Tenda AC7 SetSysTimeCfg File Buffer Overflow Vulnerability

Tenda AC7 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in Tenda AC7 version 15.03.06.44. The vulnerability stems from the parameter Time in the file /goform/SetSysTimeCfg that fails to properly validate the length and size of the input data, which can...

Tenda AC7 Command Injection Vulnerability

Tenda AC7 is a wireless router from Tenda, a Chinese company. A command injection vulnerability exists in Tenda AC7 version 15.03.06.44, which originates from the failure to properly filter the parameter lanIp in the file /goform/AdvSetLanip to construct command special characters, commands, etc...

Tenda AC7 /goform/WifiMacFilterSet File Buffer Overflow Vulnerability

Tenda AC7 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in Tenda AC7 version 15.03.06.44, which originates from the parameter wifichkHz in the file /goform/WifiMacFilterSet that fails to correctly validate the length of the input data, and can be...

Tenda AC7 /goform/SetUpnpCfg File Buffer Overflow Vulnerability

Tenda AC7 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in Tenda AC7 version 15.03.06.44, which originates from the parameter upnpEn in the file /goform/SetUpnpCfg that fails to correctly validate the length of the input data, and can be exploited by a...

CVE-2025-11528

Summary of CVE-2025-11528 : Affected device is Tenda AC7 routers with firmware 15.03.06.44. The vulnerability lies in the function handling the /goform/saveAutoQos parameter enable, where improper input length validation causes a stack-based buffer overflow. Remote exploitation is possible, and p...

EUVD-2025-33258

A vulnerability was identified in Tenda AC7 15.03.06.44. This affects an unknown function of the file /goform/saveAutoQos. The manipulation of the argument enable leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be us...

CVE-2025-11528 Tenda AC7 saveAutoQos stack-based overflow

A vulnerability was identified in Tenda AC7 15.03.06.44. This affects an unknown function of the file /goform/saveAutoQos. The manipulation of the argument enable leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be us...

CVE-2025-11523

A vulnerability was detected in Tenda AC7 15.03.06.44. This vulnerability affects unknown code of the file /goform/AdvSetLanip. The manipulation of the argument lanIp results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used...

CVE-2025-11523

A vulnerability was detected in Tenda AC7 15.03.06.44. This vulnerability affects unknown code of the file /goform/AdvSetLanip. The manipulation of the argument lanIp results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used...

CVE-2025-11525

CVE-2025-11525 affects Tenda AC7 (firmware 15.03.06.44). The issue is a stack-based buffer overflow in the /goform/SetUpnpCfg handler caused by improper validation of the upnpEn parameter. Attackers can exploit remotely to execute arbitrary code or cause denial of service; public exploits/poC hav...

CVE-2025-11524

CVE-2025-11524 affects Tenda AC7 routers (firmware 15.03.06.44). The defect is a stack-based buffer overflow in /goform/SetDDNSCfg via the ddnsEn parameter, enabling remote code execution (exploit published; PoC/attacks possible). Exploit maturity: PoC. Remediation: update to a newer firmware ver...

EUVD-2025-33268

A flaw has been found in Tenda AC7 15.03.06.44. This issue affects some unknown processing of the file /goform/SetDDNSCfg. This manipulation of the argument ddnsEn causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used...

CVE-2025-11523 Tenda AC7 AdvSetLanip command injection

A vulnerability was detected in Tenda AC7 15.03.06.44. This vulnerability affects unknown code of the file /goform/AdvSetLanip. The manipulation of the argument lanIp results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used...

CVE-2025-11523 Tenda AC7 AdvSetLanip command injection

A vulnerability was detected in Tenda AC7 15.03.06.44. This vulnerability affects unknown code of the file /goform/AdvSetLanip. The manipulation of the argument lanIp results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used...

Tenda AC7 安全漏洞

Tenda AC7 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in Tenda AC7 version 15.03.06.44, which originates from the parameter ddnsEn in the file /goform/SetDDNSCfg that fails to correctly validate the length and size of the input data, and can be...

Tenda AC7 安全漏洞

Tenda AC7 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in Tenda AC7 version 15.03.06.44, which originates from the parameter enable in the file /goform/saveAutoQos that fails to correctly validate the length of the input data, and can be exploited by ...

PT-2025-41327

Name of the Vulnerable Software and Affected Versions Tenda AC7 version 15.03.06.44 Description A stack-based buffer overflow exists in Tenda AC7 version 15.03.06.44. The issue is due to the manipulation of the upnpEn parameter within the /goform/SetUpnpCfg file. This allows for remote...

Tenda AC7 安全漏洞

Tenda AC7 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in Tenda AC7 version 15.03.06.44, which originates from the parameter wifichkHz in the file /goform/WifiMacFilterSet that fails to correctly validate the length of the input data, and can be...

Tenda AC7 安全漏洞

Tenda AC7 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in Tenda AC7 version 15.03.06.44, which originates from the parameter Password in the file /goform/fastsettingpppoeset that fails to correctly validate the length and size of the input data, and c...

EUVD-2025-25011

Malicious code in bioql PyPI...