CVE-2026-6120 Tenda F451 httpd DhcpListClient fromDhcpListClient stack-based overflow

A vulnerability was detected in Tenda F451 1.0.0.7. Affected is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. The manipulation of the argument page results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public a...

CVE-2026-6120 Tenda F451 httpd DhcpListClient fromDhcpListClient stack-based overflow

A vulnerability was detected in Tenda F451 1.0.0.7. Affected is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. The manipulation of the argument page results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public a...

CVE-2026-6120

CVE-2026-6120 affects Tenda F451 1.0.0.7. The httpd component’s /goform/DhcpListClient, function fromDhcpListClient, is vulnerable to a stack-based buffer overflow caused by manipulation of the page argument. The issue is exploitable remotely, and a public exploit is available. Evidence originate...

PT-2026-32156

A vulnerability was found in Tenda F451 1.0.0.7. This affects the function fromAddressNat of the file /goform/addressNat of the component httpd. Performing a manipulation of the argument entrys results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has...

PT-2026-32154

A flaw has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function WrlclientSet of the file /goform/WrlclientSet of the component httpd. This manipulation of the argument GO causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been...

EUVD-2026-20982

A vulnerability was detected in Tenda CH22 1.0.0.6468. This issue affects the function R7WebsSecurityHandlerfunction of the component httpd. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used...

CVE-2026-5962 Tenda CH22 httpd R7WebsSecurityHandlerfunction path traversal

A vulnerability was detected in Tenda CH22 1.0.0.6468. This issue affects the function R7WebsSecurityHandlerfunction of the component httpd. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used...

CVE-2026-28808 ScriptAlias CGI targets bypass directory auth in inets httpd (mod_auth vs mod_cgi path mismatch)

Incorrect Authorization vulnerability in Erlang OTP inets modules allows unauthenticated access to CGI scripts protected by directory rules when served via scriptalias. When scriptalias maps a URL prefix to a directory outside DocumentRoot, modauth evaluates directory-based access controls agains...

CVE-2026-5548

A vulnerability was found in Tenda AC10 16.03.10.10multiTDE01. Affected by this vulnerability is the function fromSysToolChangePwd of the file /bin/httpd. Performing a manipulation of the argument sys.userpass results in stack-based buffer overflow. The attack can be initiated remotely...

EUVD-2026-19044

A vulnerability was found in Tenda AC10 16.03.10.10multiTDE01. Affected by this vulnerability is the function fromSysToolChangePwd of the file /bin/httpd. Performing a manipulation of the argument sys.userpass results in stack-based buffer overflow. The attack can be initiated remotely...

EUVD-2026-19048

A vulnerability was identified in Tenda AC10 16.03.10.10multiTDE01. This affects the function fromSysToolChangePwd of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The attack may be initiated remotely. Multiple endpoints might be affected...

CVE-2026-5550 Tenda AC10 httpd fromSysToolChangePwd stack-based overflow

A vulnerability was identified in Tenda AC10 16.03.10.10multiTDE01. This affects the function fromSysToolChangePwd of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The attack may be initiated remotely. Multiple endpoints might be affected...

CVE-2026-5548

CVE-2026-5548 affects Tenda AC10 (firmware 16.03.10.10_multi_TDE01). The vulnerability targets the function fromSysToolChangePwd in /bin/httpd, where manipulating the argument sys.userpass triggers a stack-based buffer overflow. Remote initiation is possible, indicating potential remote code exec...

CVE-2026-5548 Tenda AC10 httpd fromSysToolChangePwd stack-based overflow

A vulnerability was found in Tenda AC10 16.03.10.10multiTDE01. Affected by this vulnerability is the function fromSysToolChangePwd of the file /bin/httpd. Performing a manipulation of the argument sys.userpass results in stack-based buffer overflow. The attack can be initiated remotely...

CVE-2026-5547

The CVE applies to Tenda AC10 with build 16.03.10.10_multi_TDE01 . The vulnerability affects the function formAddMacfilterRule in the file /bin/httpd , enabling an OS command injection . It is exploitable remotely and can affect multiple endpoints. Public assessments show a high impact: CVSSv3.1 ...

CVE-2026-5547 Tenda AC10 httpd formAddMacfilterRule os command injection

A vulnerability has been found in Tenda AC10 16.03.10.10multiTDE01. Affected is the function formAddMacfilterRule of the file /bin/httpd. Such manipulation leads to os command injection. It is possible to launch the attack remotely. Multiple endpoints might be affected...

Tenda AC10 操作系统命令注入漏洞

The Tenda AC10 is a wireless router produced by the Chinese company Tenda. The Tenda AC10 16.03.10.10multiTDE01 version has a vulnerability related to operating system command injection. This vulnerability stems from the formAddMacFilterRule function in the /bin/httpd file, which allows for OS...

PT-2026-30418

Name of the Vulnerable Software and Affected Versions Tenda AC10 version 16.03.10.10 multi TDE01 Description A remote OS command injection flaw exists in the formAddMacfilterRule function within the /bin/httpd file. This allows a remote attacker to execute arbitrary operating system commands on t...

CVE-2026-5526

A security flaw has been discovered in Tenda 4G03 Pro up to 1.0/1.1/04.03.01.53/192.168.0.1. Affected by this vulnerability is an unknown functionality of the file /bin/httpd. The manipulation results in improper access controls. The attack may be performed from remote. The exploit has been...

CVE-2026-5526 Tenda 4G03 Pro httpd access control

A security flaw has been discovered in Tenda 4G03 Pro up to 1.0/1.1/04.03.01.53/192.168.0.1. Affected by this vulnerability is an unknown functionality of the file /bin/httpd. The manipulation results in improper access controls. The attack may be performed from remote. The exploit has been...