Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-8225

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-27 Aug, 2024 | 23:00
Updated At-28 Aug, 2024 | 13:57
Rejected At-
Credits

Tenda G3 SetSysTimeCfg formSetSysTime stack-based overflow

A vulnerability, which was classified as critical, was found in Tenda G3 15.11.0.20. Affected is the function formSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument sysTimePolicy leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:27 Aug, 2024 | 23:00
Updated At:28 Aug, 2024 | 13:57
Rejected At:
▼CVE Numbering Authority (CNA)
Tenda G3 SetSysTimeCfg formSetSysTime stack-based overflow

A vulnerability, which was classified as critical, was found in Tenda G3 15.11.0.20. Affected is the function formSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument sysTimePolicy leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected Products
Vendor
Tenda Technology Co., Ltd.Tenda
Product
G3
Versions
Affected
  • 15.11.0.20
Problem Types
TypeCWE IDDescription
CWECWE-121CWE-121 Stack-based Buffer Overflow
Type: CWE
CWE ID: CWE-121
Description: CWE-121 Stack-based Buffer Overflow
Metrics
VersionBase scoreBase severityVector
4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3.08.8HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2.09.0N/A
AV:N/AC:L/Au:S/C:C/I:C/A:C
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.0
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 2.0
Base score: 9.0
Base severity: N/A
Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
wxhwxhwxh_tutu (VulDB User)
Timeline
EventDate
Advisory disclosed2024-08-27 00:00:00
VulDB entry created2024-08-27 02:00:00
VulDB entry last update2024-08-27 15:17:29
Event: Advisory disclosed
Date: 2024-08-27 00:00:00
Event: VulDB entry created
Date: 2024-08-27 02:00:00
Event: VulDB entry last update
Date: 2024-08-27 15:17:29
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.275934
vdb-entry
technical-description
https://vuldb.com/?ctiid.275934
signature
permissions-required
https://vuldb.com/?submit.394000
third-party-advisory
https://github.com/abcdefg-png/AHU-IoT-vulnerable/blob/main/Tenda/G3V3.0/formSetSysTime.md
exploit
https://www.tenda.com.cn/
product
Hyperlink: https://vuldb.com/?id.275934
Resource:
vdb-entry
technical-description
Hyperlink: https://vuldb.com/?ctiid.275934
Resource:
signature
permissions-required
Hyperlink: https://vuldb.com/?submit.394000
Resource:
third-party-advisory
Hyperlink: https://github.com/abcdefg-png/AHU-IoT-vulnerable/blob/main/Tenda/G3V3.0/formSetSysTime.md
Resource:
exploit
Hyperlink: https://www.tenda.com.cn/
Resource:
product
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
Tenda Technology Co., Ltd.tenda
Product
g3_firmware
CPEs
  • cpe:2.3:o:tenda:g3_firmware:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 15.11.0.20
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:27 Aug, 2024 | 23:15
Updated At:29 Aug, 2024 | 00:14

A vulnerability, which was classified as critical, was found in Tenda G3 15.11.0.20. Affected is the function formSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument sysTimePolicy leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary2.09.0HIGH
AV:N/AC:L/Au:S/C:C/I:C/A:C
Type: Secondary
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 2.0
Base score: 9.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C
CPE Matches
Tenda Technology Co., Ltd.
tenda
>>g3_firmware>>15.11.0.20
cpe:2.3:o:tenda:g3_firmware:15.11.0.20:*:*:*:*:*:*:*
Tenda Technology Co., Ltd.
tenda
>>g3>>-
cpe:2.3:h:tenda:g3:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE-121Secondarycna@vuldb.com
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-121
Type: Secondary
Source: cna@vuldb.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/abcdefg-png/AHU-IoT-vulnerable/blob/main/Tenda/G3V3.0/formSetSysTime.mdcna@vuldb.com
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.275934cna@vuldb.com
Permissions Required
VDB Entry
https://vuldb.com/?id.275934cna@vuldb.com
VDB Entry
https://vuldb.com/?submit.394000cna@vuldb.com
VDB Entry
https://www.tenda.com.cn/cna@vuldb.com
Product
Hyperlink: https://github.com/abcdefg-png/AHU-IoT-vulnerable/blob/main/Tenda/G3V3.0/formSetSysTime.md
Source: cna@vuldb.com
Resource:
Exploit
Third Party Advisory
Hyperlink: https://vuldb.com/?ctiid.275934
Source: cna@vuldb.com
Resource:
Permissions Required
VDB Entry
Hyperlink: https://vuldb.com/?id.275934
Source: cna@vuldb.com
Resource:
VDB Entry
Hyperlink: https://vuldb.com/?submit.394000
Source: cna@vuldb.com
Resource:
VDB Entry
Hyperlink: https://www.tenda.com.cn/
Source: cna@vuldb.com
Resource:
Product

Change History

0
Information is not available yet

Similar CVEs

3451Records found
CVE-2022-37806
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.44% / 62.09%
||
7 Day CHG+0.26%
Published-25 Aug, 2022 | 14:05
Updated-03 Aug, 2024 | 10:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the page parameter in the function fromDhcpListClient.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac1206_firmwareac1206n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-37814
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.44% / 62.09%
||
7 Day CHG+0.24%
Published-25 Aug, 2022 | 14:07
Updated-03 Aug, 2024 | 10:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC1206 V15.03.06.23 was discovered to contain multiple stack overflows via the deviceMac and the device_id parameters in the function addWifiMacFilter.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac1206_firmwareac1206n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-37801
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.44% / 62.09%
||
7 Day CHG+0.24%
Published-25 Aug, 2022 | 14:04
Updated-03 Aug, 2024 | 10:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the list parameter at the function formSetQosBand.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac1206_firmwareac1206n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-38314
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.19% / 40.58%
||
7 Day CHG~0.00%
Published-07 Sep, 2022 | 18:40
Updated-03 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the urls parameter at /goform/saveParentControlInfo.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac18_firmwareac18n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-38312
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.17% / 38.78%
||
7 Day CHG~0.00%
Published-07 Sep, 2022 | 18:41
Updated-03 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the list parameter at /goform/SetIpMacBind.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac18_firmwareac18n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-38311
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.17% / 38.78%
||
7 Day CHG~0.00%
Published-07 Sep, 2022 | 18:41
Updated-03 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the time parameter at /goform/PowerSaveSet.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac18_firmwareac18n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-7528
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.09% / 26.77%
||
7 Day CHG~0.00%
Published-13 Jul, 2025 | 11:32
Updated-15 Jul, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda FH1202 GstDhcpSetSer fromGstDhcpSetSer stack-based overflow

A vulnerability classified as critical has been found in Tenda FH1202 1.2.0.14(408). Affected is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer. The manipulation of the argument dips leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-FH1202
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2022-37800
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.44% / 62.09%
||
7 Day CHG+0.24%
Published-25 Aug, 2022 | 14:04
Updated-03 Aug, 2024 | 10:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the list parameter at the function fromSetRouteStatic.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac1206_firmwareac1206n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-38309
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.17% / 38.78%
||
7 Day CHG~0.00%
Published-07 Sep, 2022 | 18:41
Updated-03 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac18_firmwareac18n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-37815
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.44% / 62.09%
||
7 Day CHG+0.24%
Published-25 Aug, 2022 | 14:06
Updated-03 Aug, 2024 | 10:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the PPPOEPassword parameter in the function formQuickIndex.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac1206_firmwareac1206n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-37813
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.44% / 62.09%
||
7 Day CHG+0.24%
Published-25 Aug, 2022 | 14:06
Updated-03 Aug, 2024 | 10:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function fromSetSysTime.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac1206_firmwareac1206n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-37811
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.44% / 62.09%
||
7 Day CHG+0.26%
Published-25 Aug, 2022 | 14:05
Updated-03 Aug, 2024 | 10:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the startIp parameter in the function formSetPPTPServer.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac1206_firmwareac1206n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-38310
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.17% / 38.78%
||
7 Day CHG~0.00%
Published-07 Sep, 2022 | 18:41
Updated-03 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the list parameter at /goform/SetStaticRouteCfg.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac18_firmwareac18n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-36568
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.17% / 38.80%
||
7 Day CHG~0.00%
Published-31 Aug, 2022 | 19:03
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the list parameter at /goform/setPptpUserList.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac9_firmwareac9n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-36569
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.17% / 38.80%
||
7 Day CHG~0.00%
Published-31 Aug, 2022 | 19:03
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac9_firmwareac9n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-35559
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.31% / 78.98%
||
7 Day CHG~0.00%
Published-11 Aug, 2022 | 16:39
Updated-03 Aug, 2024 | 09:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack overflow vulnerability exists in /goform/setAutoPing in Tenda W6 V1.0.0.9(4122), which allows an attacker to construct ping1 parameters and ping2 parameters for a stack overflow attack. An attacker can use this vulnerability to execute arbitrary code execution.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-w6w6_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-7598
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.10% / 27.61%
||
7 Day CHG~0.00%
Published-14 Jul, 2025 | 11:02
Updated-15 Jul, 2025 | 13:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AX1803 setWifiFilterCfg formSetWifiMacFilterCfg stack-based overflow

A vulnerability classified as critical was found in Tenda AX1803 1.0.0.1. Affected by this vulnerability is the function formSetWifiMacFilterCfg of the file /goform/setWifiFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-AX1803
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2021-46262
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.00% / 76.11%
||
7 Day CHG~0.00%
Published-15 Feb, 2022 | 19:08
Updated-04 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the PPPoE module. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac11ac11_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-7550
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.10% / 27.61%
||
7 Day CHG~0.00%
Published-13 Jul, 2025 | 23:02
Updated-15 Jul, 2025 | 18:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda FH1201 GstDhcpSetSer fromGstDhcpSetSer stack-based overflow

A vulnerability was found in Tenda FH1201 1.2.0.14(408). It has been classified as critical. Affected is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer. The manipulation of the argument dips leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-fh1201_firmwarefh1201FH1201
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2022-32032
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.74% / 85.41%
||
7 Day CHG~0.00%
Published-01 Jul, 2022 | 17:28
Updated-03 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the deviceList parameter in the function formAddMacfilterRule.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax1806ax1806_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-46394
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.58% / 84.99%
||
7 Day CHG~0.00%
Published-04 Mar, 2022 | 13:05
Updated-04 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v13 variable is directly retrieved from the http request parameter startIp. Then v13 will be splice to stack by function sscanf without any security check, which causes stack overflow. By POSTing the page /goform/SetPptpServerCfg with proper startIp, the attacker can easily perform remote code execution with carefully crafted overflow data.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax3ax3_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-46265
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.00% / 76.11%
||
7 Day CHG~0.00%
Published-15 Feb, 2022 | 19:08
Updated-04 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in the wanBasicCfg module. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac11ac11_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-5849
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.12% / 32.46%
||
7 Day CHG~0.00%
Published-08 Jun, 2025 | 22:31
Updated-09 Jun, 2025 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC15 HTTP POST Request SetRemoteWebCfg formSetSafeWanWebMan stack-based overflow

A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been classified as critical. This affects the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg of the component HTTP POST Request Handler. The manipulation of the argument remoteIp leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac15_firmwareac15AC15
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-11745
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.36% / 57.64%
||
7 Day CHG+0.04%
Published-26 Nov, 2024 | 21:00
Updated-03 Dec, 2024 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC8 SetStaticRouteCfg route_static_check stack-based overflow

A vulnerability was found in Tenda AC8 16.03.34.09 and classified as critical. Affected by this issue is the function route_static_check of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac8ac8_firmwareAC8ac8_firmware
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-11248
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.33% / 54.84%
||
7 Day CHG~0.00%
Published-15 Nov, 2024 | 17:00
Updated-19 Nov, 2024 | 21:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC10 SetSysAutoRebbotCfg formSetRebootTimer stack-based overflow

A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. Affected by this issue is the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac10ac10_firmwareAC10ac10_firmware
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-10282
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.29% / 52.00%
||
7 Day CHG~0.00%
Published-23 Oct, 2024 | 14:31
Updated-01 Nov, 2024 | 13:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda RX9/RX9 Pro SetVirtualServerCfg sub_42EA38 stack-based overflow

A vulnerability classified as critical was found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. Affected by this vulnerability is the function sub_42EA38 of the file /goform/SetVirtualServerCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-rx9_prorx9_pro_firmwareRX9RX9 Prorx9_prorx9
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-10662
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.74% / 71.90%
||
7 Day CHG+0.11%
Published-01 Nov, 2024 | 16:00
Updated-05 Nov, 2024 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC15 SetOnlineDevName formSetDeviceName stack-based overflow

A vulnerability was found in Tenda AC15 15.03.05.19 and classified as critical. This issue affects the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac15_firmwareac15AC15ac15_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-10283
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.30% / 52.84%
||
7 Day CHG~0.00%
Published-23 Oct, 2024 | 15:00
Updated-01 Nov, 2024 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda RX9/RX9 Pro SetNetControlList sub_4337EC stack-based overflow

A vulnerability, which was classified as critical, has been found in Tenda RX9 and RX9 Pro 22.03.02.20. Affected by this issue is the function sub_4337EC of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-rx9_prorx9_pro_firmwareRX9RX9 Prorx9_prorx9
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-10698
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.60% / 68.47%
||
7 Day CHG~0.00%
Published-02 Nov, 2024 | 13:31
Updated-05 Nov, 2024 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC6 SetOnlineDevName formSetDeviceName stack-based overflow

A vulnerability was found in Tenda AC6 15.03.05.19 and classified as critical. Affected by this issue is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac6_firmwareac6AC6ac6_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-11061
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.83% / 73.58%
||
7 Day CHG+0.06%
Published-11 Nov, 2024 | 00:31
Updated-13 Nov, 2024 | 23:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC10 fast_setting_wifi_set FUN_0044db3c stack-based overflow

A vulnerability classified as critical was found in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function FUN_0044db3c of the file /goform/fast_setting_wifi_set. The manipulation of the argument timeZone leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac10ac10_firmwareAC10ac10_firmware
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2023-37705
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 31.75%
||
7 Day CHG~0.00%
Published-10 Jul, 2023 | 00:00
Updated-12 Nov, 2024 | 14:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the page parameter in the fromAddressNat function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-fh1203_firmwarefh1203n/afh1203
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-10434
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-1.00% / 76.09%
||
7 Day CHG+0.15%
Published-28 Oct, 2024 | 00:31
Updated-01 Nov, 2024 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC1206 ate ate_Tenda_mfg_check_usb3 stack-based overflow

A vulnerability was found in Tenda AC1206 up to 20241027. It has been classified as critical. This affects the function ate_Tenda_mfg_check_usb/ate_Tenda_mfg_check_usb3 of the file /goform/ate. The manipulation of the argument arg leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac1206_firmwareac1206AC1206ac1206
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-10661
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.72% / 71.55%
||
7 Day CHG+0.11%
Published-01 Nov, 2024 | 16:00
Updated-05 Nov, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC15 SetDlnaCfg stack-based overflow

A vulnerability has been found in Tenda AC15 15.03.05.19 and classified as critical. This vulnerability affects the function SetDlnaCfg of the file /goform/SetDlnaCfg. The manipulation of the argument scanList leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac15_firmwareac15AC15ac15_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-10281
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.76% / 72.45%
||
7 Day CHG~0.00%
Published-23 Oct, 2024 | 14:00
Updated-01 Nov, 2024 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda RX9/RX9 Pro SetStaticRouteCfg sub_42EEE0 stack-based overflow

A vulnerability classified as critical has been found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. Affected is the function sub_42EEE0 of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-rx9_prorx9_pro_firmwareRX9RX9 Prorx9_prorx9
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-10351
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.48% / 64.24%
||
7 Day CHG~0.00%
Published-24 Oct, 2024 | 23:31
Updated-01 Nov, 2024 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda RX9 Pro POST Request setMacFilterCfg sub_424CE0 stack-based overflow

A vulnerability was found in Tenda RX9 Pro 22.03.02.20. It has been rated as critical. This issue affects the function sub_424CE0 of the file /goform/setMacFilterCfg of the component POST Request Handler. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-rx9_prorx9_pro_firmwareRX9 Prorx9_pro_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-0990
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-7.2||HIGH
EPSS-0.11% / 30.74%
||
7 Day CHG~0.00%
Published-29 Jan, 2024 | 00:31
Updated-28 Aug, 2024 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda i6 httpd setAutoPing formSetAutoPing stack-based overflow

A vulnerability, which was classified as critical, was found in Tenda i6 1.0.0.9(3857). This affects the function formSetAutoPing of the file /goform/setAutoPing of the component httpd. The manipulation of the argument ping1 leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252255. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-i6i6_firmwarei6i6_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-0541
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.22% / 44.76%
||
7 Day CHG~0.00%
Published-15 Jan, 2024 | 05:00
Updated-12 May, 2025 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda W9 httpd formAddSysLogRule stack-based overflow

A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been declared as critical. Affected by this vulnerability is the function formAddSysLogRule of the component httpd. The manipulation of the argument sysRulenEn leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250711. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-w9_firmwarew9W9
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-0927
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.17% / 38.92%
||
7 Day CHG~0.00%
Published-26 Jan, 2024 | 15:00
Updated-29 May, 2025 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC10U fromAddressNat stack-based overflow

A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01. It has been classified as critical. Affected is the function fromAddressNat. The manipulation of the argument entrys/mitInterface/page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252132. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac10uac10u_firmwareAC10U
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-0537
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.14% / 33.99%
||
7 Day CHG~0.00%
Published-15 Jan, 2024 | 04:00
Updated-27 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda W9 httpd setWrlBasicInfo stack-based overflow

A vulnerability, which was classified as critical, was found in Tenda W9 1.0.0.7(4456). This affects the function setWrlBasicInfo of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250707. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-w9_firmwarew9W9w9_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-0928
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.17% / 38.92%
||
7 Day CHG~0.00%
Published-26 Jan, 2024 | 15:31
Updated-17 Jun, 2025 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC10U fromDhcpListClient stack-based overflow

A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01. It has been declared as critical. Affected by this vulnerability is the function fromDhcpListClient. The manipulation of the argument page/listN leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252133 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac10uac10u_firmwareAC10U
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-0932
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.07% / 22.73%
||
7 Day CHG~0.00%
Published-26 Jan, 2024 | 16:31
Updated-13 Nov, 2024 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC10U setSmartPowerManagement stack-based overflow

A vulnerability, which was classified as critical, has been found in Tenda AC10U 15.03.06.49_multi_TDE01. This issue affects the function setSmartPowerManagement. The manipulation of the argument time leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252137 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac10uac10u_firmwareAC10U
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-0540
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.10% / 28.56%
||
7 Day CHG~0.00%
Published-15 Jan, 2024 | 04:31
Updated-03 Jun, 2025 | 14:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda W9 httpd formOfflineSet stack-based overflow

A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been classified as critical. Affected is the function formOfflineSet of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250710 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-w9_firmwarew9W9
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-0995
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-7.2||HIGH
EPSS-0.11% / 30.74%
||
7 Day CHG~0.00%
Published-29 Jan, 2024 | 02:00
Updated-02 Jun, 2025 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda W6 httpd wifiSSIDset formwrlSSIDset stack-based overflow

A vulnerability was found in Tenda W6 1.0.0.9(4122). It has been rated as critical. Affected by this issue is the function formwrlSSIDset of the file /goform/wifiSSIDset of the component httpd. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252260. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-w6w6_firmwareW6
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-0538
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.14% / 33.99%
||
7 Day CHG~0.00%
Published-15 Jan, 2024 | 04:00
Updated-23 Oct, 2024 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda W9 httpd formQosManage_auto stack-based overflow

A vulnerability has been found in Tenda W9 1.0.0.7(4456) and classified as critical. This vulnerability affects the function formQosManage_auto of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250708. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-w9_firmwarew9W9w9
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-10123
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.58% / 67.91%
||
7 Day CHG~0.00%
Published-18 Oct, 2024 | 19:31
Updated-28 Oct, 2024 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC8 saveParentControlInfo compare_parentcontrol_time stack-based overflow

A vulnerability was found in Tenda AC8 16.03.34.06. It has been declared as critical. Affected by this vulnerability is the function compare_parentcontrol_time of the file /goform/saveParentControlInfo. The manipulation of the argument time leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This is not the same issue like CVE-2023-33671. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac8ac8_firmwareAC8ac8_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-0542
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.14% / 33.99%
||
7 Day CHG~0.00%
Published-15 Jan, 2024 | 05:00
Updated-09 Jun, 2025 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda W9 httpd formWifiMacFilterGet stack-based overflow

A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been rated as critical. Affected by this issue is the function formWifiMacFilterGet of the component httpd. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250712. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-w9_firmwarew9W9
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-0994
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-7.2||HIGH
EPSS-0.10% / 27.28%
||
7 Day CHG~0.00%
Published-29 Jan, 2024 | 01:31
Updated-12 Nov, 2024 | 21:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda W6 httpd setcfm formSetCfm stack-based overflow

A vulnerability was found in Tenda W6 1.0.0.9(4122). It has been declared as critical. Affected by this vulnerability is the function formSetCfm of the file /goform/setcfm of the component httpd. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252259. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-w6w6_firmwareW6
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-0539
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.22% / 44.76%
||
7 Day CHG~0.00%
Published-15 Jan, 2024 | 04:31
Updated-03 Jun, 2025 | 14:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda W9 httpd formQosManage_user stack-based overflow

A vulnerability was found in Tenda W9 1.0.0.7(4456) and classified as critical. This issue affects the function formQosManage_user of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250709 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-w9_firmwarew9W9
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-0991
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-7.2||HIGH
EPSS-0.10% / 27.28%
||
7 Day CHG~0.00%
Published-29 Jan, 2024 | 01:00
Updated-18 Oct, 2024 | 14:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda i6 httpd setcfm formSetCfm stack-based overflow

A vulnerability has been found in Tenda i6 1.0.0.9(3857) and classified as critical. This vulnerability affects the function formSetCfm of the file /goform/setcfm of the component httpd. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252256. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-i6i6_firmwarei6i6
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-0926
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.17% / 38.92%
||
7 Day CHG~0.00%
Published-26 Jan, 2024 | 15:00
Updated-29 May, 2025 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC10U formWifiWpsOOB stack-based overflow

A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01 and classified as critical. This issue affects the function formWifiWpsOOB. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252131. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac10uac10u_firmwareAC10U
CWE ID-CWE-121
Stack-based Buffer Overflow
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • ...
  • 69
  • 70
  • Next
Details not found