307 matches found
Exploit for CVE-2026-11499
🚨 CVE-2026-11499 Stack-Based Buffer Overflow in Tenda HG7...
CVE-2021-27706
Buffer Overflow in Tenda G1 and G3 routers with firmware version V15.11.0.179502CN allows remote attackers to execute arbitrary code via a crafted action/"IPMacBindIndex "request. This occurs because the "formIPMacBindDel" function directly passes the parameter "IPMacBindIndex" to strcpy without...
Zerobot Malware Targets n8n Automation Platform
The use of Mirai continues. Read how the Akamai SIRT identified active exploitation of vulnerabilities in the n8n automation platform and Tenda AC1206 routers...
Tenda D301 and Tenda D151 Access Control Error Vulnerabilities
Tenda D301 is a wireless router.Tenda D151 is a wireless router. An access control error vulnerability exists in the Tenda D301 and Tenda D151 that stems from the presence of an unauthenticated configuration download on the /goform/getimage endpoint, which can be exploited by an attacker to cause...
PT-2026-3797
Name of the Vulnerable Software and Affected Versions Tenda D151 routers affected versions not specified Tenda D301 routers affected versions not specified Description Remote attackers can retrieve router configuration files from Tenda D151 and D301 routers without authentication. This is possibl...
CVE-2026-22081
This vulnerability exists in Tenda wireless routers 300Mbps Wireless Router F3 and N300 Easy Setup Router due to the missing HTTPOnly flag for session cookies associated with the web-based administrative interface. A remote at-tacker could exploit this vulnerability by capturing session cookies...
CVE-2026-22080
This vulnerability exists in Tenda wireless routers 300Mbps Wireless Router F3 and N300 Easy Setup Router due to the transmission of credentials encoded using reversible Base64 encoding through the web-based administrative interface. An attacker on the same network could exploit this vulnerabilit...
CVE-2026-22082
This vulnerability exists in Tenda wireless routers 300Mbps Wireless Router F3 and N300 Easy Setup Router due to the use of login credentials as the session ID through its web-based administrative interface. A remote attacker could exploit this vulnerability by intercepting network traffic and...
CVE-2018-14557
An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44CNAC7, AC9 devices with firmware through V15.03.05.196318CNAC9, and AC10 devices with firmware through V15.03.06.23CNAC10. A buffer overflow vulnerability exists in the router's web server httpd. When processing the pa...
CVE-2026-22081
This vulnerability exists in Tenda wireless routers 300Mbps Wireless Router F3 and N300 Easy Setup Router due to the missing HTTPOnly flag for session cookies associated with the web-based administrative interface. A remote at-tacker could exploit this vulnerability by capturing session cookies...
CVE-2026-22082
This vulnerability exists in Tenda wireless routers 300Mbps Wireless Router F3 and N300 Easy Setup Router due to the use of login credentials as the session ID through its web-based administrative interface. A remote attacker could exploit this vulnerability by intercepting network traffic and...
CVE-2021-27691
Command Injection in Tenda G0 routers with firmware versions v15.11.0.69039CN and v15.11.0.55876CN , and Tenda G1 and G3 routers with firmware versions v15.11.0.179502CN or v15.11.0.169024CN allows remote attackers to execute arbitrary OS commands via a crafted action/setDebugCfg request. This...
CVE-2021-27707
Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.179502CN allows remote attackers to execute arbitrary code via a crafted action/"portMappingIndex "request. This occurs because the "formDelPortMapping" function directly passes the parameter "portMappingIndex" to strcpy without...
CVE-2026-22082 Insecure Session ID Management Vulnerability in Tenda Wireless Routers
This vulnerability exists in Tenda wireless routers 300Mbps Wireless Router F3 and N300 Easy Setup Router due to the use of login credentials as the session ID through its web-based administrative interface. A remote attacker could exploit this vulnerability by intercepting network traffic and...
CVE-2026-22082
CVE-2026-22082 affects Tenda 300Mbps Wireless Router F3 and N300 Easy Setup Router. The root cause is using login credentials as the session ID in the web-based admin interface, allowing a remote attacker to hijack an authenticated session by intercepting unsecured traffic. Impact cited: exposure...
CVE-2026-22082 Insecure Session ID Management Vulnerability in Tenda Wireless Routers
This vulnerability exists in Tenda wireless routers 300Mbps Wireless Router F3 and N300 Easy Setup Router due to the use of login credentials as the session ID through its web-based administrative interface. A remote attacker could exploit this vulnerability by intercepting network traffic and...
CVE-2026-22081 Cookie without HTTPOnly Flag Vulnerability in Tenda Wireless Routers
This vulnerability exists in Tenda wireless routers 300Mbps Wireless Router F3 and N300 Easy Setup Router due to the missing HTTPOnly flag for session cookies associated with the web-based administrative interface. A remote at-tacker could exploit this vulnerability by capturing session cookies...
CVE-2026-22081 Cookie without HTTPOnly Flag Vulnerability in Tenda Wireless Routers
This vulnerability exists in Tenda wireless routers 300Mbps Wireless Router F3 and N300 Easy Setup Router due to the missing HTTPOnly flag for session cookies associated with the web-based administrative interface. A remote at-tacker could exploit this vulnerability by capturing session cookies...
CVE-2026-22081
The CVE-2026-22081 issue affects Tenda 300Mbps Wireless Router F3 and N300 Easy Setup Router, arising from the absence of the HTTPOnly flag on cookies used by the web-based administrative interface. This enables a remote attacker to potentially capture session cookies transmitted over unencrypted...
CVE-2026-22080
This vulnerability exists in Tenda wireless routers 300Mbps Wireless Router F3 and N300 Easy Setup Router due to the transmission of credentials encoded using reversible Base64 encoding through the web-based administrative interface. An attacker on the same network could exploit this vulnerabilit...