CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2025-5855 – Tenda AC6 SetRebootTimer formSetRebootTimer stack-based overflow
https://notcve.org/view.php?id=CVE-2025-5855
09 Jun 2025 — A vulnerability, which was classified as critical, was found in Tenda AC6 15.03.05.16. This affects the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://lavender-bicycle-a5a.notion.site/Tenda-AC6-formsetreboottimer-20a53a41781f80c5b6cac51008556c7e?source=copy_link • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2025-5854 – Tenda AC6 AdvSetLanip fromadvsetlanip buffer overflow
https://notcve.org/view.php?id=CVE-2025-5854
09 Jun 2025 — A vulnerability, which was classified as critical, has been found in Tenda AC6 15.03.05.16. Affected by this issue is the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://lavender-bicycle-a5a.notion.site/Tenda-AC6-fromadvsetlanip-20a53a41781f80a29bdff7dca9a4773e?source=copy_link • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2025-5853 – Tenda AC6 SetRemoteWebCfg formSetSafeWanWebMan stack-based overflow
https://notcve.org/view.php?id=CVE-2025-5853
09 Jun 2025 — A vulnerability classified as critical was found in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg. The manipulation of the argument remoteIp leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://lavender-bicycle-a5a.notion.site/Tenda-AC6-formSetSafeWanWebMan-20a53a41781f80f1a3ebc7931f32a29f?source=copy_link • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2025-5852 – Tenda AC6 setPptpUserList formSetPPTPUserList buffer overflow
https://notcve.org/view.php?id=CVE-2025-5852
09 Jun 2025 — A vulnerability classified as critical has been found in Tenda AC6 15.03.05.16. Affected is the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://lavender-bicycle-a5a.notion.site/Tenda-AC6-formSetPPTPUserList-20a53a41781f801280e7e2dbdbd8625c?source=copy_link • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 4%CPEs: 10EXPL: 1CVE-2023-38823
https://notcve.org/view.php?id=CVE-2023-38823
20 Nov 2023 — Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 and v.1.0 allows a remote attacker to execute arbitrary code via the formSetCfm function in bin/httpd. Vulnerabilidad de desbordamiento del búfer en Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 y v.1.0 permite a un atacante remoto ejecutar código arbitrario a través de la función formSetCfm en bin/httpd. • https://github.com/nhtri2003gmail/CVE_report/blob/master/CVE-2023-38823.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-40842
https://notcve.org/view.php?id=CVE-2023-40842
30 Aug 2023 — Tengda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function "R7WebsSecurityHandler." Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin es vulnerable al desbordamiento del búfer a través de la función "R7WebsSecurityHandler". • https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/4/4.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-40843
https://notcve.org/view.php?id=CVE-2023-40843
30 Aug 2023 — Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function "sub_73004." Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin es vulnerable al desbordamiento del búfer a través de la función "sub_73004". • https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/8/8.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-40839
https://notcve.org/view.php?id=CVE-2023-40839
30 Aug 2023 — Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_ADF3C' contains a command execution vulnerability. In the "formSetIptv" function, obtaining the "list" and "vlanId" fields, unfiltered passing these two fields as parameters to the "sub_ADF3C" function to execute commands. La función "sub_ADF3C" de Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin contiene una vulnerabilidad de ejecución de comandos. En la función "formSetIptv", al obtener los campos "list" y "vlanId", sin filtrar pasa estos ... • https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/cmd/3/3.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-40838
https://notcve.org/view.php?id=CVE-2023-40838
30 Aug 2023 — Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_3A1D0' contains a command execution vulnerability. La función 'sub_3A1D0' de Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin contiene una vulnerabilidad de ejecución de comandos. • https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/cmd/1/1.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-40847
https://notcve.org/view.php?id=CVE-2023-40847
30 Aug 2023 — Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via the function "initIpAddrInfo." In the function, it reads in a user-provided parameter, and the variable is passed to the function without any length check. Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin es vulnerable al desbordamiento del búfer a través de la función "initIpAddrInfo". En la función, lee un parámetro proporcionado por el usuario, y la variable se pasa a la función sin ninguna comprobación de longitud. • https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/12/12.md • CWE-787: Out-of-bounds Write •