38 matches found
CVE-2026-5830
CVE-2026-5830 affects Tenda AC15 firmware 15.03.05.18. The vulnerability resides in the function websGetVar of /goform/SysToolChangePwd and results from manipulating the arguments oldPwd/newPwd/cfmPwd, causing a stack-based buffer overflow. The issue can be exploited remotely, and public exploit ...
CVE-2026-4975
A vulnerability has been found in Tenda AC15 15.03.05.19. This affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has...
CVE-2026-4975
The CVE-2026-4975 entry affects the Tenda AC15 device (firmware 15.03.05.19). It targets the POST handler at /goform/setcfm, specifically the formSetCfm function, where manipulating the funcpara1 argument causes a stack-based buffer overflow. Impact is defined as high for confidentiality, integri...
CVE-2026-24105
An issue was discovered in goform/formsetUsbUnload in Tenda AC15V1.0 V15.03.05.18multi. The value of v1 was not checked, potentially leading to a command injection vulnerability if injected into doSystemCmd...
CVE-2025-63666
Tenda AC15 v15.03.05.18multi issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. An attacker with network access or the ability to run JS in a victim browser can steal the cookie and replay it to acce...
CVE-2025-63666
Tenda AC15 v15.03.05.18multi issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. An attacker with network access or the ability to run JS in a victim browser can steal the cookie and replay it to acce...
EUVD-2025-32710
A vulnerability was identified in Tenda AC15 15.03.05.18. This impacts an unknown function of the file /goform/setNotUpgrade. Such manipulation of the argument newVersion leads to stack-based buffer overflow. The attack may be launched remotely. The exploit is publicly available and might be used...
CVE-2025-11389
A security flaw has been discovered in Tenda AC15 15.03.05.18. Affected is an unknown function of the file /goform/saveAutoQos. Performing a manipulation of the argument enable results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been released to...
CVE-2025-11386
A vulnerability was found in Tenda AC15 15.03.05.18. The impacted element is an unknown function of the file /goform/SetDDNSCfg of the component POST Parameter Handler. The manipulation of the argument ddnsEn results in stack-based buffer overflow. The attack can be launched remotely. The exploit...
CVE-2025-11386
CVE-2025-11386 affects Tenda AC15 router (firmware 15.03.05.18) via the POST handler in the /goform/SetDDNSCfg endpoint. The root cause is a stack-based buffer overflow triggered by manipulating the ddnsEn argument, indicating an input length validation failure in an unknown function of the POST ...
EUVD-2025-25470
Malicious code in bioql PyPI...
CVE-2025-55564
CVE-2025-55564 affects Tenda AC15 routers (v15.03.05.19_multi_TD01). The root cause is a stack overflow in the fromSetIpMacBind function caused by improper validation of the length/size of the input in the list parameter, which can lead to denial of service. Public sources consistently describe t...
The vulnerability of the formSetSafeWanWebMan() function (/goform/SetRemoteWebCfg) in the Tenda AC15 router software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the formSetSafeWanWebMan function /goform/SetRemoteWebCfg in the Tenda AC15 router software exists because the operation is performed outside the buffer in memory when processing the remoteIp parameter. Exploiting this vulnerability could allow a malicious actor to compromise...
The vulnerability of the fromSetWirelessRepeat function in the microprogramming software for Tenda AC15 routers allows a hacker to induce a service failure.
The vulnerability of the fromSetWirelessRepeat function in the Tenda AC15 router’s microprogramming system lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability could allow a remote attacker to cause a service failure...
Tenda多款产品 代码问题漏洞
Tenda AC7 and others are products of Tenda, a Chinese company.Tenda AC7 is a wireless router.Tenda AC9 is a wireless router.Tenda AC10 is a wireless router. A code issue exists in a number of Tenda products where the vulnerability stems from a null pointer dereference vulnerability in the...
PT-2024-8485 · Tenda · Tenda Ac15
Name of the Vulnerable Software and Affected Versions: Tenda AC15 version 15.03.05.19 Description: A critical issue affects the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to a stack-based buffer overflow in the memory. This can ...
PT-2024-23520 · Tenda · Tenda Ac15
Name of the Vulnerable Software and Affected Versions: Tenda AC15 version 15.03.05.18 Description: The issue is a stack overflow vulnerability in the time parameter from the setSmartPowerManagement function. This vulnerability can be exploited, potentially allowing unauthorized access or control...
The vulnerability of the formWifiWpsStart() function (/goform/WifiWpsStart) in the Tenda AC15 router software allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the formWifiWpsStart function /goform/WifiWpsStart of the Tenda AC15 router’s microprogramming software is related to the operation of writing data outside the buffer in memory when processing the index parameter. Exploiting this vulnerability can allow an attacker to...
The vulnerability of the formExpandDlnaFile() function in the Tenda AC15 router software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the formExpandDlnaFile function in the Tenda AC15 router’s microprogramming software is related to the issue of the operation going beyond the buffer in memory when processing the filePath parameter. Exploiting this vulnerability can allow an attacker to compromise the...
The vulnerability of the formWifiWpsOOB() function (/goform/WifiWpsOOB) in the Tenda AC15 router software allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the formWifiWpsOOB function /goform/WifiWpsOOB in the Tenda AC15 router’s microprogramming software is related to the operation of storing data outside of the buffer in memory when processing the index parameter. Exploiting this vulnerability can allow an attacker to compromi...