Lucene search
+L

38 matches found

CVE
CVE
added 2026/04/09 1:30 a.m.13 views

CVE-2026-5830

CVE-2026-5830 affects Tenda AC15 firmware 15.03.05.18. The vulnerability resides in the function websGetVar of /goform/SysToolChangePwd and results from manipulating the arguments oldPwd/newPwd/cfmPwd, causing a stack-based buffer overflow. The issue can be exploited remotely, and public exploit ...

9CVSS6.4AI score0.00627EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/28 11:9 p.m.7 views

CVE-2026-4975

A vulnerability has been found in Tenda AC15 15.03.05.19. This affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has...

9CVSS7.9AI score0.00632EPSS
Exploits1References1
CVE
CVE
added 2026/03/27 7:52 p.m.6 views

CVE-2026-4975

The CVE-2026-4975 entry affects the Tenda AC15 device (firmware 15.03.05.19). It targets the POST handler at /goform/setcfm, specifically the formSetCfm function, where manipulating the funcpara1 argument causes a stack-based buffer overflow. Impact is defined as high for confidentiality, integri...

9CVSS7.9AI score0.00632EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/03/02 12:0 a.m.32 views

CVE-2026-24105

An issue was discovered in goform/formsetUsbUnload in Tenda AC15V1.0 V15.03.05.18multi. The value of v1 was not checked, potentially leading to a command injection vulnerability if injected into doSystemCmd...

0.01704EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/11/13 1:0 a.m.17 views

CVE-2025-63666

Tenda AC15 v15.03.05.18multi issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. An attacker with network access or the ability to run JS in a victim browser can steal the cookie and replay it to acce...

9.8CVSS7.4AI score0.00471EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/11/12 12:0 a.m.15 views

CVE-2025-63666

Tenda AC15 v15.03.05.18multi issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. An attacker with network access or the ability to run JS in a victim browser can steal the cookie and replay it to acce...

0.00471EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:31 p.m.8 views

EUVD-2025-32710

A vulnerability was identified in Tenda AC15 15.03.05.18. This impacts an unknown function of the file /goform/setNotUpgrade. Such manipulation of the argument newVersion leads to stack-based buffer overflow. The attack may be launched remotely. The exploit is publicly available and might be used...

9CVSS6.9AI score0.00736EPSS
Exploits1References7
NVD
NVD
added 2025/10/07 12:15 p.m.8 views

CVE-2025-11389

A security flaw has been discovered in Tenda AC15 15.03.05.18. Affected is an unknown function of the file /goform/saveAutoQos. Performing a manipulation of the argument enable results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been released to...

9CVSS0.00742EPSS
Exploits1References5
NVD
NVD
added 2025/10/07 10:15 a.m.6 views

CVE-2025-11386

A vulnerability was found in Tenda AC15 15.03.05.18. The impacted element is an unknown function of the file /goform/SetDDNSCfg of the component POST Parameter Handler. The manipulation of the argument ddnsEn results in stack-based buffer overflow. The attack can be launched remotely. The exploit...

9CVSS0.00762EPSS
Exploits1References5
CVE
CVE
added 2025/10/07 10:2 a.m.24 views

CVE-2025-11386

CVE-2025-11386 affects Tenda AC15 router (firmware 15.03.05.18) via the POST handler in the /goform/SetDDNSCfg endpoint. The root cause is a stack-based buffer overflow triggered by manipulating the ddnsEn argument, indicating an input length validation failure in an unknown function of the POST ...

9CVSS8.8AI score0.00762EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-25470

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.0037EPSS
Exploits1References2
CVE
CVE
added 2025/08/21 12:0 a.m.26 views

CVE-2025-55564

CVE-2025-55564 affects Tenda AC15 routers (v15.03.05.19_multi_TD01). The root cause is a stack overflow in the fromSetIpMacBind function caused by improper validation of the length/size of the input in the list parameter, which can lead to denial of service. Public sources consistently describe t...

7.5CVSS7.6AI score0.0037EPSS
Exploits1References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/06/10 12:0 a.m.7 views

The vulnerability of the formSetSafeWanWebMan() function (/goform/SetRemoteWebCfg) in the Tenda AC15 router software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the formSetSafeWanWebMan function /goform/SetRemoteWebCfg in the Tenda AC15 router software exists because the operation is performed outside the buffer in memory when processing the remoteIp parameter. Exploiting this vulnerability could allow a malicious actor to compromise...

9CVSS7.9AI score0.00776EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/04/30 12:0 a.m.10 views

The vulnerability of the fromSetWirelessRepeat function in the microprogramming software for Tenda AC15 routers allows a hacker to induce a service failure.

The vulnerability of the fromSetWirelessRepeat function in the Tenda AC15 router’s microprogramming system lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

9CVSS7.7AI score0.00939EPSS
Exploits1References6Affected Software1
CNNVD
CNNVD
added 2024/10/23 12:0 a.m.5 views

Tenda多款产品 代码问题漏洞

Tenda AC7 and others are products of Tenda, a Chinese company.Tenda AC7 is a wireless router.Tenda AC9 is a wireless router.Tenda AC10 is a wireless router. A code issue exists in a number of Tenda products where the vulnerability stems from a null pointer dereference vulnerability in the...

7.5CVSS7.2AI score0.00755EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/04/09 12:0 a.m.10 views

PT-2024-8485 · Tenda · Tenda Ac15

Name of the Vulnerable Software and Affected Versions: Tenda AC15 version 15.03.05.19 Description: A critical issue affects the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to a stack-based buffer overflow in the memory. This can ...

9CVSS9.3AI score0.01228EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2024/03/29 12:0 a.m.6 views

PT-2024-23520 · Tenda · Tenda Ac15

Name of the Vulnerable Software and Affected Versions: Tenda AC15 version 15.03.05.18 Description: The issue is a stack overflow vulnerability in the time parameter from the setSmartPowerManagement function. This vulnerability can be exploited, potentially allowing unauthorized access or control...

4.3CVSS7.3AI score0.00357EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2024/03/27 12:0 a.m.7 views

The vulnerability of the formWifiWpsStart() function (/goform/WifiWpsStart) in the Tenda AC15 router software allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the formWifiWpsStart function /goform/WifiWpsStart of the Tenda AC15 router’s microprogramming software is related to the operation of writing data outside the buffer in memory when processing the index parameter. Exploiting this vulnerability can allow an attacker to...

10CVSS7.9AI score0.01541EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/03/27 12:0 a.m.5 views

The vulnerability of the formExpandDlnaFile() function in the Tenda AC15 router software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the formExpandDlnaFile function in the Tenda AC15 router’s microprogramming software is related to the issue of the operation going beyond the buffer in memory when processing the filePath parameter. Exploiting this vulnerability can allow an attacker to compromise the...

10CVSS7.8AI score0.01372EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/03/27 12:0 a.m.5 views

The vulnerability of the formWifiWpsOOB() function (/goform/WifiWpsOOB) in the Tenda AC15 router software allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the formWifiWpsOOB function /goform/WifiWpsOOB in the Tenda AC15 router’s microprogramming software is related to the operation of storing data outside of the buffer in memory when processing the index parameter. Exploiting this vulnerability can allow an attacker to compromi...

10CVSS7.9AI score0.01315EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder