CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2025-5862 – Tenda AC7 setPptpUserList formSetPPTPUserList buffer overflow
https://notcve.org/view.php?id=CVE-2025-5862
09 Jun 2025 — A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. This issue affects the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://lavender-bicycle-a5a.notion.site/Tenda-AC7-formSetPPTPUserList-20a53a41781f806ca124cbdf99bff931?source=copy_link • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2025-5861 – Tenda AC7 AdvSetLanip fromadvsetlanip buffer overflow
https://notcve.org/view.php?id=CVE-2025-5861
09 Jun 2025 — A vulnerability has been found in Tenda AC7 15.03.06.44 and classified as critical. This vulnerability affects the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://lavender-bicycle-a5a.notion.site/Tenda-AC7-fromadvsetlanip-20a53a41781f80038f4fc4b9d927eb9a?source=copy_link • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-41555
https://notcve.org/view.php?id=CVE-2023-41555
30 Aug 2023 — Tenda AC7 V1.0 V15.03.06.44 was discovered to contain a stack overflow via parameter security_5g at url /goform/WifiBasicSet. • https://github.com/peris-navince/founded-0-days/blob/main/formWifiBasicSet/1.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 1CVE-2023-41562
https://notcve.org/view.php?id=CVE-2023-41562
30 Aug 2023 — Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter time at url /goform/PowerSaveSet. • https://github.com/peris-navince/founded-0-days/blob/main/setSmartPowerManagement/1.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-41558
https://notcve.org/view.php?id=CVE-2023-41558
30 Aug 2023 — Tenda AC7 V1.0 V15.03.06.44 was discovered to contain a stack overflow via parameter timeZone at url /goform/SetSysTimeCfg. • https://github.com/peris-navince/founded-0-days/blob/main/fromSetSysTime/1.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 1CVE-2023-41556
https://notcve.org/view.php?id=CVE-2023-41556
30 Aug 2023 — Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter list at url /goform/SetIpMacBind. • https://github.com/peris-navince/founded-0-days/blob/main/fromSetIpMacBind/1.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2023-41557
https://notcve.org/view.php?id=CVE-2023-41557
30 Aug 2023 — Tenda AC7 V1.0 V15.03.06.44 and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter entrys and mitInterface at url /goform/addressNat. • https://github.com/peris-navince/founded-0-days/blob/main/fromAddressNat/1.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2023-41552
https://notcve.org/view.php?id=CVE-2023-41552
30 Aug 2023 — Tenda AC7 V1.0 V15.03.06.44 and Tenda AC9 V3.0 V15.03.06.42_multi were discovered to contain a stack overflow via parameter ssid at url /goform/fast_setting_wifi_set. • https://github.com/peris-navince/founded-0-days/blob/main/form_fast_setting_wifi_set/1.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 1CVE-2023-41559
https://notcve.org/view.php?id=CVE-2023-41559
30 Aug 2023 — Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter page at url /goform/NatStaticSetting. • https://github.com/peris-navince/founded-0-days/blob/main/fromNatStaticSetting/1.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 1CVE-2023-38930
https://notcve.org/view.php?id=CVE-2023-38930
07 Aug 2023 — Tenda AC7 V1.0,V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0,V15.03.06.28, AC9 V3.0,V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function. • https://github.com/FirmRec/IoT-Vulns/blob/main/tenda/addWifiMacFilter/README.md • CWE-787: Out-of-bounds Write •