Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-24995

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-09 Mar, 2022 | 18:54
Updated At-03 Aug, 2024 | 04:29
Rejected At-
Credits

Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:09 Mar, 2022 | 18:54
Updated At:03 Aug, 2024 | 04:29
Rejected At:
▼CVE Numbering Authority (CNA)

Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX3/7
x_refsource_MISC
Hyperlink: https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX3/7
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX3/7
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX3/7
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:10 Mar, 2022 | 17:46
Updated At:16 Mar, 2022 | 19:32

Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
Tenda Technology Co., Ltd.
tenda
>>ax3_firmware>>16.03.12.10_cn
cpe:2.3:o:tenda:ax3_firmware:16.03.12.10_cn:*:*:*:*:*:*:*
Tenda Technology Co., Ltd.
tenda
>>ax3>>-
cpe:2.3:h:tenda:ax3:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX3/7cve@mitre.org
Exploit
Third Party Advisory
Hyperlink: https://github.com/sec-bin/IoT-CVE/tree/main/Tenda/AX3/7
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

2927Records found
CVE-2022-25458
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 59.07%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 20:53
Updated-03 Aug, 2024 | 04:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the cmdinput parameter in the exeCommand function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac6_firmwareac6n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-25434
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.39% / 84.41%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 20:53
Updated-03 Aug, 2024 | 04:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the firewallen parameter in the SetFirewallCfg function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac9_firmwareac9n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-25440
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 59.07%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 20:53
Updated-03 Aug, 2024 | 04:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the ntpserver parameter in the SetSysTimeCfg function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac9_firmwareac9n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-25451
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 58.99%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 20:53
Updated-03 Aug, 2024 | 04:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC6 V15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in the setstaticroutecfg function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac6_firmwareac6n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-25435
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 59.07%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 20:53
Updated-03 Aug, 2024 | 04:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetStaticRoutecfg function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac9_firmwareac9n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-25452
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 59.07%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 20:53
Updated-03 Aug, 2024 | 04:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the URLs parameter in the saveParentControlInfo function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac6_firmwareac6n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-25449
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 59.07%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 20:53
Updated-03 Aug, 2024 | 04:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the deviceId parameter in the saveParentControlInfo function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac6_firmwareac6n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-25427
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 59.07%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 20:52
Updated-03 Aug, 2024 | 04:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the schedendtime parameter in the openSchedWifi function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac9_firmwareac9n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-25455
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 59.07%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 20:53
Updated-03 Aug, 2024 | 04:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in the SetIpMacBind function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac6_firmwareac6n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-25414
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.52% / 84.80%
||
7 Day CHG~0.00%
Published-22 Feb, 2022 | 22:44
Updated-03 Aug, 2024 | 04:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the parameter NPTR.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac9_firmwareac9n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-25457
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 59.07%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 20:53
Updated-03 Aug, 2024 | 04:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the ntpserver parameter in the SetSysTimeCfg function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac6_firmwareac6n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-25448
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 59.07%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 20:53
Updated-03 Aug, 2024 | 04:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the day parameter in the openSchedWifi function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac6_firmwareac6n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-25453
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 59.07%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 20:53
Updated-03 Aug, 2024 | 04:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the time parameter in the saveParentControlInfo function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac6_firmwareac6n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-25429
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 59.07%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 20:53
Updated-03 Aug, 2024 | 04:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC9 v15.03.2.21 was discovered to contain a buffer overflow via the time parameter in the saveparentcontrolinfo function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac9_firmwareac9n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-30368
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 31.75%
||
7 Day CHG~0.00%
Published-24 Apr, 2023 | 00:00
Updated-04 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC5 V15.03.06.28 is vulnerable to Buffer Overflow via the initWebs function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac5_firmwareac5n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-27014
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.27% / 50.26%
||
7 Day CHG~0.00%
Published-07 Apr, 2023 | 00:00
Updated-12 Feb, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_46AC38 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac10_firmwareac10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-27020
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 32.22%
||
7 Day CHG~0.00%
Published-07 Apr, 2023 | 00:00
Updated-12 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the saveParentControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac10_firmwareac10n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-9088
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.08% / 25.11%
||
7 Day CHG-0.00%
Published-16 Aug, 2025 | 23:02
Updated-21 Aug, 2025 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC20 formSetVirtualSer save_virtualser_data stack-based overflow

A vulnerability was found in Tenda AC20 16.03.08.12. This vulnerability affects the function save_virtualser_data of the file /goform/formSetVirtualSer. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac20ac20_firmwareAC20
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-26278
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 59.07%
||
7 Day CHG~0.00%
Published-28 Mar, 2022 | 20:58
Updated-03 Aug, 2024 | 04:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC9 v15.03.2.21_cn was discovered to contain a stack overflow via the time parameter in the PowerSaveSet function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac9_firmwareac9n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-25456
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 59.07%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 20:53
Updated-03 Aug, 2024 | 04:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the security_5g parameter in the WifiBasicSet function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac6_firmwareac6n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25215
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.11% / 30.61%
||
7 Day CHG~0.00%
Published-07 Apr, 2023 | 00:00
Updated-12 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the saveParentControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac5_firmwareac5n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25233
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 31.75%
||
7 Day CHG~0.00%
Published-27 Feb, 2023 | 00:00
Updated-10 Mar, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function fromRouteStatic via parameters entrys and mitInterface.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac500_firmwareac500n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-5685
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.16% / 37.39%
||
7 Day CHG~0.00%
Published-05 Jun, 2025 | 20:00
Updated-10 Jun, 2025 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda CH22 Natlimit formNatlimit stack-based overflow

A vulnerability, which was classified as critical, was found in Tenda CH22 1.0.0.1. This affects the function formNatlimit of the file /goform/Natlimit. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ch22ch22_firmwareCH22
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-5863
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.16% / 37.39%
||
7 Day CHG~0.00%
Published-09 Jun, 2025 | 05:31
Updated-10 Jun, 2025 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC5 SetRebootTimer formSetRebootTimer stack-based overflow

A vulnerability was found in Tenda AC5 15.03.06.47. It has been classified as critical. Affected is the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac5ac5_firmwareAC5
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-5855
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.16% / 37.39%
||
7 Day CHG~0.00%
Published-09 Jun, 2025 | 01:31
Updated-09 Jun, 2025 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC6 SetRebootTimer formSetRebootTimer stack-based overflow

A vulnerability, which was classified as critical, was found in Tenda AC6 15.03.05.16. This affects the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac6ac6_firmwareAC6
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-40899
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 31.75%
||
7 Day CHG~0.00%
Published-24 Aug, 2023 | 00:00
Updated-03 Oct, 2024 | 13:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceList at /goform/setMacFilterCfg.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac8v4ac8v4_firmwaren/aac8
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-38934
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 31.75%
||
7 Day CHG~0.00%
Published-07 Aug, 2023 | 00:00
Updated-15 Oct, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) was discovered to contain a stack overflow via the deviceId parameter in the formSetDeviceName function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-fh1203f1203_firmwarefh1205f1203fh1203_firmwarefh1205_firmwaren/af1203fh1205fh1203
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-0541
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.22% / 44.76%
||
7 Day CHG~0.00%
Published-15 Jan, 2024 | 05:00
Updated-12 May, 2025 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda W9 httpd formAddSysLogRule stack-based overflow

A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been declared as critical. Affected by this vulnerability is the function formAddSysLogRule of the component httpd. The manipulation of the argument sysRulenEn leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250711. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-w9_firmwarew9W9
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-37715
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 31.75%
||
7 Day CHG~0.00%
Published-14 Jul, 2023 | 00:00
Updated-30 Oct, 2024 | 15:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function frmL7ProtForm.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-f1202_firmwarefh1202_firmwaref1202fh1202n/af1202fh1202
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-5619
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.16% / 37.39%
||
7 Day CHG~0.00%
Published-04 Jun, 2025 | 23:00
Updated-06 Jun, 2025 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda CH22 addUserName formaddUserName stack-based overflow

A vulnerability, which was classified as critical, has been found in Tenda CH22 1.0.0.1. This issue affects the function formaddUserName of the file /goform/addUserName. The manipulation of the argument Password leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ch22ch22_firmwareCH22
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-0782
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-7.2||HIGH
EPSS-0.08% / 25.31%
||
7 Day CHG+0.01%
Published-11 Feb, 2023 | 17:00
Updated-24 Mar, 2025 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC23 httpd formGetSysToolDDNS out-of-bounds write

A vulnerability was found in Tenda AC23 16.03.07.45 and classified as critical. Affected by this issue is the function formSetSysToolDDNS/formGetSysToolDDNS of the file /bin/httpd. The manipulation leads to out-of-bounds write. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220640.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac23_firmwareac23AC23
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-47128
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.13% / 32.76%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 00:00
Updated-11 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepkey2 parameter at /goform/WifiBasicSet.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-a15_firmwarea15n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-49426
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.13% / 32.76%
||
7 Day CHG~0.00%
Published-07 Dec, 2023 | 00:00
Updated-02 Aug, 2024 | 21:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetStaticRouteCfg.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax12_firmwareax12n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-49403
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.59% / 80.91%
||
7 Day CHG~0.00%
Published-07 Dec, 2023 | 00:00
Updated-02 Aug, 2024 | 21:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setFixTools.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-w30e_firmwarew30en/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-49434
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.28% / 51.15%
||
7 Day CHG~0.00%
Published-07 Dec, 2023 | 00:00
Updated-02 Aug, 2024 | 21:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetNetControlList.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax9ax9_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-50990
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 31.75%
||
7 Day CHG~0.00%
Published-20 Dec, 2023 | 00:00
Updated-02 Aug, 2024 | 22:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the rebootTime parameter in the sysScheduleRebootSet function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-i29i29_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-50987
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 31.75%
||
7 Day CHG~0.00%
Published-20 Dec, 2023 | 00:00
Updated-02 Aug, 2024 | 22:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysTimeInfoSet function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-i29i29_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-7561
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.25% / 78.49%
||
7 Day CHG~0.00%
Published-01 Mar, 2018 | 15:00
Updated-05 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based Buffer Overflow in httpd on Tenda AC9 devices V15.03.05.14_EN allows remote attackers to cause a denial of service or possibly have unspecified other impact.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac9_firmwareac9n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-51091
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-7.21% / 91.23%
||
7 Day CHG~0.00%
Published-26 Dec, 2023 | 00:00
Updated-02 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function R7WebsSecurityHandler.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-m3m3_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-50988
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 31.75%
||
7 Day CHG~0.00%
Published-20 Dec, 2023 | 00:00
Updated-02 Aug, 2024 | 22:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the bandwidth parameter in the wifiRadioSetIndoor function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-i29i29_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-50992
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 31.75%
||
7 Day CHG~0.00%
Published-20 Dec, 2023 | 00:00
Updated-02 Aug, 2024 | 22:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a stack overflow via the ip parameter in the setPing function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-i29i29_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-51093
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 31.75%
||
7 Day CHG~0.00%
Published-26 Dec, 2023 | 00:00
Updated-02 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function fromSetLocalVlanInfo.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-m3m3_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-47122
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 31.75%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 00:00
Updated-11 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wrlPwd_5g parameter at /goform/WifiBasicSet.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-a15_firmwarea15n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-47120
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 31.75%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 00:00
Updated-11 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the security_5g parameter at /goform/WifiBasicSet.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-a15_firmwarea15n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-47117
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 31.75%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 00:00
Updated-11 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the security parameter at /goform/WifiBasicSet.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-a15_firmwarea15n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-47119
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 31.75%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 00:00
Updated-11 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the ssid parameter at /goform/WifiBasicSet.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-a15_firmwarea15n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-47125
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 31.75%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 00:00
Updated-11 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wrlEn_5g parameter at /goform/WifiBasicSet.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-a15_firmwarea15n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-47118
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 31.75%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 00:00
Updated-10 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepkey1 parameter at /goform/WifiBasicSet.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-a15a15_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-44365
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 36.34%
||
7 Day CHG+0.03%
Published-02 Dec, 2022 | 00:00
Updated-24 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda i21 V1.0.0.14(4656) has a stack overflow vulnerability via /goform/setSysPwd.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-i21_firmwarei21n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-44362
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 36.34%
||
7 Day CHG+0.03%
Published-02 Dec, 2022 | 00:00
Updated-24 Apr, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/AddSysLogRule.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-i21_firmwarei21n/a
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 58
  • 59
  • Next
Details not found