Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-42634

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-16 Aug, 2024 | 00:00
Updated At-16 Aug, 2024 | 17:49
Rejected At-
Credits

A Command Injection vulnerability exists in formWriteFacMac of the httpd binary in Tenda AC9 v15.03.06.42. As a result, attacker can execute OS commands with root privileges.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:16 Aug, 2024 | 00:00
Updated At:16 Aug, 2024 | 17:49
Rejected At:
â–¼CVE Numbering Authority (CNA)

A Command Injection vulnerability exists in formWriteFacMac of the httpd binary in Tenda AC9 v15.03.06.42. As a result, attacker can execute OS commands with root privileges.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/goldds96/Report/blob/main/Tenda/AC9/CI.md
N/A
Hyperlink: https://github.com/goldds96/Report/blob/main/Tenda/AC9/CI.md
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
Tenda Technology Co., Ltd.tenda
Product
ac9
CPEs
  • cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • v15.03.06.42
Problem Types
TypeCWE IDDescription
CWECWE-94CWE-94 Improper Control of Generation of Code ('Code Injection')
Type: CWE
CWE ID: CWE-94
Description: CWE-94 Improper Control of Generation of Code ('Code Injection')
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:16 Aug, 2024 | 16:15
Updated At:11 Apr, 2025 | 15:13

A Command Injection vulnerability exists in formWriteFacMac of the httpd binary in Tenda AC9 v15.03.06.42. As a result, attacker can execute OS commands with root privileges.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Tenda Technology Co., Ltd.
tenda
>>ac9_firmware>>15.03.06.42
cpe:2.3:o:tenda:ac9_firmware:15.03.06.42:*:*:*:*:*:*:*
Tenda Technology Co., Ltd.
tenda
>>ac9>>-
cpe:2.3:h:tenda:ac9:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-94Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-94
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/goldds96/Report/blob/main/Tenda/AC9/CI.mdcve@mitre.org
Exploit
Third Party Advisory
Hyperlink: https://github.com/goldds96/Report/blob/main/Tenda/AC9/CI.md
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

1540Records found
CVE-2023-51971
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.24% / 47.48%
||
7 Day CHG~0.00%
Published-10 Jan, 2024 | 00:00
Updated-03 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function getIptvInfo.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax1803ax1803_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-51959
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.24% / 47.48%
||
7 Day CHG~0.00%
Published-10 Jan, 2024 | 00:00
Updated-17 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formGetIptv.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax1803_firmwareax1803n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-51962
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.26% / 48.84%
||
7 Day CHG~0.00%
Published-10 Jan, 2024 | 00:00
Updated-17 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function setIptvInfo.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax1803_firmwareax1803n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-51955
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 45.31%
||
7 Day CHG~0.00%
Published-10 Jan, 2024 | 00:00
Updated-06 Jun, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formSetIptv.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax1803ax1803_firmwaren/a
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-51960
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.24% / 47.48%
||
7 Day CHG~0.00%
Published-10 Jan, 2024 | 00:00
Updated-16 Jun, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formGetIptv.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax1803ax1803_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-51972
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.84% / 88.27%
||
7 Day CHG~0.00%
Published-10 Jan, 2024 | 00:00
Updated-03 Sep, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AX1803 v1.0.0.1 was discovered to contain a command injection vulnerability via the function fromAdvSetLanIp.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax1803_firmwareax1803n/aax1803_firmware
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-51967
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.26% / 48.84%
||
7 Day CHG~0.00%
Published-10 Jan, 2024 | 00:00
Updated-20 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function getIptvInfo.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax1803_firmwareax1803n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-51961
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.24% / 47.48%
||
7 Day CHG~0.00%
Published-10 Jan, 2024 | 00:00
Updated-03 Sep, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formGetIptv.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax1803_firmwareax1803n/aax1803_firmware
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-51970
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.26% / 48.84%
||
7 Day CHG~0.00%
Published-10 Jan, 2024 | 00:00
Updated-20 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax1803_firmwareax1803n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-50989
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.24% / 79.36%
||
7 Day CHG~0.00%
Published-20 Dec, 2023 | 00:00
Updated-26 Nov, 2024 | 15:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the pingSet function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-i29i29_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-51090
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 30.56%
||
7 Day CHG~0.00%
Published-26 Dec, 2023 | 00:00
Updated-02 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function formGetWeiXinConfig.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-m3m3_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-5526
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.06% / 17.32%
||
7 Day CHG~0.00%
Published-04 Apr, 2026 | 22:15
Updated-30 Apr, 2026 | 13:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda 4G03 Pro httpd access control

A security flaw has been discovered in Tenda 4G03 Pro up to 1.0/1.1/04.03.01.53/192.168.0.1. Affected by this vulnerability is an unknown functionality of the file /bin/httpd. The manipulation results in improper access controls. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-4g03_pro_firmware4g03_pro4G03 Pro
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-284
Improper Access Control
CVE-2023-50585
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 30.56%
||
7 Day CHG~0.00%
Published-09 Jan, 2024 | 00:00
Updated-03 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-a18_firmwarea18n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-50985
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 30.56%
||
7 Day CHG~0.00%
Published-20 Dec, 2023 | 00:00
Updated-02 Aug, 2024 | 22:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the lanGw parameter in the lanCfgSet function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-i29i29_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-51091
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-9.16% / 92.75%
||
7 Day CHG~0.00%
Published-26 Dec, 2023 | 00:00
Updated-02 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function R7WebsSecurityHandler.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-m3m3_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-51094
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.17% / 37.28%
||
7 Day CHG~0.00%
Published-26 Dec, 2023 | 00:00
Updated-02 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda M3 V1.0.0.12(4856) was discovered to contain a Command Execution vulnerability via the function TendaTelnet.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-m3m3_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-51102
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.13% / 32.15%
||
7 Day CHG~0.00%
Published-26 Dec, 2023 | 00:00
Updated-02 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formWifiMacFilterSet.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-w9_firmwarew9n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-51098
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.04% / 83.99%
||
7 Day CHG~0.00%
Published-26 Dec, 2023 | 00:00
Updated-02 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formSetDiagnoseInfo .

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-w9_firmwarew9n/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-51100
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.04% / 83.99%
||
7 Day CHG~0.00%
Published-26 Dec, 2023 | 00:00
Updated-02 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formGetDiagnoseInfo .

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-w9_firmwarew9n/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-51097
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.29% / 52.23%
||
7 Day CHG~0.00%
Published-26 Dec, 2023 | 00:00
Updated-26 Nov, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formSetAutoPing.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-w9_firmwarew9n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-49999
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.75% / 82.73%
||
7 Day CHG~0.00%
Published-07 Dec, 2023 | 00:00
Updated-26 Nov, 2024 | 15:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setUmountUSBPartition.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-w30e_firmwarew30en/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-51099
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.88% / 83.32%
||
7 Day CHG~0.00%
Published-26 Dec, 2023 | 00:00
Updated-02 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formexeCommand .

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-w9_firmwarew9n/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-50992
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 30.56%
||
7 Day CHG~0.00%
Published-20 Dec, 2023 | 00:00
Updated-02 Aug, 2024 | 22:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a stack overflow via the ip parameter in the setPing function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-i29i29_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-51101
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.13% / 32.15%
||
7 Day CHG~0.00%
Published-26 Dec, 2023 | 00:00
Updated-23 Apr, 2025 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formSetUplinkInfo.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-w9_firmwarew9n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-50986
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.12% / 30.56%
||
7 Day CHG~0.00%
Published-20 Dec, 2023 | 00:00
Updated-13 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysLogin function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-i29i29_firmwaren/ai29_firmware
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-37722
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.17% / 37.86%
||
7 Day CHG+0.02%
Published-14 Jul, 2023 | 00:00
Updated-30 Oct, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromSafeUrlFilter.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-f1202fh1202f1202_firmwarefh1202_firmware4g300_firmware4g300n/af1202fh1202
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-50983
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.24% / 79.36%
||
7 Day CHG~0.00%
Published-20 Dec, 2023 | 00:00
Updated-02 Aug, 2024 | 22:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the sysScheduleRebootSet function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-i29i29_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-51093
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.16% / 36.14%
||
7 Day CHG~0.00%
Published-26 Dec, 2023 | 00:00
Updated-02 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function fromSetLocalVlanInfo.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-m3m3_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-13400
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.39% / 60.16%
||
7 Day CHG~0.00%
Published-19 Nov, 2025 | 17:02
Updated-24 Feb, 2026 | 07:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda CH22 WrlExtraGet formWrlExtraGet buffer overflow

A vulnerability was detected in Tenda CH22 1.0.0.1. Affected is the function formWrlExtraGet of the file /goform/WrlExtraGet. Performing a manipulation of the argument chkHz results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ch22ch22_firmwareCH22
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-12622
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.16% / 36.96%
||
7 Day CHG~0.00%
Published-03 Nov, 2025 | 07:32
Updated-24 Feb, 2026 | 06:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC10 SysRunCmd formSysRunCmd buffer overflow

A vulnerability was determined in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function formSysRunCmd of the file /goform/SysRunCmd. This manipulation of the argument getui causes buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac10_firmwareac10AC10
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-51092
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-16.16% / 94.86%
||
7 Day CHG~0.00%
Published-26 Dec, 2023 | 00:00
Updated-09 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function upgrade.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-m3m3_firmwaren/am3_firmware
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-49405
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 30.56%
||
7 Day CHG~0.00%
Published-07 Dec, 2023 | 00:00
Updated-02 Aug, 2024 | 21:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function UploadCfg.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-w30e_firmwarew30en/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-49042
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.66% / 82.19%
||
7 Day CHG~0.00%
Published-27 Nov, 2023 | 00:00
Updated-02 Aug, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the schedStartTime parameter or the schedEndTime parameter in the function setSchedWifi.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax1803_firmwareax1803n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-49425
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.13% / 31.48%
||
7 Day CHG~0.00%
Published-07 Dec, 2023 | 00:00
Updated-02 Aug, 2024 | 21:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg .

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax12_firmwareax12n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-49436
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.42% / 89.11%
||
7 Day CHG~0.00%
Published-07 Dec, 2023 | 00:00
Updated-02 Aug, 2024 | 21:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AX9 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax9ax9_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-49426
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.13% / 31.48%
||
7 Day CHG~0.00%
Published-07 Dec, 2023 | 00:00
Updated-02 Aug, 2024 | 21:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetStaticRouteCfg.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax12_firmwareax12n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-49437
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.98% / 83.70%
||
7 Day CHG~0.00%
Published-07 Dec, 2023 | 00:00
Updated-28 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax12_firmwareax12n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-49428
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.88% / 83.32%
||
7 Day CHG~0.00%
Published-07 Dec, 2023 | 00:00
Updated-13 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac' parameter at /goform/SetOnlineDevName.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax12_firmwareax12n/aax12_firmware
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-49409
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.14% / 34.38%
||
7 Day CHG~0.00%
Published-07 Dec, 2023 | 00:00
Updated-02 Aug, 2024 | 21:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AX3 V16.03.12.11 was discovered to contain a Command Execution vulnerability via the function /goform/telnet.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax3ax3_firmwaren/a
CVE-2023-49411
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 30.56%
||
7 Day CHG~0.00%
Published-07 Dec, 2023 | 00:00
Updated-02 Aug, 2024 | 21:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda W30E V16.01.0.12(4843) contains a stack overflow vulnerability via the function formDeleteMeshNode.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-w30e_firmwarew30en/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-49040
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.46% / 81.01%
||
7 Day CHG~0.00%
Published-27 Nov, 2023 | 00:00
Updated-11 Oct, 2024 | 21:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Tneda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the adslPwd parameter in the form_fast_setting_internet_set function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax1803_firmwareax1803n/aax1803_firmware
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-49424
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.26% / 48.84%
||
7 Day CHG~0.00%
Published-07 Dec, 2023 | 00:00
Updated-13 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax12_firmwareax12n/aax12_firmware
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2023-49404
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.16% / 36.14%
||
7 Day CHG~0.00%
Published-07 Dec, 2023 | 00:00
Updated-28 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formAdvancedSetListSet.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-w30ew30e_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-49408
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 30.56%
||
7 Day CHG~0.00%
Published-07 Dec, 2023 | 00:00
Updated-02 Aug, 2024 | 21:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the function set_device_name.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax3ax3_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-49434
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.28% / 51.58%
||
7 Day CHG~0.00%
Published-07 Dec, 2023 | 00:00
Updated-02 Aug, 2024 | 21:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetNetControlList.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax9ax9_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-49430
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.13% / 31.48%
||
7 Day CHG~0.00%
Published-07 Dec, 2023 | 00:00
Updated-02 Aug, 2024 | 21:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetStaticRouteCfg.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax9ax9_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-6024
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.26% / 49.23%
||
7 Day CHG+0.02%
Published-10 Apr, 2026 | 05:15
Updated-30 Apr, 2026 | 13:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda i6 HTTP R7WebsSecurityHandlerfunction path traversal

A vulnerability was determined in Tenda i6 1.0.0.7(2204). Affected by this issue is the function R7WebsSecurityHandlerfunction of the component HTTP Handler. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-i6i6_firmwarei6
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-49432
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.13% / 31.48%
||
7 Day CHG~0.00%
Published-07 Dec, 2023 | 00:00
Updated-26 Nov, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'deviceList' parameter at /goform/setMacFilterCfg.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax9ax9_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-49043
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-32.61% / 96.91%
||
7 Day CHG~0.00%
Published-27 Nov, 2023 | 00:00
Updated-02 Aug, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the wpapsk_crypto parameter in the function fromSetWirelessRepeat.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax1803_firmwareax1803n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-49433
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.28% / 51.58%
||
7 Day CHG~0.00%
Published-07 Dec, 2023 | 00:00
Updated-02 Aug, 2024 | 21:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetVirtualServerCfg.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax9ax9_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 30
  • 31
  • Next
Details not found