to contain a tack overflow via the list parameter in the formSetQosBand function. • https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetQosBand/README.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 16EXPL: 1CVE-2023-38937
https://notcve.org/view.php?id=CVE-2023-38937
07 Aug 2023 — Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, AC9 V3.0 V15.03.06.42_multi and AC10 v4.0 V16.03.10.13 were discovered to contain a stack overflow via the list parameter in the formSetVirtualSer function. • https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/formSetVirtualSer/README.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 20%CPEs: 2EXPL: 3CVE-2023-33669
https://notcve.org/view.php?id=CVE-2023-33669
02 Jun 2023 — Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the timeZone parameter in the sub_44db3c function. • https://github.com/retr0reg/tenda-ac8v4-rop • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-33670
https://notcve.org/view.php?id=CVE-2023-33670
02 Jun 2023 — Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the sub_4a79ec function. • https://github.com/DDizzzy79/Tenda-CVE/blob/main/AC8V4.0/N3/README.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-33671
https://notcve.org/view.php?id=CVE-2023-33671
02 Jun 2023 — Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the deviceId parameter in the saveParentControlInfo function. • https://github.com/DDizzzy79/Tenda-CVE/blob/main/AC8V4.0/N4/README.md • CWE-787: Out-of-bounds Write •