cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-0848,https://securityvulnerability.io/vulnerability/CVE-2025-0848,Stack-based Buffer Overflow in Tenda A18 HTTP POST Request Handler,"A stack-based buffer overflow vulnerability exists in the SetCmdlineRun function of the HTTP POST Request Handler in Tenda A18 routers, specifically in versions up to 15.13.07.09. This issue can be exploited remotely when manipulating the wpapsk_crypto5g argument, potentially leading to unauthorized access or other malicious actions. With the exploit details publicly disclosed, it is crucial for users to update their devices to mitigate risks.",Tenda,A18,7.1,HIGH,0.0011099999537691474,false,,false,false,true,2025-01-30T01:00:19.000Z,true,false,false,,2025-01-30T01:00:19.576Z,0
CVE-2025-0566,https://securityvulnerability.io/vulnerability/CVE-2025-0566,Stack-based Buffer Overflow in Tenda AC15 Router,"The Tenda AC15 router suffers from a stack-based buffer overflow vulnerability in the formSetDevNetName function found in the /goform/SetDevNetName file. This flaw arises from improper handling of the 'mac' argument, allowing attackers to exploit the vulnerability remotely. Once publicly disclosed, this potential exploit poses significant risks for users, enabling unauthorized access and control over affected devices. It is crucial for users to update their devices to mitigate the risks associated with this vulnerability.",Tenda,Ac15,8.7,HIGH,0.0011399999493733048,false,,false,false,true,2025-01-19T06:31:12.000Z,true,false,false,,2025-01-19T06:31:12.505Z,0
CVE-2025-0528,https://securityvulnerability.io/vulnerability/CVE-2025-0528,"Command Injection Vulnerability in Tenda AC8, AC10 and AC18 Routers","A command injection vulnerability exists in Tenda AC8, AC10, and AC18 routers due to improper handling of the /goform/telnet functionality by the HTTP Request Handler. This flaw allows an attacker to execute arbitrary commands on the affected devices remotely, potentially gaining unauthorized access or control. It is crucial for users to address this issue to mitigate the associated risks and protect their network security.",Tenda,"Ac8,Ac10,Ac18",8.6,HIGH,0.000699999975040555,false,,false,false,true,2025-01-17T14:31:07.000Z,true,false,false,,2025-01-17T14:31:07.148Z,0
CVE-2025-0349,https://securityvulnerability.io/vulnerability/CVE-2025-0349,Stack-based Buffer Overflow in Tenda AC6 by Tenda,"A vulnerability exists in Tenda AC6 15.03.05.16 that allows for a stack-based buffer overflow through the GetParentControlInfo function located in /goform/GetParentControlInfo. Manipulating the 'src' argument could enable remote attackers to exploit the vulnerability, potentially affecting additional parameters. This issue has been publicly disclosed, raising significant concerns regarding its exploitability.",Tenda,Ac6,8.7,HIGH,0.00044999999227002263,false,,false,false,true,2025-01-09T10:31:07.000Z,true,false,false,,2025-01-09T10:31:07.078Z,0
CVE-2024-12002,https://securityvulnerability.io/vulnerability/CVE-2024-12002,Remote Code Execution Vulnerability in Tenda Networking Products,"A high-risk vulnerability (CVE-2024-12002) has been identified in various Tenda networking products, including the FH451, FH1201, FH1202, and FH1206. This vulnerability occurs within the websReadEvent function located in the /goform/GetIPTV file. A remote attacker can manipulate the Content-Length argument, leading to a null pointer dereference condition. The vulnerability has been publicly disclosed, which implies that it could be actively exploited by cybercriminals. Users are strongly advised to update their devices to mitigate any risks associated with this flaw.",Tenda,"Fh451,Fh1201,Fh1202,Fh1206",6.5,MEDIUM,0.0012000000569969416,false,,false,false,true,2024-11-30T13:00:14.000Z,true,false,false,,2024-11-30T13:00:14.751Z,0
CVE-2024-11745,https://securityvulnerability.io/vulnerability/CVE-2024-11745,Stack-Based Buffer Overflow Vulnerability in Tenda AC8 Product,"A critical vulnerability has been identified in the Tenda AC8 router, specifically within the 'route_static_check' function in the SetStaticRouteCfg file. This vulnerability manifests as a stack-based buffer overflow due to improper handling of argument lists. An attacker can exploit this flaw remotely, potentially leading to unauthorized access or other malicious actions. The exploit has been made public, heightening the urgency for users of the affected Tenda AC8 version 16.03.34.09 to implement protective measures immediately to safeguard their networks.",Tenda,Ac8,9.8,CRITICAL,0.0008699999889358878,false,,false,false,true,2024-11-26T21:00:12.000Z,true,false,false,,2024-11-26T21:00:12.592Z,0
CVE-2024-11650,https://securityvulnerability.io/vulnerability/CVE-2024-11650,Null Pointer Dereference Vulnerability in Tenda i9 Router,"CVE-2024-11650 highlights a critical vulnerability in the Tenda i9 router, specifically within the websReadEvent function, which is located in the /goform/GetIPTV file. This flaw leads to a null pointer dereference, allowing remote attackers to exploit the system without needing physical access. The vulnerability has been publicly disclosed, increasing the urgency for users to patch their devices. All users of Tenda i9 version 1.0.0.8(3828) should be alert to this vulnerability and ensure their devices are updated to safeguard against potential exploits.",Tenda,I9,,,0.00044999999227002263,false,,false,false,true,2024-11-25T02:00:15.000Z,true,false,false,,2024-11-25T02:00:15.883Z,0
CVE-2024-11061,https://securityvulnerability.io/vulnerability/CVE-2024-11061,Stack-Based Buffer Overflow in Tenda AC10 Router,"A severe stack-based buffer overflow vulnerability exists in the Tenda AC10 router, specifically within the function FUN_0044db3c of the /goform/fast_setting_wifi_set file. By manipulating the timeZone argument, an attacker can potentially execute arbitrary code remotely. This vulnerability poses significant risks to users, as it can be exploited over the network without requiring any physical access to the device. Immediate action is advised to mitigate the risks associated with this critical vulnerability.",Tenda,Ac10,8.8,HIGH,0.0023300000466406345,false,,false,false,true,2024-11-11T00:31:07.000Z,true,false,false,,2024-11-11T00:31:07.099Z,0
CVE-2024-11056,https://securityvulnerability.io/vulnerability/CVE-2024-11056,Stack-Based Buffer Overflow in Tenda AC10 Routers,"A critical security vulnerability identified in the Tenda AC10 router allows an attacker to exploit a stack-based buffer overflow in the /goform/WifiExtraSet function. This issue arises from improper handling of the wpapsk_crypto argument, which can lead to unauthorized access or execution of arbitrary code. Attackers can initiate this exploit remotely, making it especially dangerous for users of affected versions. As the exploit details have been disclosed publicly, it is crucial for users to take immediate action to secure their devices, such as applying relevant patches and enhancing their network security measures.",Tenda,Ac10,8.8,HIGH,0.001290000043809414,false,,false,false,true,2024-11-10T16:31:06.000Z,true,false,false,,2024-11-10T16:31:06.581Z,0
CVE-2024-10750,https://securityvulnerability.io/vulnerability/CVE-2024-10750,Remote Vulnerability in Tenda i22 Could Lead to Null Pointer Dereference,A vulnerability has been found in Tenda i22 1.0.0.3(4687) and classified as problematic. Affected by this vulnerability is the function websReadEvent of the file /goform/GetIPTV?fgHPOST/goform/SysToo. The manipulation of the argument Content-Length leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.,Tenda,I22,6.5,MEDIUM,0.0012000000569969416,false,,false,false,true,2024-11-04T01:00:07.000Z,true,false,false,,2024-11-04T01:00:07.611Z,0
CVE-2024-10698,https://securityvulnerability.io/vulnerability/CVE-2024-10698,Stack-Based Buffer Overflow in Tenda AC6 Router's Device Name Setting Function,"A serious vulnerability has been detected in the Tenda AC6 router, specifically in the function responsible for setting the device name, located within the /goform/SetOnlineDevName file. This flaw arises from a stack-based buffer overflow, which can be triggered by manipulating the devName argument. This vulnerability is particularly alarming as it can be exploited remotely, allowing an attacker to execute arbitrary code and potentially take control of the device. Users of the affected version, v15.03.05.19, should take immediate steps to secure their network, as the details of this exploit have been publicly disclosed and could be leveraged for attacks.",Tenda,Ac6,9.8,CRITICAL,0.0008999999845400453,false,,false,false,true,2024-11-02T13:31:07.000Z,true,false,false,,2024-11-02T13:31:07.358Z,0
CVE-2024-10697,https://securityvulnerability.io/vulnerability/CVE-2024-10697,Command Injection Vulnerability in Tenda AC6 Router Software,"A severe security flaw exists within the Tenda AC6 router's API endpoint, particularly in the function formWriteFacMac located at /goform/WriteFacMac. This vulnerability allows attackers to carry out command injection attacks. By manipulating specific input parameters, an unauthorized user can execute arbitrary commands on the affected device, potentially compromising its integrity. The vulnerability can be exploited remotely, making it accessible without physical access to the device. It is crucial for users of Tenda AC6 routers, especially version 15.03.05.19, to be aware of this risk and implement necessary security measures to safeguard their networks.",Tenda,Ac6,9.8,CRITICAL,0.0006300000241026282,false,,false,false,true,2024-11-02T12:00:08.000Z,true,false,false,,2024-11-02T12:00:08.397Z,0
CVE-2024-10662,https://securityvulnerability.io/vulnerability/CVE-2024-10662,Stack-Based Buffer Overflow in Tenda AC15 Router,"A critical vulnerability exists in the Tenda AC15 router, specifically in the formSetDeviceName function located within the /goform/SetOnlineDevName script. This security flaw allows for a stack-based buffer overflow due to inadequate input validation of the devName parameter. An attacker can exploit this vulnerability remotely, allowing them to potentially execute arbitrary code or disrupt the operation of the device. It is essential for users of the affected router model to apply the necessary security patches and updates to mitigate the risk of exploitation. For more detailed analysis and technical specifications, please refer to the security advisory links provided.",Tenda,Ac15,8.8,HIGH,0.0017000000225380063,false,,false,false,true,2024-11-01T16:00:16.000Z,true,false,false,,2024-11-01T16:00:16.399Z,0
CVE-2024-10661,https://securityvulnerability.io/vulnerability/CVE-2024-10661,Buffer Overflow Vulnerability in Tenda AC15 Router,"A stack-based buffer overflow vulnerability has been identified in the Tenda AC15 router, specifically within the SetDlnaCfg function found in the /goform/SetDlnaCfg file. This vulnerability occurs due to improper handling of the scanList argument, which can be exploited by attackers to execute remote code. As this flaw has been publicly disclosed, it poses a significant threat to users of the affected firmware version 15.03.05.19. Immediate action should be taken to secure devices running this software to prevent unauthorized access and potential exploitation.",Tenda,Ac15,8.8,HIGH,0.0017000000225380063,false,,false,false,true,2024-11-01T16:00:13.000Z,true,false,false,,2024-11-01T16:00:13.148Z,0
CVE-2024-10434,https://securityvulnerability.io/vulnerability/CVE-2024-10434,Stack-Based Buffer Overflow Vulnerability in Tenda AC1206 Router,"Recently identified vulnerabilities in the Tenda AC1206 router highlight significant security concerns, particularly a critical stack-based buffer overflow associated with the ate_Tenda_mfg_check_usb function. This vulnerability allows attackers to manipulate specific arguments resulting in a buffer overflow, which can be exploited remotely. With versions up to 20241027 affected, this issue poses a grave risk as it could allow unauthorized access and control over the router. Given that this exploit has been publicly disclosed, it's crucial for users to be aware and apply necessary updates to safeguard against potential attacks.",Tenda,Ac1206,9.8,CRITICAL,0.003530000103637576,false,,false,false,true,2024-10-28T00:31:05.000Z,true,false,false,,2024-10-28T00:31:05.947Z,0
CVE-2024-10351,https://securityvulnerability.io/vulnerability/CVE-2024-10351,Tenda RX9 Pro Vulnerability: Stack-Based Buffer Overflow Threat,"A security vulnerability has been identified in the Tenda RX9 Pro router, specifically within the function sub_424CE0 of the component responsible for handling POST requests. The issue arises from improper handling of the 'deviceList' argument within the MAC filter configuration. This manipulation can lead to a stack-based buffer overflow, potentially allowing an attacker to execute arbitrary code remotely. With the exploit now publicly disclosed, users are advised to take immediate action and apply necessary security measures to safeguard their devices.",Tenda,Rx9 Pro,8.8,HIGH,0.0008999999845400453,false,,false,false,true,2024-10-24T23:15:00.000Z,true,false,false,,2024-10-25T00:15:00.000Z,0
CVE-2024-9793,https://securityvulnerability.io/vulnerability/CVE-2024-9793,Remote Command Injection Vulnerability in Tenda AC1206 Router,"A severe vulnerability has been identified in Tenda's AC1206 router affecting all versions up to 15.03.06.23. This security flaw resides in the ate_iwpriv_set and ate_ifconfig_set functions located in the /goform/ate file, enabling attackers to perform command injection. Given the nature of this vulnerability, it can be exploited remotely, allowing unauthorized users to execute harmful commands that may lead to the compromise of the router's functionality and security. Despite early disclosure of the vulnerability to Tenda, no response or remediation has been provided by the vendor, raising concerns over user safety. It is crucial for users of the affected devices to take immediate action to mitigate the risks associated with this vulnerability.",Tenda,Ac1206,9.8,CRITICAL,0.031530000269412994,false,,false,false,true,2024-10-10T14:31:06.000Z,true,false,false,,2024-10-10T15:31:06.625Z,0
CVE-2024-8231,https://securityvulnerability.io/vulnerability/CVE-2024-8231,Remote Stack-Based Buffer Overflow in Tenda O6 Router,"A serious stack-based buffer overflow vulnerability has been identified in Tenda O6 routers, specifically affecting the function 'fromVirtualSet' in the '/goform/setPortForward' configuration file. The vulnerability occurs due to improper handling of the 'ip', 'localPort', 'publicPort', and 'app' arguments. This oversight can be exploited remotely, allowing attackers to manipulate input parameters and execute arbitrary code on the device. The potential impact includes unauthorized access to network resources and various cybersecurity risks. Ignoring this issue poses significant threats to users relying on these devices for secure connectivity.",Tenda,O6,8.8,HIGH,0.0008999999845400453,false,,false,false,true,2024-08-28T00:00:09.000Z,true,false,false,,2024-08-28T01:00:09.903Z,0
CVE-2024-8230,https://securityvulnerability.io/vulnerability/CVE-2024-8230,Stack-Based Buffer Overflow in Tenda O6 Wi-Fi Extender,"A significant security vulnerability has been identified in the Tenda O6 Wi-Fi extender, specifically in version 1.0.0.7 (2054). This flaw resides in the 'fromSafeSetMacFilter' function, enabling a stack-based buffer overflow when the arguments related to remark, type, or time are manipulated. The exploit can be carried out remotely, posing a considerable risk to users' network security. Despite notifications regarding this vulnerability, Tenda has yet to respond. It is crucial for users of the affected product to apply necessary updates and consider additional security measures to protect their networks from potential attacks.",Tenda,O6,9.8,CRITICAL,0.003530000103637576,false,,false,false,true,2024-08-28T00:00:07.000Z,true,false,false,,2024-08-28T01:00:07.395Z,0
CVE-2024-8229,https://securityvulnerability.io/vulnerability/CVE-2024-8229,$title,"A vulnerability exists in the Tenda O6 product due to improper handling of the 'mac' argument in the frommacFilterModify function located in the /goform/operateMacFilter file. This issue can result in a stack-based buffer overflow, enabling remote attackers to potentially execute arbitrary code on affected devices. The exploit has been publicly disclosed, and the vendor has not responded to initial communications regarding this security concern.",Tenda,O6,9.8,CRITICAL,0.003530000103637576,false,,false,false,true,2024-08-27T23:31:05.000Z,true,false,false,,2024-08-28T00:31:05.407Z,0
CVE-2024-8225,https://securityvulnerability.io/vulnerability/CVE-2024-8225,Stack-Based Buffer Overflow in Tenda G3 Routers,"A significant stack-based buffer overflow vulnerability has been identified in Tenda G3 routers running version 15.11.0.20, specifically within the 'formSetSysTime' function of the 'SetSysTimeCfg' endpoint. This vulnerability can be exploited remotely by manipulating the 'sysTimePolicy' argument, potentially allowing an attacker to execute arbitrary code on the affected device. The exploit is public and has been disclosed, raising concerns for users' IoT security. Despite early notifications to Tenda, no response has been received, emphasizing the urgency for users to apply available security measures promptly.",Tenda,G3,9.8,CRITICAL,0.003530000103637576,false,,false,false,true,2024-08-27T22:15:00.000Z,true,false,false,,2024-08-27T23:15:00.000Z,0
CVE-2024-7613,https://securityvulnerability.io/vulnerability/CVE-2024-7613,Buffer Overflow Vulnerability in Tenda FH1206 Could Lead to Remote Code Execution,"A buffer overflow vulnerability exists in the Tenda FH1206 router, specifically in the GstDhcpSetSer function located at /goform/GstDhcpSetSer. The manipulation of the 'dips' argument allows an attacker to exploit this vulnerability, potentially leading to unauthorized remote code execution. This issue has been disclosed publicly, raising concerns about its exploitation, especially given the lack of vendor response upon early notification. Security measures should be implemented to protect affected versions from potential attacks.",Tenda,Fh1206,9.8,CRITICAL,0.0006300000241026282,false,,false,false,true,2024-08-12T12:38:00.000Z,true,false,false,,2024-08-12T13:38:00.000Z,0
CVE-2024-7614,https://securityvulnerability.io/vulnerability/CVE-2024-7614,Tenda FH1206 qossetting fromqossetting stack-based overflow,"A vulnerability affecting Tenda FH1206 version 1.2.0.8(8155) has been identified in the fromqossetting function, located within the /goform/qossetting file. This issue stems from improper argument handling, which can lead to a stack-based buffer overflow. Attackers could potentially exploit this vulnerability from a remote location, allowing unauthorized access to the device. This vulnerability has been made publicly known, raising concerns about the potential for exploitation. Despite prior notifications to the vendor regarding this security issue, there was no acknowledgment or response from Tenda Technology.",Tenda,Fh1206,9.8,CRITICAL,0.0008999999845400453,false,,false,false,true,2024-08-12T12:38:00.000Z,true,false,false,,2024-08-12T13:38:00.000Z,0
CVE-2024-7615,https://securityvulnerability.io/vulnerability/CVE-2024-7615,Stack-Based Buffer Overflow in Tenda FH1206 Vulnerability,"A critical security vulnerability has been identified in the Tenda FH1206 router, specifically in version 1.2.0.8, where improper handling of input in the functions fromSafeClientFilter, fromSafeMacFilter, and fromSafeUrlFilter results in a stack-based buffer overflow. This vulnerability can be exploited remotely, allowing attackers to execute arbitrary code on the affected device without any local access. The vendor was notified regarding this serious issue but has not provided a response. Users of the Tenda FH1206 are strongly advised to secure their devices from potential exploitation and to stay informed about available updates and patches related to this vulnerability.",Tenda,Fh1206,9.8,CRITICAL,0.0008999999845400453,false,,false,false,true,2024-08-12T12:38:00.000Z,true,false,false,,2024-08-12T13:38:00.000Z,0
CVE-2024-7152,https://securityvulnerability.io/vulnerability/CVE-2024-7152,Stack-based Buffer Overflow in Tenda O3 Router Firmware,"A serious vulnerability has been identified in the Tenda O3 Router firmware version 1.0.0.10(2478). This vulnerability arises from the manipulation of the 'time' argument in the 'fromSafeSetMacFilter' function located in '/goform/setMacFilterList', leading to a stack-based buffer overflow. This issue can be exploited remotely, potentially allowing attackers to execute arbitrary code and compromise system integrity. Despite early notifications to the vendor, no response has been received regarding this exploitation risk. Users are advised to review the firmware and implement necessary security measures to mitigate potential attacks. For further details, refer to the related security advisories.",Tenda,O3,8.8,HIGH,0.0055599999614059925,false,,false,false,true,2024-07-27T20:00:06.000Z,true,false,false,,2024-07-27T21:00:06.271Z,0