cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2025-0349,https://securityvulnerability.io/vulnerability/CVE-2025-0349,Stack-based Buffer Overflow in Tenda AC6 by Tenda,"A vulnerability exists in Tenda AC6 15.03.05.16 that allows for a stack-based buffer overflow through the GetParentControlInfo function located in /goform/GetParentControlInfo. Manipulating the 'src' argument could enable remote attackers to exploit the vulnerability, potentially affecting additional parameters. This issue has been publicly disclosed, raising significant concerns regarding its exploitability.",Tenda,Ac6,8.7,HIGH,0.01,false,false,false,true,true,false,false,2025-01-09T10:31:07.078Z,0
CVE-2024-52714,https://securityvulnerability.io/vulnerability/CVE-2024-52714,Buffer Overflow Vulnerability in Tenda AC6 Router,"The Tenda AC6 v2.0, specifically version v15.03.06.50, is susceptible to a buffer overflow vulnerability within the 'fromSetSysTime' function. This flaw can potentially lead to unauthorized access, data corruption, or system crashes, highlighting the need for immediate attention and remediation. Users of Tenda AC6 should prioritize applying security patches and updates to mitigate the associated risks.",Tenda,Ac6 Firmware,9.8,CRITICAL,0.0012400000123307109,false,false,false,false,,false,false,2024-11-19T19:15:00.000Z,0
CVE-2024-10698,https://securityvulnerability.io/vulnerability/CVE-2024-10698,Stack-Based Buffer Overflow in Tenda AC6 Router's Device Name Setting Function,"A serious vulnerability has been detected in the Tenda AC6 router, specifically in the function responsible for setting the device name, located within the /goform/SetOnlineDevName file. This flaw arises from a stack-based buffer overflow, which can be triggered by manipulating the devName argument. This vulnerability is particularly alarming as it can be exploited remotely, allowing an attacker to execute arbitrary code and potentially take control of the device. Users of the affected version, v15.03.05.19, should take immediate steps to secure their network, as the details of this exploit have been publicly disclosed and could be leveraged for attacks.",Tenda,Ac6,9.8,CRITICAL,0.0008999999845400453,false,false,false,true,true,false,false,2024-11-02T13:31:07.358Z,0
CVE-2024-10697,https://securityvulnerability.io/vulnerability/CVE-2024-10697,Command Injection Vulnerability in Tenda AC6 Router Software,"A severe security flaw exists within the Tenda AC6 router's API endpoint, particularly in the function formWriteFacMac located at /goform/WriteFacMac. This vulnerability allows attackers to carry out command injection attacks. By manipulating specific input parameters, an unauthorized user can execute arbitrary commands on the affected device, potentially compromising its integrity. The vulnerability can be exploited remotely, making it accessible without physical access to the device. It is crucial for users of Tenda AC6 routers, especially version 15.03.05.19, to be aware of this risk and implement necessary security measures to safeguard their networks.",Tenda,Ac6,9.8,CRITICAL,0.0006300000241026282,false,false,false,true,true,false,false,2024-11-02T12:00:08.397Z,0
CVE-2023-38823,https://securityvulnerability.io/vulnerability/CVE-2023-38823,,"Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 and v.1.0 allows a remote attacker to execute arbitrary code via the formSetCfm function in bin/httpd.",Tenda,Ac6 Firmware,9.8,CRITICAL,0.0057299998588860035,false,false,false,false,,false,false,2023-11-20T00:00:00.000Z,0
CVE-2023-40830,https://securityvulnerability.io/vulnerability/CVE-2023-40830,,Tenda AC6 v15.03.05.19 is vulnerable to Buffer Overflow as the Index parameter does not verify the length.,Tenda,Ac6 Firmware,9.8,CRITICAL,0.002400000113993883,false,false,false,false,,false,false,2023-10-03T00:00:00.000Z,0
CVE-2021-40546,https://securityvulnerability.io/vulnerability/CVE-2021-40546,,Tenda AC6 US_AC6V4.0RTL_V02.03.01.26_cn.bin allows attackers (who have the administrator password) to cause a denial of service (device crash) via a long string in the wifiPwd_5G parameter to /goform/setWifi.,Tenda,Ac6 Firmware,4.9,MEDIUM,0.0005499999970197678,false,false,false,false,,false,false,2023-09-05T00:00:00.000Z,0
CVE-2023-40848,https://securityvulnerability.io/vulnerability/CVE-2023-40848,,"Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via the function ""sub_7D858.""",Tenda,Ac6 Firmware,9.8,CRITICAL,0.0018400000408291817,false,false,false,false,,false,false,2023-08-30T00:00:00.000Z,0
CVE-2023-40844,https://securityvulnerability.io/vulnerability/CVE-2023-40844,,Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function 'formWifiBasicSet.',Tenda,Ac6 Firmware,9.8,CRITICAL,0.0018400000408291817,false,false,false,false,,false,false,2023-08-30T00:00:00.000Z,0
CVE-2023-40837,https://securityvulnerability.io/vulnerability/CVE-2023-40837,,"Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_ADD50' contains a command execution vulnerability. In the ""formSetIptv"" function, obtaining the ""list"" and ""vlanId"" fields, unfiltered passing these two fields as parameters to the ""sub_ADD50"" function to execute commands.",Tenda,Ac6 Firmware,9.8,CRITICAL,0.002369999885559082,false,false,false,false,,false,false,2023-08-30T00:00:00.000Z,0
CVE-2023-40845,https://securityvulnerability.io/vulnerability/CVE-2023-40845,Buffer Overflow Vulnerability in Tenda AC6 Router,"The Tenda AC6 router's firmware is exposed to a buffer overflow vulnerability due to improper handling of user-supplied input in the function 'sub_34FD0'. This lack of length checks allows attackers to exploit the vulnerability, potentially leading to arbitrary code execution and a compromise of the system. Administrators are encouraged to review their firmware versions and apply necessary patches to mitigate this risk.",Tenda,Ac6 Firmware,9.8,CRITICAL,0.0018400000408291817,false,false,false,false,,false,false,2023-08-30T00:00:00.000Z,0
CVE-2023-40847,https://securityvulnerability.io/vulnerability/CVE-2023-40847,,"Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via the function ""initIpAddrInfo."" In the function, it reads in a user-provided parameter, and the variable is passed to the function without any length check.",Tenda,Ac6 Firmware,9.8,CRITICAL,0.0018400000408291817,false,false,false,false,,false,false,2023-08-30T00:00:00.000Z,0
CVE-2023-40839,https://securityvulnerability.io/vulnerability/CVE-2023-40839,,"Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_ADF3C' contains a command execution vulnerability. In the ""formSetIptv"" function, obtaining the ""list"" and ""vlanId"" fields, unfiltered passing these two fields as parameters to the ""sub_ADF3C"" function to execute commands.",Tenda,Ac6 Firmware,9.8,CRITICAL,0.002369999885559082,false,false,false,false,,false,false,2023-08-30T00:00:00.000Z,0
CVE-2023-40840,https://securityvulnerability.io/vulnerability/CVE-2023-40840,,"Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function ""fromGetWirelessRepeat.""",Tenda,Ac6 Firmware,9.8,CRITICAL,0.0018400000408291817,false,false,false,false,,false,false,2023-08-30T00:00:00.000Z,0
CVE-2023-40841,https://securityvulnerability.io/vulnerability/CVE-2023-40841,,"Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function ""add_white_node,""",Tenda,Ac6 Firmware,9.8,CRITICAL,0.0018400000408291817,false,false,false,false,,false,false,2023-08-30T00:00:00.000Z,0
CVE-2023-40843,https://securityvulnerability.io/vulnerability/CVE-2023-40843,,"Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function ""sub_73004.""",Tenda,Ac6 Firmware,9.8,CRITICAL,0.0018400000408291817,false,false,false,false,,false,false,2023-08-30T00:00:00.000Z,0
CVE-2023-40838,https://securityvulnerability.io/vulnerability/CVE-2023-40838,,Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_3A1D0' contains a command execution vulnerability.,Tenda,Ac6 Firmware,9.8,CRITICAL,0.004720000084489584,false,false,false,false,,false,false,2023-08-30T00:00:00.000Z,0
CVE-2023-40842,https://securityvulnerability.io/vulnerability/CVE-2023-40842,,"Tengda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function ""R7WebsSecurityHandler.""",Tenda,Ac6 Firmware,9.8,CRITICAL,0.0018400000408291817,false,false,false,false,,false,false,2023-08-30T00:00:00.000Z,0
CVE-2023-40846,https://securityvulnerability.io/vulnerability/CVE-2023-40846,,Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function sub_90998.,Tenda,Ac6 Firmware,9.8,CRITICAL,0.0017999999690800905,false,false,false,false,,false,false,2023-08-28T00:00:00.000Z,0
CVE-2023-39670,https://securityvulnerability.io/vulnerability/CVE-2023-39670,,Tenda AC6 _US_AC6V1.0BR_V15.03.05.16 was discovered to contain a buffer overflow via the function fgets.,Tenda,Ac6 Firmware,9.8,CRITICAL,0.0023499999660998583,false,false,false,false,,false,false,2023-08-18T03:15:00.000Z,0
CVE-2022-40010,https://securityvulnerability.io/vulnerability/CVE-2022-40010,,Tenda AC6 AC1200 Smart Dual-Band WiFi Router 15.03.06.50_multi was discovered to contain a cross-site scripting (XSS) vulnerability via the deviceId parameter in the Parental Control module.,Tenda,Ac6 Firmware,5.4,MEDIUM,0.0006900000153109431,false,false,false,false,,false,false,2023-06-26T00:00:00.000Z,0
CVE-2023-2923,https://securityvulnerability.io/vulnerability/CVE-2023-2923,Tenda AC6 fromDhcpListClient stack-based overflow,"A stack-based buffer overflow vulnerability has been identified in the Tenda AC6 Router, specifically in the function fromDhcpListClient. This vulnerability can be exploited remotely, potentially allowing an attacker to manipulate the router's functionality by providing crafted input. The exploit has been publicly disclosed, raising concerns for users of the affected firmware version (US_AC6V1.0BR_V15.03.05.19). Initial outreach to the vendor regarding this vulnerability went unanswered, which emphasizes the urgency for users to take necessary precautions.",Tenda,AC6,9.8,CRITICAL,0.003980000037699938,false,false,false,false,,false,false,2023-05-27T08:15:00.000Z,0
CVE-2023-26976,https://securityvulnerability.io/vulnerability/CVE-2023-26976,Stack Overflow Vulnerability in Tenda AC6 Routers,"A stack overflow vulnerability exists in Tenda AC6 routers due to improper handling of the ssid parameter within the form_fast_setting_wifi_set function. This flaw could allow an attacker to exploit the vulnerable components of the router, potentially leading to unauthorized access and the execution of arbitrary code. Users are urged to check their firmware and apply any available patches to mitigate the risk posed by this vulnerability.",Tenda,Ac6 Firmware,7.5,HIGH,0.0008900000248104334,false,false,false,true,true,false,false,2023-04-04T02:15:00.000Z,0
CVE-2022-45650,https://securityvulnerability.io/vulnerability/CVE-2022-45650,,Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the firewallEn parameter in the formSetFirewallCfg function.,Tenda,Ac6 Firmware,7.5,HIGH,0.0005699999746866524,false,false,false,false,,false,false,2022-12-02T00:00:00.000Z,0
CVE-2022-45652,https://securityvulnerability.io/vulnerability/CVE-2022-45652,,Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the startIp parameter in the formSetPPTPServer function.,Tenda,Ac6 Firmware,7.5,HIGH,0.0005699999746866524,false,false,false,false,,false,false,2022-12-02T00:00:00.000Z,0