Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-12210

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-27 Oct, 2025 | 03:02
Updated At-24 Feb, 2026 | 07:04
Rejected At-
Credits

Tenda O3 AdvSetLanip GetValue stack-based overflow

A vulnerability was identified in Tenda O3 1.0.0.10(2478). Affected by this vulnerability is the function SetValue/GetValue of the file /goform/AdvSetLanip. The manipulation of the argument lanIp leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:27 Oct, 2025 | 03:02
Updated At:24 Feb, 2026 | 07:04
Rejected At:
â–¼CVE Numbering Authority (CNA)
Tenda O3 AdvSetLanip GetValue stack-based overflow

A vulnerability was identified in Tenda O3 1.0.0.10(2478). Affected by this vulnerability is the function SetValue/GetValue of the file /goform/AdvSetLanip. The manipulation of the argument lanIp leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

Affected Products
Vendor
Tenda Technology Co., Ltd.Tenda
Product
O3
CPEs
  • cpe:2.3:o:tenda:o3_firmware:*:*:*:*:*:*:*:*
Versions
Affected
  • 1.0.0.10(2478)
Problem Types
TypeCWE IDDescription
CWECWE-121Stack-based Buffer Overflow
CWECWE-119Memory Corruption
Type: CWE
CWE ID: CWE-121
Description: Stack-based Buffer Overflow
Type: CWE
CWE ID: CWE-119
Description: Memory Corruption
Metrics
VersionBase scoreBase severityVector
4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
3.08.8HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
2.09.0N/A
AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
Version: 3.0
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
Version: 2.0
Base score: 9.0
Base severity: N/A
Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
wxhwxhwxh_mie (VulDB User)
Timeline
EventDate
Advisory disclosed2025-10-25 00:00:00
VulDB entry created2025-10-25 02:00:00
VulDB entry last update2025-10-27 23:27:03
Event: Advisory disclosed
Date: 2025-10-25 00:00:00
Event: VulDB entry created
Date: 2025-10-25 02:00:00
Event: VulDB entry last update
Date: 2025-10-27 23:27:03
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.329880
vdb-entry
technical-description
https://vuldb.com/?ctiid.329880
signature
permissions-required
https://vuldb.com/?submit.673264
third-party-advisory
https://github.com/noahze01/IoT-vulnerable/blob/main/Tenda/O3v2.0/AdvSetLanip.md
exploit
https://www.tenda.com.cn/
product
Hyperlink: https://vuldb.com/?id.329880
Resource:
vdb-entry
technical-description
Hyperlink: https://vuldb.com/?ctiid.329880
Resource:
signature
permissions-required
Hyperlink: https://vuldb.com/?submit.673264
Resource:
third-party-advisory
Hyperlink: https://github.com/noahze01/IoT-vulnerable/blob/main/Tenda/O3v2.0/AdvSetLanip.md
Resource:
exploit
Hyperlink: https://www.tenda.com.cn/
Resource:
product
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/noahze01/IoT-vulnerable/blob/main/Tenda/O3v2.0/AdvSetLanip.md
exploit
Hyperlink: https://github.com/noahze01/IoT-vulnerable/blob/main/Tenda/O3v2.0/AdvSetLanip.md
Resource:
exploit
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:27 Oct, 2025 | 03:15
Updated At:28 Oct, 2025 | 14:15

A vulnerability was identified in Tenda O3 1.0.0.10(2478). Affected by this vulnerability is the function SetValue/GetValue of the file /goform/AdvSetLanip. The manipulation of the argument lanIp leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.07.4HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary2.09.0HIGH
AV:N/AC:L/Au:S/C:C/I:C/A:C
Type: Secondary
Version: 4.0
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 2.0
Base score: 9.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C
CPE Matches
Tenda Technology Co., Ltd.
tenda
>>o3_firmware1.0.0.10\(2478\)>>*
cpe:2.3:o:tenda:o3_firmware1.0.0.10\(2478\):*:*:*:*:*:*:*:*
Tenda Technology Co., Ltd.
tenda
>>o3>>2.0
cpe:2.3:h:tenda:o3:2.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Secondarycna@vuldb.com
CWE-121Secondarycna@vuldb.com
CWE ID: CWE-119
Type: Secondary
Source: cna@vuldb.com
CWE ID: CWE-121
Type: Secondary
Source: cna@vuldb.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/noahze01/IoT-vulnerable/blob/main/Tenda/O3v2.0/AdvSetLanip.mdcna@vuldb.com
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.329880cna@vuldb.com
Permissions Required
VDB Entry
https://vuldb.com/?id.329880cna@vuldb.com
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.673264cna@vuldb.com
Third Party Advisory
VDB Entry
https://www.tenda.com.cn/cna@vuldb.com
Product
https://github.com/noahze01/IoT-vulnerable/blob/main/Tenda/O3v2.0/AdvSetLanip.md134c704f-9b21-4f2e-91b3-4a467353bcc0
Exploit
Third Party Advisory
Hyperlink: https://github.com/noahze01/IoT-vulnerable/blob/main/Tenda/O3v2.0/AdvSetLanip.md
Source: cna@vuldb.com
Resource:
Exploit
Third Party Advisory
Hyperlink: https://vuldb.com/?ctiid.329880
Source: cna@vuldb.com
Resource:
Permissions Required
VDB Entry
Hyperlink: https://vuldb.com/?id.329880
Source: cna@vuldb.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://vuldb.com/?submit.673264
Source: cna@vuldb.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://www.tenda.com.cn/
Source: cna@vuldb.com
Resource:
Product
Hyperlink: https://github.com/noahze01/IoT-vulnerable/blob/main/Tenda/O3v2.0/AdvSetLanip.md
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

2769Records found
CVE-2025-4007
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.62% / 69.82%
||
7 Day CHG~0.00%
Published-28 Apr, 2025 | 07:31
Updated-30 Jul, 2025 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda W12/i24 httpd modules cgidhcpsCfgSet stack-based overflow

A vulnerability classified as critical was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). Affected by this vulnerability is the function cgidhcpsCfgSet of the file /goform/modules of the component httpd. The manipulation of the argument json leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-w12i24i24_firmwarew12_firmwareW12i24
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-14665
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-9.3||CRITICAL
EPSS-0.14% / 34.74%
||
7 Day CHG~0.00%
Published-14 Dec, 2025 | 15:02
Updated-24 Feb, 2026 | 06:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda WH450 HTTP Request DhcpListClient stack-based overflow

A security flaw has been discovered in Tenda WH450 1.0.0.18. Impacted is an unknown function of the file /goform/DhcpListClient of the component HTTP Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-wh450wh450_firmwareWH450
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-3803
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.62% / 69.82%
||
7 Day CHG~0.00%
Published-19 Apr, 2025 | 15:00
Updated-30 Jul, 2025 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda W12/i24 httpd cgiSysScheduleRebootSet stack-based overflow

A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). It has been rated as critical. This issue affects the function cgiSysScheduleRebootSet of the file /bin/httpd. The manipulation of the argument rebootDate leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-w12i24i24_firmwarew12_firmwareW12i24
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-3802
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.62% / 69.82%
||
7 Day CHG~0.00%
Published-19 Apr, 2025 | 14:31
Updated-30 Jul, 2025 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda W12/i24 httpd cgiPingSet stack-based overflow

A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). It has been declared as critical. This vulnerability affects the function cgiPingSet of the file /bin/httpd. The manipulation of the argument pingIP leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-w12i24i24_firmwarew12_firmwareW12i24
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-3786
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.62% / 69.82%
||
7 Day CHG~0.00%
Published-18 Apr, 2025 | 09:00
Updated-22 Apr, 2025 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC15 WifiExtraSet fromSetWirelessRepeat buffer overflow

A vulnerability was found in Tenda AC15 up to 15.03.05.19 and classified as critical. This issue affects the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument mac leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac15_firmwareac15AC15
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-3820
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.63% / 69.99%
||
7 Day CHG~0.00%
Published-19 Apr, 2025 | 20:31
Updated-30 Jul, 2025 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda W12/i24 httpd cgiSysUplinkCheckSet stack-based overflow

A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644) and classified as critical. Affected by this issue is the function cgiSysUplinkCheckSet of the file /bin/httpd. The manipulation of the argument hostIp1/hostIp2 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-w12i24i24_firmwarew12_firmwareW12i24
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-3693
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-2.25% / 84.35%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 14:00
Updated-16 Jul, 2025 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda W12 httpd cgiWifiRadioSet stack-based overflow

A vulnerability was found in Tenda W12 3.0.0.5. It has been rated as critical. Affected by this issue is the function cgiWifiRadioSet of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-w12_firmwarew12W12
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2023-44023
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.28% / 51.33%
||
7 Day CHG~0.00%
Published-27 Sep, 2023 | 00:00
Updated-24 Sep, 2024 | 14:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac10uac10u_firmwaren/aac10u
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-44017
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.42% / 61.81%
||
7 Day CHG~0.00%
Published-27 Sep, 2023 | 00:00
Updated-25 Sep, 2024 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the timeZone parameter in the fromSetSysTime function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac10uac10u_firmwaren/aac10u_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2024-46046
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.45% / 63.25%
||
7 Day CHG~0.00%
Published-13 Sep, 2024 | 00:00
Updated-20 Sep, 2024 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda FH451 v1.0.0.9 has a stack overflow vulnerability located in the RouteStatic function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-fh451_firmwarefh451n/afh451_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-3346
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-1.91% / 83.08%
||
7 Day CHG~0.00%
Published-07 Apr, 2025 | 09:31
Updated-27 May, 2025 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC7 SetPptpServerCfg formSetPPTPServer buffer overflow

A vulnerability was found in Tenda AC7 15.03.06.44. It has been rated as critical. Affected by this issue is the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument pptp_server_start_ip/pptp_server_end_ip leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac7_firmwareac7AC7
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-3259
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-2.11% / 83.89%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 17:31
Updated-07 Apr, 2025 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda RX3 SetOnlineDevName formSetDeviceName stack-based overflow

A vulnerability, which was classified as critical, has been found in Tenda RX3 16.03.13.11. This issue affects the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-rx3rx3_firmwareRX3
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-3328
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-1.14% / 78.20%
||
7 Day CHG~0.00%
Published-07 Apr, 2025 | 00:31
Updated-07 Apr, 2025 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC1206 fast_setting_wifi_set form_fast_setting_wifi_set buffer overflow

A vulnerability was found in Tenda AC1206 15.03.06.23. It has been classified as critical. Affected is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid/timeZone leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac1206ac1206_firmwareAC1206
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-32010
Matching Score-10
Assigner-Talos
ShareView Details
Matching Score-10
Assigner-Talos
CVSS Score-8.1||HIGH
EPSS-0.58% / 68.60%
||
7 Day CHG~0.00%
Published-20 Aug, 2025 | 13:09
Updated-03 Nov, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the Cloud API functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP response can lead to arbitrary code execution. An attacker can send an HTTP response to trigger this vulnerability.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac6_firmwareac6AC6 V5.0
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-3161
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.84% / 74.46%
||
7 Day CHG~0.00%
Published-03 Apr, 2025 | 14:31
Updated-07 Apr, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC10 ShutdownSetAdd stack-based overflow

A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. This issue affects the function ShutdownSetAdd of the file /goform/ShutdownSetAdd. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-AC10
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-14879
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-9.3||CRITICAL
EPSS-0.33% / 55.44%
||
7 Day CHG+0.01%
Published-18 Dec, 2025 | 17:02
Updated-24 Feb, 2026 | 06:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda WH450 HTTP Request onSSIDChange stack-based overflow

A weakness has been identified in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/onSSIDChange of the component HTTP Request Handler. This manipulation of the argument ssid_index causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-wh450wh450_firmwareWH450
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-46044
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.7||MEDIUM
EPSS-0.11% / 28.79%
||
7 Day CHG~0.00%
Published-13 Sep, 2024 | 00:00
Updated-15 Oct, 2024 | 13:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the fromqossetting function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ch22ch22_firmwaren/ach22_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-2808
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.59% / 68.88%
||
7 Day CHG~0.00%
Published-22 Mar, 2024 | 05:00
Updated-12 Aug, 2024 | 13:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC15 QuickIndex formQuickIndex stack-based overflow

A vulnerability, which was classified as critical, has been found in Tenda AC15 15.03.05.18/15.03.20_multi. This issue affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257663. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac15_firmwareac15AC15ac15_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-52273
Matching Score-10
Assigner-VULSec Labs
ShareView Details
Matching Score-10
Assigner-VULSec Labs
CVSS Score-8.3||HIGH
EPSS-0.16% / 37.44%
||
7 Day CHG~0.00%
Published-04 Dec, 2024 | 10:19
Updated-28 May, 2025 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service on Tenda AC6V2 Due To Stack Overflow

Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (setDoublePppoeConfig->guest_ip_check(overflow arg: mask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac6ac6_firmwareTenda AC6V2
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-46049
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.7||MEDIUM
EPSS-0.12% / 30.84%
||
7 Day CHG~0.00%
Published-13 Sep, 2024 | 00:00
Updated-15 Oct, 2024 | 13:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda O6 V3.0 firmware V1.0.0.7(2054) contains a stack overflow vulnerability in the formexeCommand function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-o6_firmwareo6n/ao6_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4492
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.19% / 40.77%
||
7 Day CHG~0.00%
Published-05 May, 2024 | 00:31
Updated-27 Jan, 2025 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda i21 setStaOffline formOfflineSet stack-based overflow

A vulnerability, which was classified as critical, has been found in Tenda i21 1.0.0.14(4656). This issue affects the function formOfflineSet of the file /goform/setStaOffline. The manipulation of the argument GO/ssidIndex leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263081 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-i21i21_firmwarei21
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4496
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.41% / 61.14%
||
7 Day CHG~0.00%
Published-05 May, 2024 | 06:00
Updated-27 Jan, 2025 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda i21 formWifiMacFilterSet stack-based overflow

A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been classified as critical. This affects the function formWifiMacFilterSet. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263085 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-i21i21_firmwarei21
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4495
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.46% / 64.06%
||
7 Day CHG~0.00%
Published-05 May, 2024 | 05:31
Updated-27 Jan, 2025 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda i21 formWifiMacFilterGet stack-based overflow

A vulnerability was found in Tenda i21 1.0.0.14(4656) and classified as critical. Affected by this issue is the function formWifiMacFilterGet. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263084. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-i21i21_firmwarei21i21
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4497
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.46% / 64.06%
||
7 Day CHG~0.00%
Published-05 May, 2024 | 06:31
Updated-27 Jan, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda i21 formexeCommand stack-based overflow

A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been declared as critical. This vulnerability affects the function formexeCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263086 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-i21i21_firmwarei21i21
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4493
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.38% / 59.33%
||
7 Day CHG~0.00%
Published-05 May, 2024 | 03:00
Updated-27 Jan, 2025 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda i21 formSetAutoPing stack-based overflow

A vulnerability, which was classified as critical, was found in Tenda i21 1.0.0.14(4656). Affected is the function formSetAutoPing. The manipulation of the argument ping1/ping2 leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263082 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-i21i21_firmwarei21i21_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4494
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.38% / 59.33%
||
7 Day CHG~0.00%
Published-05 May, 2024 | 05:00
Updated-27 Jan, 2025 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda i21 setUplinkInfo formSetUplinkInfo stack-based overflow

A vulnerability has been found in Tenda i21 1.0.0.14(4656) and classified as critical. Affected by this vulnerability is the function formSetUplinkInfo of the file /goform/setUplinkInfo. The manipulation of the argument pingHostIp2 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263083. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-i21i21_firmwarei21
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4491
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.19% / 41.20%
||
7 Day CHG~0.00%
Published-04 May, 2024 | 23:31
Updated-27 Jan, 2025 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda i21 formGetDiagnoseInfo stack-based overflow

A vulnerability classified as critical was found in Tenda i21 1.0.0.14(4656). This vulnerability affects the function formGetDiagnoseInfo. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263080. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-i21i21_firmwarei21i21
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-44553
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.22% / 44.78%
||
7 Day CHG~0.00%
Published-26 Aug, 2024 | 00:00
Updated-27 Aug, 2024 | 14:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formGetIptv.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax1806ax1806_firmwaren/aax1806_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-44563
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-0.22% / 44.79%
||
7 Day CHG~0.00%
Published-26 Aug, 2024 | 00:00
Updated-27 Aug, 2024 | 13:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function setIptvInfo.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax1806ax1806_firmwaren/aax1806_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-44565
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-0.22% / 44.79%
||
7 Day CHG~0.00%
Published-26 Aug, 2024 | 00:00
Updated-27 Aug, 2024 | 13:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AX1806 v1.0.0.1 contains a stack overflow via the serverName parameter in the function form_fast_setting_internet_set.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax1806ax1806_firmwaren/aax1806_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-44549
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.6||MEDIUM
EPSS-0.11% / 29.94%
||
7 Day CHG~0.00%
Published-26 Aug, 2024 | 00:00
Updated-27 Aug, 2024 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formGetIptv.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax1806ax1806_firmwaren/aax1806_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-44551
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.22% / 44.78%
||
7 Day CHG~0.00%
Published-26 Aug, 2024 | 00:00
Updated-26 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formGetIptv.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax1806ax1806_firmwaren/aax1806_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-44558
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.22% / 44.78%
||
7 Day CHG~0.00%
Published-26 Aug, 2024 | 00:00
Updated-27 Aug, 2024 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function setIptvInfo.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax1806ax1806_firmwaren/aax1806_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-44557
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-0.22% / 44.79%
||
7 Day CHG~0.00%
Published-26 Aug, 2024 | 00:00
Updated-27 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function setIptvInfo.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax1806ax1806_firmwaren/aax1806_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-44556
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.6||MEDIUM
EPSS-0.11% / 29.94%
||
7 Day CHG~0.00%
Published-26 Aug, 2024 | 00:00
Updated-27 Aug, 2024 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function setIptvInfo.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax1806ax1806_firmwaren/aax1806_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-44550
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.22% / 44.78%
||
7 Day CHG~0.00%
Published-26 Aug, 2024 | 00:00
Updated-27 Aug, 2024 | 14:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formGetIptv.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax1806ax1806_firmwaren/aax1806_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4238
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.61% / 69.51%
||
7 Day CHG~0.00%
Published-26 Apr, 2024 | 20:00
Updated-27 Jan, 2025 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AX1806 SetOnlineDevName formSetDeviceName stack-based overflow

A vulnerability has been found in Tenda AX1806 1.0.0.1 and classified as critical. Affected by this vulnerability is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262129 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ax1806_firmwareax1806AX1806
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4243
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.59% / 68.81%
||
7 Day CHG~0.00%
Published-26 Apr, 2024 | 21:31
Updated-27 Jan, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda W9 wifiSSIDset formwrlSSIDset stack-based overflow

A vulnerability classified as critical has been found in Tenda W9 1.0.0.7(4456). Affected is the function formwrlSSIDset of the file /goform/wifiSSIDset. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-262134 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-w9w9_firmwareW9
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4240
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.25% / 48.53%
||
7 Day CHG~0.00%
Published-26 Apr, 2024 | 20:31
Updated-27 Jan, 2025 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda W9 formQosManageDouble_user stack-based overflow

A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been classified as critical. This affects the function formQosManageDouble_user. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-262131. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-w9w9_firmwareW9w9
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4249
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.14% / 33.33%
||
7 Day CHG~0.00%
Published-27 Apr, 2024 | 11:31
Updated-27 Jan, 2025 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda i21 wifiSSIDget formwrlSSIDget stack-based overflow

A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been classified as critical. Affected is the function formwrlSSIDget of the file /goform/wifiSSIDget. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-262140. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-i21i21_firmwarei21i21
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4251
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.24% / 47.26%
||
7 Day CHG~0.00%
Published-27 Apr, 2024 | 13:00
Updated-27 Jan, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda i21 DhcpSetSe fromDhcpSetSer stack-based overflow

A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been rated as critical. Affected by this issue is the function fromDhcpSetSer of the file /goform/DhcpSetSe. The manipulation of the argument dhcpStartIp/dhcpEndIp/dhcpGw/dhcpMask/dhcpLeaseTime/dhcpDns1/dhcpDns2 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-262142 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-i21i21_firmwarei21i21_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4242
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.59% / 68.81%
||
7 Day CHG~0.00%
Published-26 Apr, 2024 | 21:00
Updated-27 Jan, 2025 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda W9 wifiSSIDget formwrlSSIDget stack-based overflow

A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been rated as critical. This issue affects the function formwrlSSIDget of the file /goform/wifiSSIDget. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262133 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-w9w9_firmwareW9
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4245
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.14% / 33.33%
||
7 Day CHG~0.00%
Published-27 Apr, 2024 | 07:31
Updated-27 Jan, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda i21 formQosManageDouble_user stack-based overflow

A vulnerability, which was classified as critical, has been found in Tenda i21 1.0.0.14(4656). Affected by this issue is the function formQosManageDouble_user. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack may be launched remotely. The identifier of this vulnerability is VDB-262136. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-i21i21_firmwarei21
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4248
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.15% / 35.12%
||
7 Day CHG~0.00%
Published-27 Apr, 2024 | 10:31
Updated-27 Jan, 2025 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda i21 formQosManage_user stack-based overflow

A vulnerability was found in Tenda i21 1.0.0.14(4656) and classified as critical. This issue affects the function formQosManage_user. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-262139. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-i21i21_firmwarei21i21_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4246
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.22% / 44.66%
||
7 Day CHG~0.00%
Published-27 Apr, 2024 | 08:31
Updated-27 Jan, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda i21 formQosManageDouble_auto stack-based overflow

A vulnerability, which was classified as critical, was found in Tenda i21 1.0.0.14(4656). This affects the function formQosManageDouble_auto. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The identifier VDB-262137 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-i21i21_firmwarei21i21
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4252
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.32% / 54.47%
||
7 Day CHG~0.00%
Published-27 Apr, 2024 | 13:31
Updated-27 Jan, 2025 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda i22 formSetUrlFilterRule stack-based overflow

A vulnerability classified as critical has been found in Tenda i22 1.0.0.3(4687). This affects the function formSetUrlFilterRule. The manipulation of the argument groupIndex leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-262143. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-i22i22_firmwarei22i22_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4291
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.32% / 54.47%
||
7 Day CHG~0.00%
Published-27 Apr, 2024 | 20:00
Updated-27 Aug, 2025 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda A301 setBlackRule formAddMacfilterRule stack-based overflow

A vulnerability was found in Tenda A301 15.13.08.12_multi_TDE01. It has been rated as critical. This issue affects the function formAddMacfilterRule of the file /goform/setBlackRule. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-262223. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-a301a301_firmwareA301ac15
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4247
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.32% / 54.47%
||
7 Day CHG~0.00%
Published-27 Apr, 2024 | 09:31
Updated-27 Jan, 2025 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda i21 formQosManage_auto stack-based overflow

A vulnerability has been found in Tenda i21 1.0.0.14(4656) and classified as critical. This vulnerability affects the function formQosManage_auto. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack can be initiated remotely. VDB-262138 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-i21i21_firmwarei21i21
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4237
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-0.58% / 68.55%
||
7 Day CHG~0.00%
Published-26 Apr, 2024 | 19:00
Updated-27 Jan, 2025 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AX1806 execCommand R7WebsSecurityHandler stack-based overflow

A vulnerability, which was classified as critical, was found in Tenda AX1806 1.0.0.1. Affected is the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-262128. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ax1806_firmwareax1806AX1806ax1806_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4236
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.8||HIGH
EPSS-3.06% / 86.53%
||
7 Day CHG~0.00%
Published-26 Apr, 2024 | 17:31
Updated-01 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AX1803 SetDDNSCfg formSetSysToolDDNS stack-based overflow

A vulnerability, which was classified as critical, has been found in Tenda AX1803 1.0.0.1. This issue affects the function formSetSysToolDDNS of the file /goform/SetDDNSCfg. The manipulation of the argument serverName/ddnsUser/ddnsPwd/ddnsDomain leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-262127. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-AX1803ax1803
CWE ID-CWE-121
Stack-based Buffer Overflow
  • Previous
  • 1
  • 2
  • ...
  • 5
  • 6
  • 7
  • ...
  • 55
  • 56
  • Next
Details not found