cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-25507,https://securityvulnerability.io/vulnerability/CVE-2025-25507,Remote Command Execution in Tenda AC6 Router,"A remote command execution vulnerability exists in the Tenda AC6 router's formexeCommand function. The vulnerability arises from improper handling of the cmdinput parameter, allowing an attacker to execute arbitrary commands remotely. This flaw can potentially compromise the security of the device, making it critical for users and administrators to apply security patches and configure their devices securely. To mitigate risks, users should review device settings and implement recommended security practices.",Tenda,AC6 Router,6.5,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-21T00:00:00.000Z,0
CVE-2025-25510,https://securityvulnerability.io/vulnerability/CVE-2025-25510,Buffer Overflow Vulnerability in Tenda AC8 Router,"The Tenda AC8 Router, specifically version V16.03.34.06, is exposed to a buffer overflow vulnerability within the get_parentControl_list_Info function. This flaw can potentially allow remote attackers to execute arbitrary code, leading to unauthorized access or control over the affected device. Proper security measures and updates should be enforced to mitigate the risks associated with this vulnerability.",Tenda,Tenda AC8 Router,6.5,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-21T00:00:00.000Z,0
CVE-2025-25505,https://securityvulnerability.io/vulnerability/CVE-2025-25505,Buffer Overflow Vulnerability in Tenda AC6 Router Software,"The Tenda AC6 router version 15.03.05.16_multi is susceptible to a vulnerability that allows for a buffer overflow in the sub_452A4 function. This flaw could potentially enable an unauthorized user to cause unintended behavior, including system crashes or remote code execution, thereby jeopardizing the security and integrity of the network. It is crucial for Tenda users to remain vigilant and implement security measures to mitigate the risk associated with this vulnerability.",Tenda,AC6 Router,6.5,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-21T00:00:00.000Z,0
CVE-2025-25678,https://securityvulnerability.io/vulnerability/CVE-2025-25678,Buffer Overflow Vulnerability in Tenda i12 Router,"The Tenda i12 router firmware version V1.0.0.10(3805) is susceptible to a buffer overflow vulnerability through the funcpara1 parameter within the formSetCfm function. This vulnerability can potentially allow an attacker to execute arbitrary code, compromising the integrity and confidentiality of the device. Users are advised to review their configurations and apply any necessary updates to secure their networks.",Tenda,Tenda i12,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-20T00:00:00.000Z,0
CVE-2025-25675,https://securityvulnerability.io/vulnerability/CVE-2025-25675,Command Injection Vulnerability in Tenda AC10 Router,"The Tenda AC10 router, specifically version V15.03.06.23, is exposed to a command injection vulnerability within the formexeCommand function. This flaw arises when the 'cmdinput' parameter is received from a POST request and subsequently stored in the 'cmd_buf' variable. The dire implication of this vulnerability is that it allows attackers to execute arbitrary commands on the device via the 'doSystemCmd' function, potentially compromising the security and functionality of the router.",Tenda,AC10,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-20T00:00:00.000Z,0
CVE-2025-25679,https://securityvulnerability.io/vulnerability/CVE-2025-25679,Buffer Overflow Vulnerability in Tenda i12 by Tenda,"Tenda i12 versions including V1.0.0.10(3805) have been found to be susceptible to a buffer overflow vulnerability. This issue arises from improper handling of the index parameter in the formWifiMacFilterSet function, potentially allowing attackers to execute arbitrary code or disrupt service. Users are advised to implement security measures and apply the latest patches to protect against exploitation.",Tenda,Tenda i12,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-20T00:00:00.000Z,0
CVE-2025-25663,https://securityvulnerability.io/vulnerability/CVE-2025-25663,Stack-Based Buffer Overflow in Tenda AC8V4 Wi-Fi Router,"A vulnerability was identified in the Tenda AC8V4 router, specifically within the WifiExtraSet functionality. The issue arises from improper handling of the wpapsk_crypto argument, leading to a stack-based buffer overflow. This flaw could potentially allow an attacker to execute arbitrary code or disrupt the normal operation of the affected device.",Tenda,AC8V4 Router,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-20T00:00:00.000Z,0
CVE-2025-25667,https://securityvulnerability.io/vulnerability/CVE-2025-25667,Stack Overflow Vulnerability in Tenda AC8 Router,"The Tenda AC8 router is susceptible to a stack overflow vulnerability in its parent control feature. This issue arises specifically through the 'urls' parameter in the function get_parentControl_list_Info, potentially allowing an attacker to manipulate memory, resulting in unpredictable behavior or unauthorized access.",Tenda,AC8 Router,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-20T00:00:00.000Z,0
CVE-2025-25668,https://securityvulnerability.io/vulnerability/CVE-2025-25668,Stack Overflow Vulnerability in Tenda AC8 Router,"The Tenda AC8V4 router, specifically version V16.03.34.06, is affected by a stack overflow vulnerability stemming from improper handling of the 'shareSpeed' parameter in the function sub_47D878. This flaw could potentially allow an attacker to exploit memory corruption, leading to unauthorized execution of arbitrary code. Network administrators should ensure their firmware is updated and follow security best practices to prevent potential exploitation of this risk.",Tenda,AC8V4,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-20T00:00:00.000Z,0
CVE-2025-25664,https://securityvulnerability.io/vulnerability/CVE-2025-25664,Stack Overflow Vulnerability in Tenda AC8 Router Firmware,"The Tenda AC8 router with firmware version V16.03.34.06 is affected by a stack overflow vulnerability that occurs in the sub_49E098 function through the shareSpeed parameter. Exploiting this vulnerability can allow an attacker to execute arbitrary code, potentially compromising the integrity and confidentiality of network communications. It is essential for users of affected versions to apply necessary patches and updates provided by Tenda to mitigate this risk.",Tenda,AC8,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-20T00:00:00.000Z,0
CVE-2025-25676,https://securityvulnerability.io/vulnerability/CVE-2025-25676,Buffer Overflow Vulnerability in Tenda i12 Router,"A vulnerability exists in the Tenda i12 router's firmware version 1.0.0.10 (3805), where a buffer overflow can be exploited through the 'list' parameter in the formwrlSSIDset function. This could allow unauthorized access or remote code execution, making it essential for users to update to the latest firmware and monitor for any suspicious activity.",Tenda,i12 Router,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-20T00:00:00.000Z,0
CVE-2025-25674,https://securityvulnerability.io/vulnerability/CVE-2025-25674,Buffer Overflow Vulnerability in Tenda AC10 Router,"The Tenda AC10 router version V15.03.06.23 is exposed to a buffer overflow vulnerability in the form_fast_setting_wifi_set function. This occurs when the user-provided SSID is manipulated, allowing an attacker to potentially execute arbitrary code or crash the device. It is crucial for users to be aware of this flaw and ensure timely updates or patches to mitigate security risks.",Tenda,AC10,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-20T00:00:00.000Z,0
CVE-2025-25662,https://securityvulnerability.io/vulnerability/CVE-2025-25662,Buffer Overflow Vulnerability in Tenda O4 Router,"The Tenda O4 Router version V3.0 V1.0.0.10(2936) is susceptible to a Buffer Overflow vulnerability in the SafeSetMacFilter function located in the file /goform/setMacFilterList. This flaw can be exploited via compromised parameters in the remark/type/time arguments, potentially allowing an attacker to execute arbitrary code or cause a denial of service.",Tenda,Tenda O4 Router,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-20T00:00:00.000Z,0
CVE-2025-25343,https://securityvulnerability.io/vulnerability/CVE-2025-25343,Buffer Overflow Vulnerability in Tenda AC6 Firmware,"The Tenda AC6 V15.03.05.16 firmware is susceptible to a buffer overflow vulnerability within the formexeCommand function, potentially allowing unauthorized commands and access to critical system resources. This flaw could lead to exploitation, impacting the device's integrity and the network’s security.",Tenda,AC6 Firmware,9.8,CRITICAL,0.0012400000123307109,false,,false,false,false,,false,false,false,,2025-02-12T00:00:00.000Z,0
CVE-2024-46432,https://securityvulnerability.io/vulnerability/CVE-2024-46432,Incorrect Access Control in Tenda W18E Router Products,"The Tenda W18E router, specifically version V16.01.0.8(1625), is susceptible to an incorrect access control vulnerability. An attacker could exploit this flaw by sending a specially crafted HTTP POST request targeting the setQuickCfgWifiAndLogin function. This method allows unauthorized users to alter WiFi settings and administrative credentials, potentially compromising network security. Users of the Tenda W18E should ensure their firmware is up to date to mitigate this vulnerability.",Tenda,W18E Router,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-10T00:00:00.000Z,0
CVE-2024-46437,https://securityvulnerability.io/vulnerability/CVE-2024-46437,Sensitive Information Disclosure in Tenda W18E,"The Tenda W18E features a significant vulnerability in its web management portal that permits unauthenticated remote attackers to exploit the system. By utilizing a specially crafted HTTP POST request directed at the getQuickCfgWifiAndLogin function, attackers can bypass existing authentication measures. This oversight enables the unauthorized retrieval of sensitive information such as WiFi SSID, WiFi passwords, and base64-encoded administrator credentials, posing a serious risk to user privacy and network security.",Tenda,W18E,6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-10T00:00:00.000Z,0
CVE-2024-46429,https://securityvulnerability.io/vulnerability/CVE-2024-46429,Hardcoded Credentials Vulnerability in Tenda W18E Router,"A hardcoded credentials vulnerability in Tenda W18E routers enables unauthorized remote attackers to gain access to the web management portal. The issue arises from a default guest account provisioned with administrative privileges, allowing attackers to manipulate the router settings without authentication. This vulnerability poses significant risks to network security, enabling potential exploitation by malicious actors.",Tenda,W18E Router,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-10T00:00:00.000Z,0
CVE-2024-46435,https://securityvulnerability.io/vulnerability/CVE-2024-46435,Stack Overflow Vulnerability in Tenda W18E Web Management Portal,"A stack overflow vulnerability exists in the web management portal of the Tenda W18E, specifically in the delFacebookPic function. This flaw allows an authenticated remote attacker to exploit improper input validation, potentially leading to a denial of service or even the execution of arbitrary code. It is crucial for users to patch this vulnerability to safeguard their systems against unauthorized access and operational disruptions.",Tenda,W18E,8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-10T00:00:00.000Z,0
CVE-2024-46436,https://securityvulnerability.io/vulnerability/CVE-2024-46436,Unauthorized Root Access Vulnerability in Tenda W18E Devices,"The Tenda W18E V16.01.0.8(1625) is vulnerable due to hardcoded credentials, which can be exploited by unauthenticated remote attackers. This vulnerability allows malicious actors to gain unauthorized root access to the device via the Telnet service, potentially compromising the integrity and security of the network. Users are advised to update their devices and take appropriate security measures to mitigate this risk.",Tenda,W18E,8.3,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-10T00:00:00.000Z,0
CVE-2024-46434,https://securityvulnerability.io/vulnerability/CVE-2024-46434,Authentication Bypass Vulnerability in Tenda W18E Router,"The Tenda W18E Router has a vulnerability in its web management portal that permits unauthorized remote attackers to bypass authentication measures. By sending a specially crafted HTTP request, an attacker can gain administrative access to the device, potentially compromising network security and user privacy. This flaw underscores the importance of robust security protocols in network devices, highlighting the need for users to apply updates and safeguards to mitigate potential threats.",Tenda,W18E Router,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-10T00:00:00.000Z,0
CVE-2024-46430,https://securityvulnerability.io/vulnerability/CVE-2024-46430,Incorrect Access Control in Tenda W18E Routers,"The Tenda W18E router version V16.01.0.8(1625) is susceptible to an access control vulnerability that allows unauthorized users to change the administrator password. By exploiting this flaw, an unauthenticated remote attacker can send a specially crafted HTTP POST request to the router's setLoginPassword function, effectively bypassing the intended authentication measures. This weakness highlights significant security risks for network management and user data protection. Proper mitigation strategies should be implemented to safeguard against such unauthorized access.",Tenda,W18E,6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-10T00:00:00.000Z,0
CVE-2024-46431,https://securityvulnerability.io/vulnerability/CVE-2024-46431,Buffer Overflow Vulnerability in Tenda W18E Product by Tenda,"The Tenda W18E, a widely used networking device, is susceptible to a buffer overflow vulnerability. When an attacker gains access to the device's web management portal, they can exploit this flaw by submitting specially crafted data to the delWewifiPic function. This malicious input can lead to unauthorized actions within the device, potentially compromising network security and allowing for various attacks. Users are advised to review available patches and updates to secure affected versions.",Tenda,Tenda W18E,8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-10T00:00:00.000Z,0
CVE-2024-46433,https://securityvulnerability.io/vulnerability/CVE-2024-46433,Default Credentials Vulnerability in Tenda W18E Router,"A security issue exists in Tenda W18E routers where the default administrative account 'rzadmin' remains accessible, allowing unauthenticated remote attackers full access to the web management portal. This vulnerability poses a serious risk, enabling malicious actors to manipulate settings, compromise network security, and potentially exploit devices connected to the network.",Tenda,W18E Router,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-10T00:00:00.000Z,0
CVE-2025-0848,https://securityvulnerability.io/vulnerability/CVE-2025-0848,Stack-based Buffer Overflow in Tenda A18 HTTP POST Request Handler,"A stack-based buffer overflow vulnerability exists in the SetCmdlineRun function of the HTTP POST Request Handler in Tenda A18 routers, specifically in versions up to 15.13.07.09. This issue can be exploited remotely when manipulating the wpapsk_crypto5g argument, potentially leading to unauthorized access or other malicious actions. With the exploit details publicly disclosed, it is crucial for users to update their devices to mitigate risks.",Tenda,A18,7.1,HIGH,0.0011099999537691474,false,,false,false,true,2025-01-30T01:00:19.000Z,true,false,false,,2025-01-30T01:00:19.576Z,0
CVE-2025-0566,https://securityvulnerability.io/vulnerability/CVE-2025-0566,Stack-based Buffer Overflow in Tenda AC15 Router,"The Tenda AC15 router suffers from a stack-based buffer overflow vulnerability in the formSetDevNetName function found in the /goform/SetDevNetName file. This flaw arises from improper handling of the 'mac' argument, allowing attackers to exploit the vulnerability remotely. Once publicly disclosed, this potential exploit poses significant risks for users, enabling unauthorized access and control over affected devices. It is crucial for users to update their devices to mitigate the risks associated with this vulnerability.",Tenda,Ac15,8.7,HIGH,0.0011399999493733048,false,,false,false,true,2025-01-19T06:31:12.000Z,true,false,false,,2025-01-19T06:31:12.505Z,0