PT-2025-51871

Name of the Vulnerable Software and Affected Versions Tenda AC10V4.0 version 16.03.10.20 Description A buffer overflow condition exists in the fromAdvSetMacMtuWan function within the httpd binary. This allows remote attackers to potentially cause a denial of service or even execute code. The issu...

CVE-2025-14654 Tenda AC20 httpd setPptpUserList formSetPPTPUserList stack-based overflow

A vulnerability was identified in Tenda AC20 16.03.08.12. The affected element is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component httpd. Such manipulation of the argument list leads to stack-based buffer overflow. The attack can be executed remotely. The...

PT-2025-51158

Name of the Vulnerable Software and Affected Versions Tenda AC20 version 16.03.08.12 Description A stack-based buffer overflow exists in the formSetPPTPUserList function within the httpd component. This issue is triggered by manipulating the argument list. The attack can be executed remotely. The...

UTT Progressive 520W Buffer Overflow Vulnerability (CNVD-2026-0079889)

The UTT Progress 520W is an enterprise-grade wireless router from Atech Technology UTT designed for office environments such as small businesses and remote branch offices. The UTT Progress 520W suffers from a buffer overflow vulnerability that stems from the failure of the parameter pools in the...

EUVD-2025-201601

A vulnerability has been found in UTT 进取 512W up to 1.7.7-171114. Affected by this issue is the function strcpy of the file /goform/formP2PLimitConfig. Such manipulation of the argument except leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed t...

CVE-2025-14140 UTT 进取 520W websHostFilter strcpy buffer overflow

A vulnerability was detected in UTT 进取 520W 1.7.7-180627. The affected element is the function strcpy of the file /goform/websHostFilter. Performing manipulation of the argument addHostFilter results in buffer overflow. The attack is possible to be carried out remotely. The exploit is now public...

EUVD-2025-198263

Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow in: /goform/SetVirtualServerCfg via the list parameter...

CVE-2025-12596

A security vulnerability has been detected in Tenda AC23 16.03.07.52. Affected is the function saveParentControlInfo of the file /goform/saveParentControlInfo. Such manipulation of the argument Time leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-12596

CVE-2025-12596 affects the Tenda AC23 router (firmware 16.03.07.52). The vulnerability is in the function /goform/saveParentControlInfo, where manipulating the Time parameter can trigger a buffer overflow. The issue allows remote execution and has publicly disclosed exploits. Impact is described ...

Tenda CH22 formwebExcptypemanFilter function buffer overflow vulnerability

Tenda CH22 is a network device from Tenda, China. Tenda CH22 version 1.0.0.1 suffers from a buffer overflow vulnerability, which originates from the parameter page in the file /goform/webExcptypemanFilter that fails to correctly validate the length of the input data, and can be exploited by an...

Tenda CH22 fromSafeMacFilter function buffer overflow vulnerability

Tenda CH22 is a network device from Tenda, China. A buffer overflow vulnerability exists in the Tenda CH22 version 1.0.0.1, which originates from the failure of the fromSafeMacFilter function parameter page in the /goform/SafeMacFilter file to correctly validate the length of the input data, and...

CVE-2025-12232

A vulnerability was detected in Tenda CH22 1.0.0.1. Affected by this vulnerability is the function fromSafeClientFilter of the file /goform/SafeClientFilter. Performing a manipulation of the argument page results in buffer overflow. The attack can be initiated remotely. The exploit is now public...

CVE-2025-12322

A flaw has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function fromNatStaticSetting of the file /goform/NatStaticSetting. Executing a manipulation of the argument page can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been published an...

CVE-2025-12274

CVE-2025-12274 affects Tenda CH22 1.0.0.1. The vulnerability is in the function fromP2pListFilter (file /goform/P2pListFilter), where manipulation of the page argument causes a buffer overflow. Remote exploitation is possible, and the exploit has been publicly disclosed. Multiple connected source...

CVE-2025-12273 Tenda CH22 webExcptypemanFilter fromwebExcptypemanFilter buffer overflow

A weakness has been identified in Tenda CH22 1.0.0.1. Affected is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. Executing a manipulation of the argument page can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to...

CVE-2025-12265

CVE-2025-12265 affects Tenda CH22 1.0.0.1. A vulnerability in the fromVirtualSer function of /goform/VirtualSer allows manipulation of the page argument, causing a buffer overflow. Public exploit available; remote code execution or denial of service is plausible as stated. Connected documents (CN...

CVE-2025-11651

A vulnerability has been found in UTT 进取 518G up to V3v3.2.7-210919-161313. This vulnerability affects the function sub4247AC of the file /goform/formRemoteControl. The manipulation of the argument Profile leads to buffer overflow. The attack is possible to be carried out remotely. The exploit ha...

CVE-2025-11528

A vulnerability was identified in Tenda AC7 15.03.06.44. This affects an unknown function of the file /goform/saveAutoQos. The manipulation of the argument enable leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be us...

CVE-2025-11528 Tenda AC7 saveAutoQos stack-based overflow

A vulnerability was identified in Tenda AC7 15.03.06.44. This affects an unknown function of the file /goform/saveAutoQos. The manipulation of the argument enable leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be us...

CVE-2025-11523

The CVE-2025-11523 entry concerns Tenda AC7 15.03.06.44. The affected component is the AdvSetLanip handler, with the vulnerability arising from improper filtering/handling of the lanIp parameter in /goform/AdvSetLanip, enabling remote command injection. Public exploits exist and can be used to ac...