CVE-2026-4974 Tenda AC7 POST Request SetSysTimeCfg fromSetSysTime memory corruption

A flaw has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg of the component POST Request Handler. Executing a manipulation of the argument Time can lead to stack-based buffer overflow. It is possible to launch the attack...

CVE-2026-24434

Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior does not implement CSRF protections for administrative functions in the web management interface. The interface does not enforce anti-CSRF tokens or robust origin validation, which can allow an attacker to induce a logged-in administrat...

CVE-2026-24427

Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior expose sensitive information in web management responses. Administrative credentials, including the router and/or admin panel password, are included in plaintext within configuration response bodies. In addition, responses lack...

CVE-2025-11523

A vulnerability was detected in Tenda AC7 15.03.06.44. This vulnerability affects unknown code of the file /goform/AdvSetLanip. The manipulation of the argument lanIp results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be used...

CVE-2025-11527

A vulnerability was determined in Tenda AC7 15.03.06.44. The impacted element is an unknown function of the file /goform/fastsettingpppoeset. Executing a manipulation of the argument Password can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been public...

CVE-2025-11527 Tenda AC7 fast_setting_pppoe_set stack-based overflow

A vulnerability was determined in Tenda AC7 15.03.06.44. The impacted element is an unknown function of the file /goform/fastsettingpppoeset. Executing a manipulation of the argument Password can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been public...

EUVD-2025-33265

A vulnerability was found in Tenda AC7 15.03.06.44. The affected element is an unknown function of the file /goform/WifiMacFilterSet. Performing manipulation of the argument wifichkHz results in stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made public an...

PT-2025-41326

Name of the Vulnerable Software and Affected Versions Tenda AC7 version 15.03.06.44 Description A stack-based buffer overflow exists in Tenda AC7 routers due to improper processing of the ddnsEn argument within the /goform/SetDDNSCfg file. This manipulation allows for remote code execution. The...

CVE-2025-4810

A vulnerability was found in Tenda AC7 15.03.06.44. It has been declared as critical. Affected by this vulnerability is the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument reboottime leads to stack-based buffer overflow. The attack can be launched...

CVE-2024-48826

Tenda AC7 v.15.03.06.44 ateiwprivset has pre-authentication command injection allowing remote attackers to execute arbitrary code...

Tenda AC7 安全漏洞

Tenda AC7 is a wireless router from Tenda, a Chinese company. The Tenda AC7 suffers from a command injection vulnerability that stems from ateiwprivset failing to correctly filter construct command special characters, commands, and so on. An attacker can exploit this vulnerability to execute...

Tenda多款产品 代码问题漏洞

Tenda AC7 and others are products of Tenda, a Chinese company.Tenda AC7 is a wireless router.Tenda AC9 is a wireless router.Tenda AC10 is a wireless router. A code issue exists in a number of Tenda products where the vulnerability stems from a null pointer dereference vulnerability in the...

The vulnerability of the fromSetRouteStatic function (/goform/SetStaticRouteCfg) in the Tenda AC7 router software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the fromSetRouteStatic function /goform/SetStaticRouteCfg in the Tenda AC7 router software is related to buffer overflow in the stack. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information...

Tenda AC7 Command Injection Vulnerability

Tenda AC7 is a 1200M dual-band wireless router designed for large households by Tenda Technology, which adopts 802.11ac standard and supports dual-band concurrent transmission with wireless rate up to 1167Mbps. Tenda AC7 suffers from a command injection vulnerability that stems from a buffer...

PT-2024-2491 · Tenda · Tenda Ac7

Name of the Vulnerable Software and Affected Versions: Tenda AC7 version 15.03.06.44 Description: The issue is related to a stack-based buffer overflow in the GetParentControlInfo function of the /goform/GetParentControlInfo file. This can be exploited remotely using a specially crafted POST...

CVE-2023-41552

Tenda AC7 V1.0 V15.03.06.44 and Tenda AC9 V3.0 V15.03.06.42multi were discovered to contain a stack overflow via parameter ssid at url /goform/fastsettingwifiset...

Buffer Overflow Vulnerability in Multiple Tenda Products

The Tenda AC7, among others, is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in the web server httpd in the Tenda AC7 using firmware V15.03.06.44CN AC7 and earlier, the AC9 using firmware V15.03.05.196318CN AC9 and earlier, and the AC10 using firmware...

Buffer Overflow Vulnerability in Multiple Tenda Products (CNVD-2019-13772)

The Tenda AC7, among others, is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in the web server httpd in the Tenda AC7 using firmware V15.03.06.44CN AC7 and earlier, the AC9 using firmware V15.03.05.196318CN AC9 and earlier, and the AC10 using firmware...