CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1814 – Tenda AC6 WifiExtraSet stack-based overflow
https://notcve.org/view.php?id=CVE-2025-1814
02 Mar 2025 — A vulnerability, which was classified as critical, has been found in Tenda AC6 15.03.05.16. Affected by this issue is some unknown functionality of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Raining-101/IOT_cve/blob/main/ac6.md_goform_WifiExtraSet.md • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25343
https://notcve.org/view.php?id=CVE-2025-25343
12 Feb 2025 — Tenda AC6 V15.03.05.16 firmware has a buffer overflow vulnerability in the formexeCommand function. • https://github.com/wy876/cve/issues/4 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-0349 – Tenda AC6 GetParentControlInfo stack-based overflow
https://notcve.org/view.php?id=CVE-2025-0349
09 Jan 2025 — A vulnerability classified as critical has been found in Tenda AC6 15.03.05.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument src leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/wy876/cve/issues/5 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10698 – Tenda AC6 SetOnlineDevName formSetDeviceName stack-based overflow
https://notcve.org/view.php?id=CVE-2024-10698
02 Nov 2024 — A vulnerability was found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this issue is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/theRaz0r/iot-mycve/blob/main/tenda_ac6_stackflow_formSetDeviceName/tenda_ac6_stackflow_formSetDeviceName.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 77%CPEs: 1EXPL: 1CVE-2024-10697 – Tenda AC6 API Endpoint WriteFacMac formWriteFacMac command injection
https://notcve.org/view.php?id=CVE-2024-10697
02 Nov 2024 — A vulnerability has been found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac of the component API Endpoint. The manipulation of the argument The leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/theRaz0r/iot-mycve/blob/main/tenda_ac6_rce_WriteFacMac/tenda_ac6_rce_WriteFacMac.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.1EPSS: 0%CPEs: 22EXPL: 1CVE-2024-10280 – Tenda AC6/AC7/AC8/AC9/AC10/AC10U/AC15/AC18/AC500/AC1206 GetIPTV websReadEvent null pointer dereference
https://notcve.org/view.php?id=CVE-2024-10280
23 Oct 2024 — A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack may be initiated remotely. • https://github.com/JohenanLi/router_vuls/blob/main/websReadEvent/websReadEvent.md • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 1%CPEs: 10EXPL: 1CVE-2023-38823
https://notcve.org/view.php?id=CVE-2023-38823
20 Nov 2023 — Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 and v.1.0 allows a remote attacker to execute arbitrary code via the formSetCfm function in bin/httpd. Vulnerabilidad de desbordamiento del búfer en Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 y v.1.0 permite a un atacante remoto ejecutar código arbitrario a través de la función formSetCfm en bin/httpd. • https://github.com/nhtri2003gmail/CVE_report/blob/master/CVE-2023-38823.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-40830
https://notcve.org/view.php?id=CVE-2023-40830
03 Oct 2023 — Tenda AC6 v15.03.05.19 is vulnerable to Buffer Overflow as the Index parameter does not verify the length. Tenda AC6 v15.03.05.19 es vulnerable al desbordamiento del búfer ya que el parámetro Índice no verifica la longitud. • https://reference1.example.com/goform/WifiWpsOOB • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2021-40546
https://notcve.org/view.php?id=CVE-2021-40546
05 Sep 2023 — Tenda AC6 US_AC6V4.0RTL_V02.03.01.26_cn.bin allows attackers (who have the administrator password) to cause a denial of service (device crash) via a long string in the wifiPwd_5G parameter to /goform/setWifi. Tenda AC6 US_AC6V4.0RTL_V02.03.01.26_cn.bin permite a atacantes (que tienen la contraseña de administrador) provocar una denegación de servicio (caída del dispositivo) a través de una cadena larga en el parámetro wifiPwd_5G en /goform/setWifi. • https://github.com/doudoudedi/buffer_overflow/blob/main/Tenda%20AC6%20V4.0-Denial%20of%20Service%20Vulnerability.md • CWE-404: Improper Resource Shutdown or Release •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-40837
https://notcve.org/view.php?id=CVE-2023-40837
30 Aug 2023 — Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_ADD50' contains a command execution vulnerability. In the "formSetIptv" function, obtaining the "list" and "vlanId" fields, unfiltered passing these two fields as parameters to the "sub_ADD50" function to execute commands. La función "sub_ADD50" de Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin contiene una vulnerabilidad de ejecución de comandos. En la función "formSetIptv", al obtener los campos "list" y "vlanId", sin filtrar pasa estos ... • https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/cmd/2/2.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •