CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2025-8178 – Tenda AC10 RequestsProcessLaid heap-based overflow
https://notcve.org/view.php?id=CVE-2025-8178
26 Jul 2025 — A vulnerability classified as critical has been found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /goform/RequestsProcessLaid. The manipulation of the argument device1D leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.317592 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25454
https://notcve.org/view.php?id=CVE-2025-25454
17 Apr 2025 — Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanSpeed2. • https://gist.github.com/xyqer1/491bfd8b9b0868977dca66ab6ce238d2 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25455
https://notcve.org/view.php?id=CVE-2025-25455
17 Apr 2025 — Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanMTU2. • https://gist.github.com/xyqer1/6c865a9ec44b4797e78b6765cd5c84e5 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25457
https://notcve.org/view.php?id=CVE-2025-25457
17 Apr 2025 — Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via cloneType2. • https://gist.github.com/xyqer1/f69ebbdec019cacf5870ea55e25780a4 • CWE-121: Stack-based Buffer Overflow •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25453
https://notcve.org/view.php?id=CVE-2025-25453
15 Apr 2025 — Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via serviceName2. • https://gist.github.com/xyqer1/84dc6d8b3f92597d1d597b2799c2c45f • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25456
https://notcve.org/view.php?id=CVE-2025-25456
15 Apr 2025 — Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via mac2. • https://gist.github.com/xyqer1/ab1e6a2bd369aaada0666639c843aff0 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25458
https://notcve.org/view.php?id=CVE-2025-25458
15 Apr 2025 — Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via serverName2. • https://gist.github.com/xyqer1/d195ea1eb37ba1cc5f709b1d4fc1a2c6 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.1EPSS: 0%CPEs: 22EXPL: 1CVE-2024-10280 – Tenda AC6/AC7/AC8/AC9/AC10/AC10U/AC15/AC18/AC500/AC1206 GetIPTV websReadEvent null pointer dereference
https://notcve.org/view.php?id=CVE-2024-10280
23 Oct 2024 — A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack may be initiated remotely. • https://github.com/JohenanLi/router_vuls/blob/main/websReadEvent/websReadEvent.md • CWE-476: NULL Pointer Dereference •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32317
https://notcve.org/view.php?id=CVE-2024-32317
17 Apr 2024 — Tenda AC10 v4.0 V16.03.10.13 and V16.03.10.20 firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting function. El firmware Tenda AC10 v4.0 V16.03.10.13 y V16.03.10.20 tiene una vulnerabilidad de desbordamiento de pila a través del parámetro adslPwd en la función formWanParameterSetting. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10/V16.03.10.13/formWanParameterSetting.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2024-2856 – Tenda AC10 SetSysTimeCfg fromSetSysTime stack-based overflow
https://notcve.org/view.php?id=CVE-2024-2856
24 Mar 2024 — A vulnerability, which was classified as critical, has been found in Tenda AC10 16.03.10.13/16.03.10.20. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument timeZone leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10/V16.03.10.13/fromSetSysTime.md • CWE-121: Stack-based Buffer Overflow •