cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-0848,https://securityvulnerability.io/vulnerability/CVE-2025-0848,Stack-based Buffer Overflow in Tenda A18 HTTP POST Request Handler,"A stack-based buffer overflow vulnerability exists in the SetCmdlineRun function of the HTTP POST Request Handler in Tenda A18 routers, specifically in versions up to 15.13.07.09. This issue can be exploited remotely when manipulating the wpapsk_crypto5g argument, potentially leading to unauthorized access or other malicious actions. With the exploit details publicly disclosed, it is crucial for users to update their devices to mitigate risks.",Tenda,A18,7.1,HIGH,0.0011099999537691474,false,,false,false,true,2025-01-30T01:00:19.000Z,true,false,false,,2025-01-30T01:00:19.576Z,0
CVE-2025-0566,https://securityvulnerability.io/vulnerability/CVE-2025-0566,Stack-based Buffer Overflow in Tenda AC15 Router,"The Tenda AC15 router suffers from a stack-based buffer overflow vulnerability in the formSetDevNetName function found in the /goform/SetDevNetName file. This flaw arises from improper handling of the 'mac' argument, allowing attackers to exploit the vulnerability remotely. Once publicly disclosed, this potential exploit poses significant risks for users, enabling unauthorized access and control over affected devices. It is crucial for users to update their devices to mitigate the risks associated with this vulnerability.",Tenda,Ac15,8.7,HIGH,0.0011399999493733048,false,,false,false,true,2025-01-19T06:31:12.000Z,true,false,false,,2025-01-19T06:31:12.505Z,0
CVE-2025-0528,https://securityvulnerability.io/vulnerability/CVE-2025-0528,"Command Injection Vulnerability in Tenda AC8, AC10 and AC18 Routers","A command injection vulnerability exists in Tenda AC8, AC10, and AC18 routers due to improper handling of the /goform/telnet functionality by the HTTP Request Handler. This flaw allows an attacker to execute arbitrary commands on the affected devices remotely, potentially gaining unauthorized access or control. It is crucial for users to address this issue to mitigate the associated risks and protect their network security.",Tenda,"Ac8,Ac10,Ac18",8.6,HIGH,0.000699999975040555,false,,false,false,true,2025-01-17T14:31:07.000Z,true,false,false,,2025-01-17T14:31:07.148Z,0
CVE-2024-57581,https://securityvulnerability.io/vulnerability/CVE-2024-57581,Stack Overflow Vulnerability in Tenda AC18 Firewall Configuration,"The Tenda AC18 router has a security flaw due to a stack overflow in the formSetFirewallCfg function, triggered by malicious inputs in the firewallEn parameter. This vulnerability poses a risk of unauthorized code execution, potentially compromising the device's security and integrity. It is essential for users of Tenda AC18 version V15.03.05.19 to be aware of this issue and apply necessary mitigations to safeguard their systems.",Tenda,AC18,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-16T00:00:00.000Z,0
CVE-2024-57575,https://securityvulnerability.io/vulnerability/CVE-2024-57575,Stack Overflow Vulnerability in Tenda AC18 Wi-Fi Router,"A stack overflow vulnerability has been identified in the Tenda AC18 router, specifically in the ssid parameter of the form_fast_setting_wifi_set function. This flaw may be exploited by attackers to execute arbitrary code or cause unexpected behavior in the router, potentially compromising the security of the entire network. Users are advised to apply relevant security patches and maintain vigilance regarding their device configurations to mitigate potential risks.",Tenda,AC18 Router,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,false,false,false,,2025-01-16T00:00:00.000Z,0
CVE-2024-57579,https://securityvulnerability.io/vulnerability/CVE-2024-57579,Stack Overflow Vulnerability in Tenda AC18 by Tenda,"The Tenda AC18 router, specifically version V15.03.05.19, has a vulnerability that allows for a stack overflow condition. This occurs through improper handling of the 'limitSpeedUp' parameter within the 'formSetClientState' function, potentially enabling attackers to exploit this weakness. Such vulnerabilities may allow for unauthorized access or manipulation of device functionalities, posing significant risks to network security. It is crucial for users and administrators to apply available patches and follow best practices to mitigate the risks associated with this vulnerability.",Tenda,Tenda AC18,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-16T00:00:00.000Z,0
CVE-2024-57583,https://securityvulnerability.io/vulnerability/CVE-2024-57583,Command Injection Vulnerability in Tenda AC18 Router,"The Tenda AC18 Router version V15.03.05.19 has a command injection vulnerability that can be exploited through the usbName parameter in the formSetSambaConf function. This vulnerability allows attackers to execute arbitrary commands on the device, potentially compromising the router’s security and the integrity of the network. It is critical for users to implement security measures to mitigate the risks associated with this vulnerability.",Tenda,AC18 Router,9.8,CRITICAL,0.0008999999845400453,false,,false,false,false,,false,false,false,,2025-01-16T00:00:00.000Z,0
CVE-2024-57582,https://securityvulnerability.io/vulnerability/CVE-2024-57582,Stack Overflow Vulnerability in Tenda AC18 Router,"A stack overflow vulnerability has been identified in the Tenda AC18 router, specifically found in the formSetPPTPServer function through the startIP parameter. This flaw poses significant risks to the integrity of the device and can potentially allow for arbitrary code execution, compromising the security of the affected network.",Tenda,Tenda AC18,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-16T00:00:00.000Z,0
CVE-2024-57580,https://securityvulnerability.io/vulnerability/CVE-2024-57580,Stack Overflow Vulnerability in Tenda AC18 Devices,"A stack overflow vulnerability has been identified in the Tenda AC18 firmware version 15.03.05.19, triggered by improper handling of the 'devName' parameter within the 'formSetDeviceName' function. This flaw may allow an attacker to execute arbitrary code or disrupt the normal operation of the affected device, posing a significant security risk for users.",Tenda,AC18,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-16T00:00:00.000Z,0
CVE-2024-57703,https://securityvulnerability.io/vulnerability/CVE-2024-57703,Stack Overflow Vulnerability in Tenda AC8v4 Router,"The Tenda AC8v4 router version V16.03.34.06 contains a stack overflow vulnerability in the setSchedWifi function, specifically in the /goform/openSchedWifi file. The issue arises when an attacker manipulates the argument schedEndTime, potentially leading to a stack-based buffer overflow, which could allow remote execution of arbitrary code. It is crucial for users to update their firmware to mitigate this security risk.",Tenda,AC8v4 Router,7.3,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-16T00:00:00.000Z,0
CVE-2024-46450,https://securityvulnerability.io/vulnerability/CVE-2024-46450,Access Control Flaw in Tenda AC1200 Smart Dual-Band WiFi Router,"An incorrect access control vulnerability exists in the Tenda AC1200 Smart Dual-Band WiFi Router Model AC6 v2.0 Firmware v15.03.06.50. This flaw enables attackers to exploit the router by sending crafted web requests, potentially allowing them to bypass authentication measures. Such an exploit could lead to unauthorized access to the device, compromising network integrity and leading to further security risks.",Tenda,AC1200 Smart Dual-Band WiFi Router,8.1,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-16T00:00:00.000Z,0
CVE-2024-57483,https://securityvulnerability.io/vulnerability/CVE-2024-57483,Buffer Overflow Vulnerability in Tenda i24 Router,"The Tenda i24 router version 2.0.0.5 is affected by a buffer overflow vulnerability in the addWifiMacFilter function. This vulnerability may allow attackers to exploit the buffer overflow, potentially leading to arbitrary code execution or system crashes. It's crucial for users to stay informed about this vulnerability to safeguard their network systems from potential threats.",Tenda,,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T23:15:00.000Z,0
CVE-2025-0349,https://securityvulnerability.io/vulnerability/CVE-2025-0349,Stack-based Buffer Overflow in Tenda AC6 by Tenda,"A vulnerability exists in Tenda AC6 15.03.05.16 that allows for a stack-based buffer overflow through the GetParentControlInfo function located in /goform/GetParentControlInfo. Manipulating the 'src' argument could enable remote attackers to exploit the vulnerability, potentially affecting additional parameters. This issue has been publicly disclosed, raising significant concerns regarding its exploitability.",Tenda,Ac6,8.7,HIGH,0.00044999999227002263,false,,false,false,true,2025-01-09T10:31:07.000Z,true,false,false,,2025-01-09T10:31:07.078Z,0
CVE-2024-11745,https://securityvulnerability.io/vulnerability/CVE-2024-11745,Stack-Based Buffer Overflow Vulnerability in Tenda AC8 Product,"A critical vulnerability has been identified in the Tenda AC8 router, specifically within the 'route_static_check' function in the SetStaticRouteCfg file. This vulnerability manifests as a stack-based buffer overflow due to improper handling of argument lists. An attacker can exploit this flaw remotely, potentially leading to unauthorized access or other malicious actions. The exploit has been made public, heightening the urgency for users of the affected Tenda AC8 version 16.03.34.09 to implement protective measures immediately to safeguard their networks.",Tenda,Ac8,9.8,CRITICAL,0.0008699999889358878,false,,false,false,true,2024-11-26T21:00:12.000Z,true,false,false,,2024-11-26T21:00:12.592Z,0
CVE-2024-52714,https://securityvulnerability.io/vulnerability/CVE-2024-52714,Buffer Overflow Vulnerability in Tenda AC6 Router,"The Tenda AC6 v2.0, specifically version v15.03.06.50, is susceptible to a buffer overflow vulnerability within the 'fromSetSysTime' function. This flaw can potentially lead to unauthorized access, data corruption, or system crashes, highlighting the need for immediate attention and remediation. Users of Tenda AC6 should prioritize applying security patches and updates to mitigate the associated risks.",Tenda,Ac6 Firmware,9.8,CRITICAL,0.0012400000123307109,false,,false,false,false,,,false,false,,2024-11-19T19:15:00.000Z,0
CVE-2024-11248,https://securityvulnerability.io/vulnerability/CVE-2024-11248,Stack-based Buffer Overflow in Tenda AC10 Router,"A significant vulnerability exists within the Tenda AC10 router, specifically in the formSetRebootTimer function located in the /goform/SetSysAutoRebbotCfg file. This vulnerability enables a stack-based buffer overflow due to improper handling of the rebootTime argument. The flaw permits threat actors to launch remote attacks, potentially leading to unauthorized access to the device. The disclosure of this exploit in public forums increases the urgency for device owners to address the vulnerability to safeguard their networks.",Tenda,Ac10 Firmware,8.8,HIGH,0.0010999999940395355,false,,false,false,false,,,false,false,,2024-11-15T17:15:00.000Z,0
CVE-2024-50852,https://securityvulnerability.io/vulnerability/CVE-2024-50852,Command Injection Vulnerability in Tenda G3 Router,"The Tenda G3 v3.0 v15.11.0.20 is vulnerable to a command injection issue through the formSetUSBPartitionUmount function. This vulnerability may allow attackers to execute arbitrary commands on the router, compromising the integrity and availability of the device. Proper remediation mechanisms should be considered to ensure device security and protect against unauthorized access.",Tenda,G3 Firmware,8.8,HIGH,0.0006200000061653554,false,,false,false,false,,,false,false,,2024-11-13T15:15:00.000Z,0
CVE-2024-50853,https://securityvulnerability.io/vulnerability/CVE-2024-50853,Command Injection Vulnerability in Tenda G3 Router Firmware,"The Tenda G3 router running firmware version 3.0 v15.11.0.20 contains a command injection vulnerability within the formSetDebugCfg function. This flaw allows an attacker to inject arbitrary commands into the system, which could lead to unauthorized access and manipulation of device configurations. Such vulnerabilities pose significant risks, potentially enabling attackers to execute harmful commands that could compromise the router’s integrity and the security of the network it supports. Users of Tenda G3 routers are advised to review their device settings and apply any available security updates to mitigate the risks associated with this vulnerability.",Tenda,G3 Firmware,8.8,HIGH,0.0006200000061653554,false,,false,false,false,,,false,false,,2024-11-13T15:15:00.000Z,0
CVE-2024-50854,https://securityvulnerability.io/vulnerability/CVE-2024-50854,Stack Overflow Vulnerability in Tenda G3 from Tenda,"A stack overflow vulnerability has been found in Tenda G3 v3.0 v15.11.0.20 through the formSetPortMapping function. This flaw can potentially allow an attacker to execute arbitrary code or disrupt the normal operation of the device, raising significant security concerns for users relying on this product for secure networking. Proper mitigations and patches are required to safeguard against potential exploitation.",Tenda,G3 Firmware,8.8,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-11-13T15:15:00.000Z,0
CVE-2024-11061,https://securityvulnerability.io/vulnerability/CVE-2024-11061,Stack-Based Buffer Overflow in Tenda AC10 Router,"A severe stack-based buffer overflow vulnerability exists in the Tenda AC10 router, specifically within the function FUN_0044db3c of the /goform/fast_setting_wifi_set file. By manipulating the timeZone argument, an attacker can potentially execute arbitrary code remotely. This vulnerability poses significant risks to users, as it can be exploited over the network without requiring any physical access to the device. Immediate action is advised to mitigate the risks associated with this critical vulnerability.",Tenda,Ac10,8.8,HIGH,0.0023300000466406345,false,,false,false,true,2024-11-11T00:31:07.000Z,true,false,false,,2024-11-11T00:31:07.099Z,0
CVE-2024-11056,https://securityvulnerability.io/vulnerability/CVE-2024-11056,Stack-Based Buffer Overflow in Tenda AC10 Routers,"A critical security vulnerability identified in the Tenda AC10 router allows an attacker to exploit a stack-based buffer overflow in the /goform/WifiExtraSet function. This issue arises from improper handling of the wpapsk_crypto argument, which can lead to unauthorized access or execution of arbitrary code. Attackers can initiate this exploit remotely, making it especially dangerous for users of affected versions. As the exploit details have been disclosed publicly, it is crucial for users to take immediate action to secure their devices, such as applying relevant patches and enhancing their network security measures.",Tenda,Ac10,8.8,HIGH,0.001290000043809414,false,,false,false,true,2024-11-10T16:31:06.000Z,true,false,false,,2024-11-10T16:31:06.581Z,0
CVE-2024-10698,https://securityvulnerability.io/vulnerability/CVE-2024-10698,Stack-Based Buffer Overflow in Tenda AC6 Router's Device Name Setting Function,"A serious vulnerability has been detected in the Tenda AC6 router, specifically in the function responsible for setting the device name, located within the /goform/SetOnlineDevName file. This flaw arises from a stack-based buffer overflow, which can be triggered by manipulating the devName argument. This vulnerability is particularly alarming as it can be exploited remotely, allowing an attacker to execute arbitrary code and potentially take control of the device. Users of the affected version, v15.03.05.19, should take immediate steps to secure their network, as the details of this exploit have been publicly disclosed and could be leveraged for attacks.",Tenda,Ac6,9.8,CRITICAL,0.0008999999845400453,false,,false,false,true,2024-11-02T13:31:07.000Z,true,false,false,,2024-11-02T13:31:07.358Z,0
CVE-2024-10697,https://securityvulnerability.io/vulnerability/CVE-2024-10697,Command Injection Vulnerability in Tenda AC6 Router Software,"A severe security flaw exists within the Tenda AC6 router's API endpoint, particularly in the function formWriteFacMac located at /goform/WriteFacMac. This vulnerability allows attackers to carry out command injection attacks. By manipulating specific input parameters, an unauthorized user can execute arbitrary commands on the affected device, potentially compromising its integrity. The vulnerability can be exploited remotely, making it accessible without physical access to the device. It is crucial for users of Tenda AC6 routers, especially version 15.03.05.19, to be aware of this risk and implement necessary security measures to safeguard their networks.",Tenda,Ac6,9.8,CRITICAL,0.0006300000241026282,false,,false,false,true,2024-11-02T12:00:08.000Z,true,false,false,,2024-11-02T12:00:08.397Z,0
CVE-2024-10662,https://securityvulnerability.io/vulnerability/CVE-2024-10662,Stack-Based Buffer Overflow in Tenda AC15 Router,"A critical vulnerability exists in the Tenda AC15 router, specifically in the formSetDeviceName function located within the /goform/SetOnlineDevName script. This security flaw allows for a stack-based buffer overflow due to inadequate input validation of the devName parameter. An attacker can exploit this vulnerability remotely, allowing them to potentially execute arbitrary code or disrupt the operation of the device. It is essential for users of the affected router model to apply the necessary security patches and updates to mitigate the risk of exploitation. For more detailed analysis and technical specifications, please refer to the security advisory links provided.",Tenda,Ac15,8.8,HIGH,0.0017000000225380063,false,,false,false,true,2024-11-01T16:00:16.000Z,true,false,false,,2024-11-01T16:00:16.399Z,0
CVE-2024-10661,https://securityvulnerability.io/vulnerability/CVE-2024-10661,Buffer Overflow Vulnerability in Tenda AC15 Router,"A stack-based buffer overflow vulnerability has been identified in the Tenda AC15 router, specifically within the SetDlnaCfg function found in the /goform/SetDlnaCfg file. This vulnerability occurs due to improper handling of the scanList argument, which can be exploited by attackers to execute remote code. As this flaw has been publicly disclosed, it poses a significant threat to users of the affected firmware version 15.03.05.19. Immediate action should be taken to secure devices running this software to prevent unauthorized access and potential exploitation.",Tenda,Ac15,8.8,HIGH,0.0017000000225380063,false,,false,false,true,2024-11-01T16:00:13.000Z,true,false,false,,2024-11-01T16:00:13.148Z,0