EUVD-2026-17247

A vulnerability has been found in Tenda CH22 1.0.0.1/1.If. The impacted element is the function fromSetCfm of the file /goform/setcfm of the component Parameter Handler. The manipulation of the argument funcname leads to stack-based buffer overflow. Remote exploitation of the attack is possible...

CVE-2026-4975

A vulnerability has been found in Tenda AC15 15.03.05.19. This affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has...

EUVD-2026-16474

A vulnerability has been found in Tenda AC5 15.03.06.47. This issue affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. Such manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit...

CVE-2026-3677

A vulnerability was found in Tenda FH451 1.0.0.9. This impacts the function fromSetCfm of the file /goform/setcfm. The manipulation of the argument funcname/funcpara1 results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been made public and could be use...

CVE-2026-3728

Technical details beyond what is provided here are not publicly available in the supplied documents. Monitor for updates from vendors and CVE databases.

CVE-2026-3728 Tenda F453 setcfm fromSetCfm stack-based overflow

A vulnerability was determined in Tenda F453 1.0.0.3/1.If. This issue affects the function fromSetCfm of the file /goform/setcfm. This manipulation of the argument funcname/funcpara1 causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly...

PT-2026-23886

Name of the Vulnerable Software and Affected Versions Tenda FH451 version 1.0.0.9 Description A flaw exists in Tenda FH451 version 1.0.0.9 related to a stack-based buffer overflow. The issue is located in the fromSetCfm function within the /goform/setcfm file. Manipulation of the funcname/funcpar...

CVE-2024-41465

Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the funcpara1 parameter at ip/goform/setcfm...

Tenda FH1201 安全漏洞

The Tenda FH1201 is a wireless router from Tenda China. The Tenda FH1201 suffers from a buffer overflow vulnerability that originates from the funcpara1 parameter at ip/goform/setcfm containing a stack-based buffer overflow vulnerability. No detailed vulnerability details are provided at this tim...

Tenda FH1206 安全漏洞

The Tenda FH1206 is a wireless router from Tenda China. The Tenda FH1206 suffers from a buffer overflow vulnerability that originates from a failure to properly validate the length of input data via the funcpara1 parameter in ip/goform/setcfm, which can be exploited by an attacker to execute...

PT-2024-2875 · Tenda · Tenda Ac500

Name of the Vulnerable Software and Affected Versions: Tenda AC500 version 2.0.1.91307 Description: A critical issue affects the formSetCfm function of the file /goform/setcfm, leading to a stack-based buffer overflow when the funcpara1 argument is manipulated. This can be exploited remotely,...

PT-2024-2344 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10U version 15.03.06.48 Description: A critical issue has been found in the function formSetCfm of the file goform/setcfm, where the manipulation of the argument funcpara1 leads to a stack-based buffer overflow. This can be exploited...

PT-2024-1310 · Tenda · Tenda W6

Name of the Vulnerable Software and Affected Versions: Tenda W6 version 1.0.0.94122 Description: A critical issue affects the formSetCfm function of the httpd component, specifically in the /goform/setcfm file. The manipulation of the funcpara1 argument leads to a stack-based buffer overflow. Thi...

Buffer overflow vulnerability in multiple Tenda products (CNVD-2020-31407)

The Tenda AC9, among others, is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in httpd in several Tenda products. An attacker can exploit this vulnerability by sending the 'funcpara1' parameter to the /goform/setcfm URL to execute arbitrary code...