382 matches found
Tenda AC7 SetSysTimeCfg File Buffer Overflow Vulnerability
Tenda AC7 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in Tenda AC7 version 15.03.06.44. The vulnerability stems from the parameter Time in the file /goform/SetSysTimeCfg that fails to properly validate the length and size of the input data, which can...
CVE-2026-4974
A flaw has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg of the component POST Request Handler. Executing a manipulation of the argument Time can lead to stack-based buffer overflow. It is possible to launch the attack...
CVE-2026-4974
A flaw has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg of the component POST Request Handler. Executing a manipulation of the argument Time can lead to stack-based buffer overflow. It is possible to launch the attack...
CVE-2026-4974
A flaw has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg of the component POST Request Handler. Executing a manipulation of the argument Time can lead to stack-based buffer overflow. It is possible to launch the attack...
CVE-2026-4974
CVE-2026-4974 affects Tenda AC7 firmware version 15.03.06.44. The vulnerability is in the function fromSetSysTime of /goform/SetSysTimeCfg in the POST Request Handler, where manipulating the Time argument can cause a stack-based buffer overflow. This enables remote code execution over the network...
CVE-2026-4974 Tenda AC7 POST Request SetSysTimeCfg fromSetSysTime memory corruption
A flaw has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg of the component POST Request Handler. Executing a manipulation of the argument Time can lead to stack-based buffer overflow. It is possible to launch the attack...
Tenda AC7 安全漏洞
Tenda AC7 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in Tenda AC7 version 15.03.06.44. The vulnerability stems from the parameter Time in the file /goform/SetSysTimeCfg that fails to properly validate the length and size of the input data, which can...
PT-2026-28699
Name of the Vulnerable Software and Affected Versions Tenda AC7 version 15.03.06.44 Description A stack-based buffer overflow can occur in the fromSetSysTime function within the /goform/SetSysTimeCfg file, specifically through manipulation of the Time argument via a POST request. This allows for...
CVE-2026-24427
Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior expose sensitive information in web management responses. Administrative credentials, including the router and/or admin panel password, are included in plaintext within configuration response bodies. In addition, responses lack...
CVE-2026-24426
Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior contain an improper output encoding vulnerability in the web management interface. User-supplied input is reflected in HTTP responses without adequate escaping, allowing injection of arbitrary HTML or JavaScript in a victim’s browser...
CVE-2026-24441
Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior expose account credentials in plaintext within HTTP responses, allowing an on-path attacker to obtain sensitive authentication material...
CVE-2026-24441
Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior expose account credentials in plaintext within HTTP responses, allowing an on-path attacker to obtain sensitive authentication material...
CVE-2026-24434
Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior does not implement CSRF protections for administrative functions in the web management interface. The interface does not enforce anti-CSRF tokens or robust origin validation, which can allow an attacker to induce a logged-in administrat...
CVE-2026-24441
Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior expose account credentials in plaintext within HTTP responses, allowing an on-path attacker to obtain sensitive authentication material...
CVE-2026-24426
Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior contain an improper output encoding vulnerability in the web management interface. User-supplied input is reflected in HTTP responses without adequate escaping, allowing injection of arbitrary HTML or JavaScript in a victim’s browser...
CVE-2026-24426
Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior contain an improper output encoding vulnerability in the web management interface. User-supplied input is reflected in HTTP responses without adequate escaping, allowing injection of arbitrary HTML or JavaScript in a victim’s browser...
CVE-2026-24427
Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior expose sensitive information in web management responses. Administrative credentials, including the router and/or admin panel password, are included in plaintext within configuration response bodies. In addition, responses lack...
CVE-2026-24441
Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior expose account credentials in plaintext within HTTP responses, allowing an on-path attacker to obtain sensitive authentication material...
CVE-2026-24441 Tenda AC7 Transmits Admin Credentials Without HTTPS Protection
Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior expose account credentials in plaintext within HTTP responses, allowing an on-path attacker to obtain sensitive authentication material...
CVE-2026-24441
The CVE-2026-24441 entry concerns Shenzhen Tenda AC7 firmware (versions prior to and including V03.03.03.01_cn) that transmits account credentials in plaintext via HTTP responses. The underlying issue is the lack of encryption for authentication material, enabling an on-path attacker to intercept...