Lucene search
K

20 matches found

CVE
CVE
added 3 days ago88 views

CVE-2026-11405

CVE-2026-11405 affects multiple Tenda firmware versions where the web server binary /bin/httpd implements a hidden backdoor authentication in login(): after normal MD5-based verification, if authentication fails it reads a config value via GetValue("sys.rzadmin.password") and compares it to the u...

9.8CVSS6AI score0.00243EPSS
Exploits1References3
Cvelist
Cvelist
added 3 days ago45 views

CVE-2026-11405 Hidden backdoor authentication mechanism in multiple versions of Tenda firmware allows admin access to web management interface

The web server binary /bin/httpd contains a hidden backdoor authentication mechanism in the login function at 004c88b8. - The function contains a normal authentication path using MD5/hash-based password verification prodencode64/PasswordToMd5/checkrandkey. - After normal authentication fails, it...

0.00243EPSS
Exploits1References2
CERT
CERT
added 3 days ago6 views

Tenda firmware (multiple versions) contains hidden authentication backdoor

Overview Several versions of Tenda firmware contain an undocumented authentication backdoor that grants administrative access to the devices' web management interfaces. An attacker can expoit this vulnerability, tracked as CVE-2026-11405, to bypass the password verification process and obtain ful...

9.8CVSS6.1AI score0.00243EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 3 days ago8 views

PT-2026-55969

Name of the Vulnerable Software and Affected Versions Tenda firmware US FH1201V1.0BR V1.2.0.14408 EN TD Tenda firmware US W15EV1.0br V15.11.0.51068 1567 841 EN TDE Tenda firmware US AC10V1.0re V15.03.06.46 multi TDE01 Tenda firmware US AC5V1.0RTL V15.03.06.48 multi TDE01 Tenda firmware US...

10CVSS6.2AI score0.00243EPSS
Exploits1References33
Cvelist
Cvelist
added 2026/06/09 12:0 a.m.34 views

CVE-2026-36798

Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain multiple stack overflows in the formSetDebugCfgr function via the enable, level, and module parameters. These vulnerabilities allow attackers to cause a Denial of Service DoS via a crafted HTTP request...

0.00301EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.6 views

PT-2026-36034

A vulnerability was detected in Tenda 4G300 US 4G300V1.0Mt V1.01.42 CN TDC01. This impacts the function sub 425A28 of the file /goform/DelFil. The manipulation of the argument delflag results in command injection. The attack may be launched remotely. The exploit is now public and may be used...

6.5CVSS6.4AI score0.01314EPSS
Exploits0References6
NVD
NVD
added 2026/04/29 8:16 p.m.9 views

CVE-2018-25318

Tenda FH303/A300 firmware V5.07.68EN contains a session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient cookie validation. Attackers can send GET requests to the /goform/AdvSetDns endpoint with a crafted admin cookie to change DNS...

9.8CVSS0.00651EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.7 views

PT-2026-36001

Tenda FH303/A300 firmware V5.07.68 EN contains a session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient cookie validation. Attackers can send GET requests to the /goform/AdvSetDns endpoint with a crafted admin cookie to change DNS...

9.8CVSS5.2AI score0.00651EPSS
Exploits1References3
CVE
CVE
added 2026/04/12 11:30 p.m.14 views

CVE-2026-6136

The CVE-2026-6136 entry applies to Tenda F451 1.0.0.7_cn_svn7958. Affected component is the frmL7ImForm function in the /goform/L7Im path. Root cause is a stack-based buffer overflow triggered by manipulation of the page argument. Impact is high: remote initiation is possible with high confidenti...

9CVSS7.9AI score0.00541EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/03/29 4:30 a.m.4 views

EUVD-2026-16963

A flaw has been found in Tenda F453 1.0.0.3. This affects the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. This manipulation of the argument delno causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been...

9CVSS7.5AI score0.00632EPSS
Exploits1References6
NVD
NVD
added 2026/02/28 11:16 p.m.10 views

CVE-2026-3376

A security vulnerability has been detected in Tenda F453 1.0.0.3. Affected by this vulnerability is the function fromSafeMacFilter of the file /goform/SafeMacFilter. Such manipulation of the argument page leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been...

9CVSS0.00746EPSS
Exploits1References5
OSV
OSV
added 2026/02/09 3:16 a.m.4 views

CVE-2026-2202

A vulnerability was detected in Tenda AC8 16.03.33.05. Affected is the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet of the component httpd. The manipulation of the argument shareSpeed results in buffer overflow. The attack may be launched remotely. The exploit is now public and...

8.7CVSS7.8AI score0.00622EPSS
Exploits1References6
EUVD
EUVD
added 2026/02/03 7:9 p.m.5 views

EUVD-2026-5183

Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior contain an improper output encoding vulnerability in the web management interface. User-supplied input is reflected in HTTP responses without adequate escaping, allowing injection of arbitrary HTML or JavaScript in a victim’s browser...

5.1CVSS5.5AI score0.00188EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/26 5:2 a.m.7 views

EUVD-2026-4691

A flaw has been found in Tenda AC23 16.03.07.52. This impacts an unknown function of the file /goform/WifiExtraSet. This manipulation of the argument wpapskcrypto causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used...

9CVSS5.9AI score0.03518EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/05/22 11:54 p.m.6 views

CVE-2022-43028

Tenda TX3 USTX3V1.0brV16.03.13.11multiTDE01 was discovered to contain a stack overflow via the timeZone parameter at /goform/SetSysTimeCfg...

9.8CVSS7.8AI score0.00755EPSS
Exploits0References1
OSV
OSV
added 2024/04/24 2:15 p.m.4 views

CVE-2024-4111

A vulnerability was found in Tenda TX9 22.03.02.10. It has been rated as critical. Affected by this issue is the function sub42BD7C of the file /goform/SetLEDCfg. The manipulation of the argument time leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been...

8.8CVSS6.5AI score0.01453EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/04/17 12:0 a.m.28 views

CVE-2024-32314

Tenda AC500 V2.0.1.91307 firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter...

7.5AI score0.01028EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2023/07/11 2:7 p.m.7 views

Exploit for Classic Buffer Overflow in Tenda Ac6_Firmware

CVE-2023-38823 Buffer Overflow in formSetCfm Affected mod...

9.8CVSS7.4AI score0.01203EPSS
Exploits3
OSV
OSV
added 2023/03/13 2:15 p.m.7 views

CVE-2023-27065

Tenda V15V1.0 V15.11.0.14152131901058 was discovered to contain a buffer overflow vulnerability via the picName parameter in the formDelWewifiPi function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

7.5CVSS7.5AI score0.00896EPSS
Exploits1References1
OSV
OSV
added 2023/03/13 2:15 p.m.6 views

CVE-2023-27064

Tenda V15V1.0 V15.11.0.14152131901058 was discovered to contain a buffer overflow vulnerability via the index parameter in the formDelDnsForward function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

7.5CVSS7.5AI score0.00896EPSS
Exploits1References1
Rows per page
Query Builder