CVE-2026-8138

CVE-2026-8138 affects Tenda CX12L 16.03.53.12. The flaw is located in the function formSetPPTPServer of the file /goform/SetPptpServerCfg and causes a stack-based buffer overflow. The issue is exploitable remotely, with an exploit publicly available. Connected sources consistently describe the vu...

CVE-2023-41561

Tenda AC9 V3.0 V15.03.06.42multi and Tenda AC5 USAC5V1.0RTLV15.03.06.28 were discovered to contain a stack overflow via parameter startIp and endIp at url /goform/SetPptpServerCfg...

CVE-2023-41561

The CVE-2023-41561 issue affects Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28. A stack overflow is triggered via parameters startIp and endIp in the API endpoint /goform/SetPptpServerCfg. The connected documents confirm the affected products and the vulnerable parame...

Stack overflow

Tenda TX3 USTX3V1.0brV16.03.13.11multiTDE01 was discovered to contain a stack overflow via the startIp parameter at /goform/SetPptpServerCfg...

CVE-2022-43025

Tenda TX3 USTX3V1.0brV16.03.13.11multiTDE01 was discovered to contain a stack overflow via the startIp parameter at /goform/SetPptpServerCfg...

PT-2022-19077 · Tenda · Tenda Ac15

Name of the Vulnerable Software and Affected Versions: Tenda AC15 version 15.03.05.20 Description: The issue is related to a buffer overflow in the web interface, specifically in the "/goform/setpptpservercfg" API endpoint. The vulnerability arises from the handling of POST data, where the starti...

CVE-2021-46393

There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10CN. The v10 variable is directly retrieved from the http request parameter startIp. Then v10 will be splice to stack by function sscanf without any security check,which causes stack...