79 matches found
CVE-2026-11499
A vulnerability was determined in Tenda HG7HG9 and HG10 300001138enxpon. This affects the function formDOMAINBLK of the file /boaform/formDOMAINBLK. Executing a manipulation of the argument blkDomain can lead to stack-based buffer overflow. The attack may be performed from remote...
CVE-2026-11553
A vulnerability was found in Tenda HG7HG9 and HG10 300001138enxpon. This affects the function formPPPEdit of the file /boaform/formPPPEdit. The manipulation of the argument encodename results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been made public and...
CVE-2026-11553
Vulnerability (CVE-2026-11553) affects Tenda HG7HG9 and HG10 models (firmware variant 300001138_en_xpon). The flaw is in the function formPPPEdit in /boaform/formPPPEdit: manipulating the argument encodename causes a stack-based buffer overflow. The issue can be exploited remotely, and public exp...
CVE-2026-11499
A vulnerability was determined in Tenda HG7HG9 and HG10 300001138enxpon. This affects the function formDOMAINBLK of the file /boaform/formDOMAINBLK. Executing a manipulation of the argument blkDomain can lead to stack-based buffer overflow. The attack may be performed from remote...
CVE-2026-11499 Tenda HG7HG9/HG10 formDOMAINBLK stack-based overflow
A vulnerability was determined in Tenda HG7HG9 and HG10 300001138enxpon. This affects the function formDOMAINBLK of the file /boaform/formDOMAINBLK. Executing a manipulation of the argument blkDomain can lead to stack-based buffer overflow. The attack may be performed from remote...
CVE-2026-6988
A flaw has been found in Tenda HG10 HG7HG9HG10re300001138enxpon. This issue affects the function formRoute of the file /boaform/formRouting of the component Boa Service. This manipulation of the argument nextHop causes buffer overflow. It is possible to initiate the attack remotely. The exploit h...
PT-2026-35159
A flaw has been found in Tenda HG10 HG7 HG9 HG10re 300001138 en xpon. This issue affects the function formRoute of the file /boaform/formRouting of the component Boa Service. This manipulation of the argument nextHop causes buffer overflow. It is possible to initiate the attack remotely. The...
CVE-2026-1690
A flaw has been found in Tenda HG10 USHG7HG9HG10re300001138enxpon. This affects the function system of the file /boaform/formSysCmd. This manipulation of the argument sysCmd causes command injection. The attack may be initiated remotely. The exploit has been published and may be used...
CVE-2026-1690
A flaw has been found in Tenda HG10 USHG7HG9HG10re300001138enxpon. This affects the function system of the file /boaform/formSysCmd. This manipulation of the argument sysCmd causes command injection. The attack may be initiated remotely. The exploit has been published and may be used...
CVE-2026-1689
A vulnerability was detected in Tenda HG10 USHG7HG9HG10re300001138enxpon. The impacted element is the function checkUserFromLanOrWan of the file /boaform/admin/formLogin of the component Login Interface. The manipulation of the argument Host results in command injection. The attack can be launche...
CVE-2026-1687
A weakness has been identified in Tenda HG10 USHG7HG9HG10re300001138enxpon. Impacted is an unknown function of the file /boaform/formSamba of the component Boa Webserver. Executing a manipulation of the argument serverString can lead to command injection. It is possible to launch the attack...
CVE-2026-1687
A weakness has been identified in Tenda HG10 USHG7HG9HG10re300001138enxpon. Impacted is an unknown function of the file /boaform/formSamba of the component Boa Webserver. Executing a manipulation of the argument serverString can lead to command injection. It is possible to launch the attack...
PT-2026-5425
Name of the Vulnerable Software and Affected Versions Tenda HG10 US HG7 HG9 HG10re 300001138 en xpon affected versions not specified Description A flaw exists in the Login Interface component of the software, specifically within the checkUserFromLanOrWan function located in the...
PT-2026-5426
Name of the Vulnerable Software and Affected Versions Tenda HG10 US HG7 HG9 HG10re 300001138 en xpon affected versions not specified Description A flaw exists in the system function associated with the file '/boaform/formSysCmd'. Manipulation of the sysCmd argument can lead to command injection...
CVE-2025-15371
A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to 65.10.15.6. Affected is an unknown function of the component Shadow File. Such manipulation with the input Fireitup leads to hard-coded credentials. An attack has to be approached locally. T...
EUVD-2025-205867
A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to 65.10.15.6. Affected is an unknown function of the component Shadow File. Such manipulation with the input Fireitup leads to hard-coded credentials. An attack has to be approached locally. T...
CVE-2025-15371
A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to 65.10.15.6. Affected is an unknown function of the component Shadow File. Such manipulation with the input Fireitup leads to hard-coded credentials. An attack has to be approached locally. T...
CVE-2025-15371
Affected products: Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to version 65.10.15.6. Root cause: manipulation of the Shadow File component via input Fireitup, enabling hard-coded credentials. Local access required. Public exploit details exist. Remediation: upgrade to a...
PT-2025-54267
Name of the Vulnerable Software and Affected Versions Tenda i24 versions prior to 65.10.15.7 Tenda 4G03 Pro versions prior to 65.10.15.7 Tenda 4G05 versions prior to 65.10.15.7 Tenda 4G08 versions prior to 65.10.15.7 Tenda G0-8G-PoE versions prior to 65.10.15.7 Tenda Nova MW5G versions prior to...
EUVD-2017-8105
Malware in sbrugna...