CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2025-5847 – Tenda AC9 HTTP POST Request SetRemoteWebCfg formSetSafeWanWebMan stack-based overflow
https://notcve.org/view.php?id=CVE-2025-5847
08 Jun 2025 — A vulnerability has been found in Tenda AC9 15.03.02.13 and classified as critical. Affected by this vulnerability is the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg of the component HTTP POST Request Handler. The manipulation of the argument remoteIp leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://candle-throne-f75.notion.site/Tenda-AC9-formSetSafeWanWebMan-20adf0aa118580a29e80cef9109c947a • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2025-5839 – Tenda AC9 POST Request AdvSetLanip fromadvsetlanip buffer overflow
https://notcve.org/view.php?id=CVE-2025-5839
07 Jun 2025 — A vulnerability, which was classified as critical, has been found in Tenda AC9 15.03.02.13. Affected by this issue is the function fromadvsetlanip of the file /goform/AdvSetLanip of the component POST Request Handler. The manipulation of the argument lanMask leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://candle-throne-f75.notion.site/Tenda-AC9-fromadvsetlanip-20adf0aa11858027b7c3c2f4e44bb867 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 6%CPEs: 2EXPL: 1CVE-2025-5836 – Tenda AC9 POST Request SetIPTVCfg formSetIptv command injection
https://notcve.org/view.php?id=CVE-2025-5836
07 Jun 2025 — A vulnerability was found in Tenda AC9 15.03.02.13. It has been rated as critical. This issue affects the function formSetIptv of the file /goform/SetIPTVCfg of the component POST Request Handler. The manipulation of the argument list leads to command injection. The attack may be initiated remotely. • https://candle-throne-f75.notion.site/Tenda-AC9-formSetIptv-209df0aa11858061ae2bcbf83918d034 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 4%CPEs: 10EXPL: 1CVE-2023-38823
https://notcve.org/view.php?id=CVE-2023-38823
20 Nov 2023 — Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 and v.1.0 allows a remote attacker to execute arbitrary code via the formSetCfm function in bin/httpd. Vulnerabilidad de desbordamiento del búfer en Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 y v.1.0 permite a un atacante remoto ejecutar código arbitrario a través de la función formSetCfm en bin/httpd. • https://github.com/nhtri2003gmail/CVE_report/blob/master/CVE-2023-38823.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2023-41563
https://notcve.org/view.php?id=CVE-2023-41563
30 Aug 2023 — Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter mac at url /goform/GetParentControlInfo. • https://github.com/peris-navince/founded-0-days/blob/main/GetParentControlInfo/1.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2023-41553
https://notcve.org/view.php?id=CVE-2023-41553
30 Aug 2023 — Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter list at url /goform/SetStaticRouteCfg. • https://github.com/peris-navince/founded-0-days/blob/main/fromSetRouteStatic/1.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 1CVE-2023-41562
https://notcve.org/view.php?id=CVE-2023-41562
30 Aug 2023 — Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter time at url /goform/PowerSaveSet. • https://github.com/peris-navince/founded-0-days/blob/main/setSmartPowerManagement/1.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2023-41561
https://notcve.org/view.php?id=CVE-2023-41561
30 Aug 2023 — Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter startIp and endIp at url /goform/SetPptpServerCfg. • https://github.com/peris-navince/founded-0-days/blob/main/formSetPPTPServer/1.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 1CVE-2023-41556
https://notcve.org/view.php?id=CVE-2023-41556
30 Aug 2023 — Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter list at url /goform/SetIpMacBind. • https://github.com/peris-navince/founded-0-days/blob/main/fromSetIpMacBind/1.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2023-41552
https://notcve.org/view.php?id=CVE-2023-41552
30 Aug 2023 — Tenda AC7 V1.0 V15.03.06.44 and Tenda AC9 V3.0 V15.03.06.42_multi were discovered to contain a stack overflow via parameter ssid at url /goform/fast_setting_wifi_set. • https://github.com/peris-navince/founded-0-days/blob/main/form_fast_setting_wifi_set/1.md • CWE-787: Out-of-bounds Write •