CVE-2022-38571

Tenda M3 V1.0.0.124856 was discovered to contain a buffer overflow in the function formSetGuideListItem...

VulnCheck KEV: CVE-2025-7414

A vulnerability classified as critical was found in Tenda O3V2 1.0.0.123880. This vulnerability affects the function fromNetToolGet of the file /goform/setPingInfo of the component httpd. The manipulation of the argument domain leads to os command injection. The attack can be initiated remotely...

CVE-2025-9299

A vulnerability has been found in Tenda M3 1.0.0.12. Affected by this vulnerability is the function formGetMasterPassengerAnalyseData of the file /goform/getMasterPassengerAnalyseData. The manipulation of the argument Time leads to stack-based buffer overflow. The attack may be initiated remotely...

CVE-2025-55613

Tenda O3V2 1.0.0.123880 is vulnerable to Buffer Overflow in the fromSafeSetMacFilter function via the mac parameter...

PT-2025-34474 · Tenda · Tenda O3V2

Name of the Vulnerable Software and Affected Versions: Tenda O3V2 version 1.0.0.123880 Description: The Tenda O3V2 device is susceptible to a buffer overflow issue within the fromSafeSetMacFilter function. The vulnerability is triggered by manipulating the mac parameter. Recommendations: Update t...

CVE-2025-55613

Tenda O3V2 1.0.0.123880 is vulnerable to Buffer Overflow in the fromSafeSetMacFilter function via the mac parameter...

CVE-2025-9299 Tenda M3 getMasterPassengerAnalyseData formGetMasterPassengerAnalyseData stack-based overflow

A vulnerability has been found in Tenda M3 1.0.0.12. Affected by this vulnerability is the function formGetMasterPassengerAnalyseData of the file /goform/getMasterPassengerAnalyseData. The manipulation of the argument Time leads to stack-based buffer overflow. The attack may be initiated remotely...

CVE-2025-9299

CVE-2025-9299 affects Tenda M3 1.0.0.12. The vulnerability is in the /goform/getMasterPassengerAnalyseData::formGetMasterPassengerAnalyseData function, where unsafely handling the Time parameter allows a stack-based buffer overflow. This can be triggered remotely; the exploit has been disclosed p...

PT-2025-34212 · Tenda · Tenda M3

Name of the Vulnerable Software and Affected Versions: Tenda M3 version 1.0.0.12 Description: A vulnerability has been identified in the Tenda M3 device. The formGetMasterPassengerAnalyseData function within the /goform/getMasterPassengerAnalyseData file is susceptible to a stack-based buffer...

Tenda M3 安全漏洞

Tenda M3 is a wireless controller AC from Tenda, which is aimed at scenarios such as hotel chains, low-star hotels and small and medium-sized businesses. Tenda M3 has a stack buffer overflow vulnerability, the vulnerability stems from the file /goform/QuickIndex function formQuickIndex parameter...

PT-2025-34211 · Tenda · Tenda M3

Name of the Vulnerable Software and Affected Versions: Tenda M3 version 1.0.0.12 Description: A flaw has been found in the formQuickIndex function of the /goform/QuickIndex file. Manipulation of the PPPOEPassword argument can lead to a stack-based buffer overflow. The attack can be launched...

Tenda M3 安全漏洞

Tenda M3 is a wireless controller AC from Tenda, which is aimed at scenarios such as hotel chains, low-star hotels and small and medium-sized businesses. Tenda M3 there is a stack buffer overflow vulnerability, the vulnerability stems from /goform/getMasterPassengerAnalyseData file in the...

CVE-2025-7415

A vulnerability, which was classified as critical, has been found in Tenda O3V2 1.0.0.123880. This issue affects the function fromTraceroutGet of the file /goform/getTraceroute of the component httpd. The manipulation of the argument dest leads to command injection. The attack may be initiated...

PT-2025-29168 · Tenda · Tenda O3V2

Name of the Vulnerable Software and Affected Versions: Tenda O3V2 version 1.0.0.123880 Description: A critical issue exists in Tenda O3V2 version 1.0.0.123880. This issue affects the fromTraceroutGet function within the /goform/getTraceroute file of the httpd component. Manipulation of the dest...

PT-2024-27092 · Tenda · Tenda O3V2

Name of the Vulnerable Software and Affected Versions: Tenda O3V2 version 1.0.0.123880 Description: The issue is related to a Blind Command Injection via the stpEn parameter in the SetStp function, allowing attackers to execute arbitrary commands with root privileges. Recommendations: For Tenda...

CVE-2023-51092

Tenda M3 V1.0.0.124856 was discovered to contain a stack overflow via the function upgrade...

CVE-2023-51093

Tenda M3 V1.0.0.124856 was discovered to contain a stack overflow via the function fromSetLocalVlanInfo...

Stack overflow

Tenda M3 V1.0.0.124856 was discovered to contain a stack overflow via the function fromSetLocalVlanInfo...

PT-2023-8233 · Tenda · Tenda M3

Name of the Vulnerable Software and Affected Versions: Tenda M3 version 1.0.0.124856 Description: The issue is related to a stack overflow via the formDelWlRfPolicy function, which can allow a remote attacker to execute arbitrary commands. This is due to a buffer overflow in the formDelWlRfPolicy...

Tenda M3 安全漏洞

Tenda M3 is an access controller from Tenda, China. A command execution vulnerability exists in Tenda M3 version V1.0.0.124856, which stems from the failure of the TendaTelnet method to properly filter constructed command special characters, commands, etc. The vulnerability can be exploited to...