cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2025-0528,https://securityvulnerability.io/vulnerability/CVE-2025-0528,"Command Injection Vulnerability in Tenda AC8, AC10 and AC18 Routers","A command injection vulnerability exists in Tenda AC8, AC10, and AC18 routers due to improper handling of the /goform/telnet functionality by the HTTP Request Handler. This flaw allows an attacker to execute arbitrary commands on the affected devices remotely, potentially gaining unauthorized access or control. It is crucial for users to address this issue to mitigate the associated risks and protect their network security.",Tenda,"Ac8,Ac10,Ac18",8.6,HIGH,0.000699999975040555,false,false,false,true,true,false,false,2025-01-17T14:31:07.148Z,0
CVE-2024-11248,https://securityvulnerability.io/vulnerability/CVE-2024-11248,Stack-based Buffer Overflow in Tenda AC10 Router,"A significant vulnerability exists within the Tenda AC10 router, specifically in the formSetRebootTimer function located in the /goform/SetSysAutoRebbotCfg file. This vulnerability enables a stack-based buffer overflow due to improper handling of the rebootTime argument. The flaw permits threat actors to launch remote attacks, potentially leading to unauthorized access to the device. The disclosure of this exploit in public forums increases the urgency for device owners to address the vulnerability to safeguard their networks.",Tenda,Ac10 Firmware,8.8,HIGH,0.0010999999940395355,false,false,false,false,,false,false,2024-11-15T17:15:00.000Z,0
CVE-2024-11061,https://securityvulnerability.io/vulnerability/CVE-2024-11061,Stack-Based Buffer Overflow in Tenda AC10 Router,"A severe stack-based buffer overflow vulnerability exists in the Tenda AC10 router, specifically within the function FUN_0044db3c of the /goform/fast_setting_wifi_set file. By manipulating the timeZone argument, an attacker can potentially execute arbitrary code remotely. This vulnerability poses significant risks to users, as it can be exploited over the network without requiring any physical access to the device. Immediate action is advised to mitigate the risks associated with this critical vulnerability.",Tenda,Ac10,8.8,HIGH,0.0023300000466406345,false,false,false,true,true,false,false,2024-11-11T00:31:07.099Z,0
CVE-2024-11056,https://securityvulnerability.io/vulnerability/CVE-2024-11056,Stack-Based Buffer Overflow in Tenda AC10 Routers,"A critical security vulnerability identified in the Tenda AC10 router allows an attacker to exploit a stack-based buffer overflow in the /goform/WifiExtraSet function. This issue arises from improper handling of the wpapsk_crypto argument, which can lead to unauthorized access or execution of arbitrary code. Attackers can initiate this exploit remotely, making it especially dangerous for users of affected versions. As the exploit details have been disclosed publicly, it is crucial for users to take immediate action to secure their devices, such as applying relevant patches and enhancing their network security measures.",Tenda,Ac10,8.8,HIGH,0.001290000043809414,false,false,false,true,true,false,false,2024-11-10T16:31:06.581Z,0
CVE-2024-2856,https://securityvulnerability.io/vulnerability/CVE-2024-2856,Stack-Based Buffer Overflow Vulnerability in Tenda AC10,"A critical stack-based buffer overflow vulnerability has been identified in the Tenda AC10 router, specifically in the fromSetSysTime function located at /goform/SetSysTimeCfg. This vulnerability arises from improper handling of the timeZone argument, allowing remote attackers to leverage this flaw to execute arbitrary code on affected systems. The affected versions include Tenda AC10 firmware versions 16.03.10.13 and 16.03.10.20. This exploit poses significant risks as it enables the potential takeover of the device, threatening both individual users and broader network security. Despite multiple attempts to communicate this issue to Tenda, no response has been received, highlighting the urgency for users to assess the security measures of their affected devices.",Tenda,Ac10,8.8,HIGH,0.000910000002477318,false,false,false,true,true,false,false,2024-03-24T06:31:04.241Z,0
CVE-2024-2581,https://securityvulnerability.io/vulnerability/CVE-2024-2581,Stack-Based Buffer Overflow in Tenda AC10 Router,"A critical vulnerability exists in the Tenda AC10 router, specifically in the fromSetRouteStatic function located in the /goform/SetStaticRouteCfg file. This vulnerability can be exploited remotely and arises due to improper validation of the argument list, leading to a stack-based buffer overflow. Successful exploitation can allow attackers to execute arbitrary code on the affected device, potentially compromising the security of the network. The vulnerability has been publicly disclosed and is tagged as VDB-257081, highlighting its significance for users of the affected product.",Tenda,Ac10,8.8,HIGH,0.00044999999227002263,false,false,false,true,true,false,false,2024-03-18T03:00:06.600Z,0
CVE-2023-45481,https://securityvulnerability.io/vulnerability/CVE-2023-45481,Stack Overflow in Tenda AC10 Firewall Configuration,"A stack overflow vulnerability has been identified in the Tenda AC10 router, specifically in the firewall configuration feature. This issue arises when input is processed via the firewallEn parameter in the SetFirewallCfg function, potentially leading to unauthorized access or interference with firewall settings. Users of the affected version should take immediate steps to secure their devices by applying available updates and monitor for any unusual activities in their network.",Tenda,Ac10 Firmware,9.8,CRITICAL,0.0022700000554323196,false,false,false,false,,false,false,2023-11-29T00:00:00.000Z,0
CVE-2023-45482,https://securityvulnerability.io/vulnerability/CVE-2023-45482,Stack Overflow Vulnerability in Tenda AC10 Router,"A stack overflow vulnerability has been identified in the Tenda AC10 router, specifically in the function responsible for retrieving parental control list information. This flaw allows attackers to manipulate the 'urls' parameter, potentially leading to unintended behavior and security breaches. Exploitation of this vulnerability could provide unauthorized access to sensitive settings, compromising the integrity and confidentiality of the device. It is crucial for users to apply updates and follow best security practices to mitigate the risks associated with this vulnerability.",Tenda,Ac10 Firmware,9.8,CRITICAL,0.0022700000554323196,false,false,false,false,,false,false,2023-11-29T00:00:00.000Z,0
CVE-2023-45479,https://securityvulnerability.io/vulnerability/CVE-2023-45479,Stack Overflow Vulnerability in Tenda AC10 Router,"A stack overflow vulnerability has been identified in the Tenda AC10 router, specifically affecting version US_AC10V4.0si_V16.03.10.13_cn. This vulnerability can be exploited through the 'list' parameter in the function sub_49E098, potentially allowing attackers to execute arbitrary code or cause a denial of service. It is crucial for users of the Tenda AC10 router to apply necessary patches and follow best security practices to mitigate risks associated with this vulnerability.",Tenda,Ac10 Firmware,9.8,CRITICAL,0.0022700000554323196,false,false,false,false,,false,false,2023-11-29T00:00:00.000Z,0
CVE-2023-45483,https://securityvulnerability.io/vulnerability/CVE-2023-45483,Stack Overflow Vulnerability in Tenda AC10 Router,"The Tenda AC10 router is vulnerable to a stack overflow issue triggered by the time parameter in the compare_parentcontrol_time function. This vulnerability could potentially allow an attacker to manipulate memory, leading to unauthorized access or executing arbitrary code on the device. Users of the affected version should take immediate action to mitigate the risk associated with this vulnerability.",Tenda,Ac10 Firmware,9.8,CRITICAL,0.0022700000554323196,false,false,false,false,,false,false,2023-11-29T00:00:00.000Z,0
CVE-2023-45480,https://securityvulnerability.io/vulnerability/CVE-2023-45480,Stack Overflow Vulnerability in Tenda AC10 Router,"A stack overflow vulnerability has been identified in the Tenda AC10 router. The issue arises from improper handling of the 'src' parameter within the function sub_47D878, allowing attackers to potentially execute arbitrary code. This vulnerability is particularly concerning as it could enable unauthorized access to network devices, compromising overall system integrity.",Tenda,Ac10 Firmware,9.8,CRITICAL,0.0022700000554323196,false,false,false,false,,false,false,2023-11-29T00:00:00.000Z,0
CVE-2023-45484,https://securityvulnerability.io/vulnerability/CVE-2023-45484,Stack Overflow Vulnerability in Tenda AC10 Router,"The Tenda AC10 router contains a vulnerability triggered by a stack overflow in the shareSpeed parameter within the fromSetWifiGuestBasic function. This can lead to unauthorized control over the device or a complete system crash, potentially exposing sensitive user data or allowing for remote code execution. Users are recommended to update their firmware to mitigate this security risk.",Tenda,Ac10 Firmware,9.8,CRITICAL,0.0022700000554323196,false,false,false,false,,false,false,2023-11-29T00:00:00.000Z,0
CVE-2023-42320,https://securityvulnerability.io/vulnerability/CVE-2023-42320,Buffer Overflow Vulnerability in Tenda AC10V4 Router,"The buffer overflow vulnerability in Tenda AC10V4 router versions allows remote attackers to exploit the mac parameter in the GetParentControlInfo function. This could lead to a denial of service, adversely affecting network stability and performance. Users are advised to update their devices to mitigate potential risks.",Tenda,Ac10 Firmware,9.8,CRITICAL,0.006010000128298998,false,false,false,false,,false,false,2023-09-18T00:00:00.000Z,0
CVE-2023-38937,https://securityvulnerability.io/vulnerability/CVE-2023-38937,Stack Overflow Vulnerability in Tenda Routers,"A stack overflow vulnerability has been identified in various Tenda routers through the 'list' parameter in the 'formSetVirtualSer' function. Exploiting this flaw can potentially allow attackers to execute arbitrary code, leading to unauthorized access or compromised device control. Users of the affected models should apply the latest firmware updates to mitigate any risks associated with this vulnerability.",Tenda,Ac10 Firmware,9.8,CRITICAL,0.001970000099390745,false,false,false,false,,false,false,2023-08-07T00:00:00.000Z,0
CVE-2023-38936,https://securityvulnerability.io/vulnerability/CVE-2023-38936,Stack Overflow Vulnerability in Tenda Router Products,"A stack overflow vulnerability has been identified in various Tenda router models, triggered by improper handling of the speed_dir parameter within the formSetSpeedWan function. This flaw may allow an attacker to craft specifically designed input, potentially leading to abnormal behavior of the impacted devices, unauthorized access, or execution of arbitrary code. Network administrators using affected Tenda routers should incorporate immediate mitigative steps to safeguard their systems against potential exploitation.",Tenda,Ac10 Firmware,9.8,CRITICAL,0.002469999948516488,false,false,false,false,,false,false,2023-08-07T00:00:00.000Z,0
CVE-2023-38933,https://securityvulnerability.io/vulnerability/CVE-2023-38933,Stack Overflow Vulnerability in Tenda Routers and IoT Devices,"Recent findings indicate that several Tenda router and IoT device models are susceptible to a stack overflow vulnerability. The issue arises from improper handling of the deviceId parameter in the formSetClientState function, which could allow attackers to exploit this flaw. Devices affected include the AC6, AC7, and F1203 among others, with specific firmware versions identified. Prompt action is recommended to mitigate risks associated with this vulnerability.",Tenda,Ac10 Firmware,9.8,CRITICAL,0.001970000099390745,false,false,false,false,,false,false,2023-08-07T00:00:00.000Z,0
CVE-2023-38931,https://securityvulnerability.io/vulnerability/CVE-2023-38931,Stack Overflow Vulnerability in Tenda AC Series Routers,"A stack overflow vulnerability has been identified in multiple Tenda AC series routers. This issue arises from improper handling of the list parameter within the setaccount function, potentially leading to unauthorized access and exploitation of device functionality. Users are advised to implement security measures to mitigate potential risks associated with this vulnerability.",Tenda,Ac10 Firmware,9.8,CRITICAL,0.001970000099390745,false,false,false,false,,false,false,2023-08-07T00:00:00.000Z,0
CVE-2023-37710,https://securityvulnerability.io/vulnerability/CVE-2023-37710,Stack Overflow Vulnerability in Tenda AC1206 and AC10 Products,"The Tenda AC1206 and AC10 devices have been found to be susceptible to a stack overflow vulnerability that occurs in the wpapsk_crypto parameter within the fromSetWirelessRepeat function. This flaw can potentially be exploited to compromise device security, allowing unauthorized access and manipulation of sensitive settings.",Tenda,Ac10 Firmware,9.8,CRITICAL,0.001930000027641654,false,false,false,false,,false,false,2023-07-10T00:00:00.000Z,0
CVE-2023-37711,https://securityvulnerability.io/vulnerability/CVE-2023-37711,Stack Overflow in Tenda AC1206 and AC10 Devices,"A stack overflow vulnerability exists in the Tenda AC1206 and AC10 devices, specifically within the saveParentControlInfo function, which improperly processes the deviceId parameter. This flaw can potentially allow attackers to execute arbitrary code, compromising the integrity and security of the affected devices.",Tenda,Ac10 Firmware,9.8,CRITICAL,0.001930000027641654,false,false,false,false,,false,false,2023-07-10T00:00:00.000Z,0
CVE-2023-37144,https://securityvulnerability.io/vulnerability/CVE-2023-37144,Command Injection Vulnerability in Tenda AC10 Router,"The Tenda AC10 router, specifically version 15.03.06.26, is prone to a command injection vulnerability that arises from improper validation of the 'mac' parameter within the 'formWriteFacMac' function. This security flaw allows an attacker to execute arbitrary commands on the device, potentially compromising the router's integrity and allowing unauthorized access. Users are advised to update their devices promptly to mitigate the risk posed by this vulnerability.",Tenda,Ac10 Firmware,9.8,CRITICAL,0.005659999791532755,false,false,false,false,,false,false,2023-07-07T00:00:00.000Z,0
CVE-2023-34567,https://securityvulnerability.io/vulnerability/CVE-2023-34567,,Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list at /goform/SetVirtualServerCfg.,Tenda,Ac10 Firmware,6.7,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2023-06-08T00:00:00.000Z,0
CVE-2023-34570,https://securityvulnerability.io/vulnerability/CVE-2023-34570,,Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter devName at /goform/SetOnlineDevName.,Tenda,Ac10 Firmware,6.7,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2023-06-08T00:00:00.000Z,0
CVE-2023-34566,https://securityvulnerability.io/vulnerability/CVE-2023-34566,Stack Overflow in Tenda AC10 Router Affects Home Network Security,"A stack overflow vulnerability has been identified in the Tenda AC10 router, specifically in the firmware version US_AC10V4.0si_V16.03.10.13_cn. This vulnerability occurs via a parameter input at the /goform/saveParentControlInfo endpoint, potentially allowing an attacker to exploit the router and manipulate its operations. Users are advised to update their firmware to mitigate risks associated with this security flaw.",Tenda,Ac10 Firmware,9.8,CRITICAL,0.0022700000554323196,false,false,false,false,,false,false,2023-06-08T00:00:00.000Z,0
CVE-2023-34569,https://securityvulnerability.io/vulnerability/CVE-2023-34569,,Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list at /goform/SetNetControlList.,Tenda,Ac10 Firmware,6.7,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2023-06-08T00:00:00.000Z,0
CVE-2023-34568,https://securityvulnerability.io/vulnerability/CVE-2023-34568,,Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter time at /goform/PowerSaveSet.,Tenda,Ac10 Firmware,6.7,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2023-06-08T00:00:00.000Z,0