EUVD-2026-29022

A security vulnerability has been detected in Tenda AC6 15.03.06.23. Affected by this issue is the function getlogfile of the file /goform/getLogFile of the component httpd. The manipulation of the argument wans.flag leads to os command injection. The attack can be initiated remotely. The exploit...

CVE-2026-8263 Tenda AC6 httpd WifiExtraSet fromSetWirelessRepeat os command injection

A security flaw has been discovered in Tenda AC6 15.03.06.49multiTDE01. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet of the component httpd. Performing a manipulation of the argument mac/ssid results in os command injection. It is possible to initiate the attack...

Tenda AC6 命令注入漏洞

Tenda AC6 is a wireless router produced by the Chinese company Tenda. The version 15.03.06.49multiTDE01 of Tenda AC6 has a command injection vulnerability. This vulnerability stems from the function fromSetWirelessRepeat in the goform/WifiExtraSet module of the httpd component, which processes...

PT-2026-39562

Name of the Vulnerable Software and Affected Versions Tenda AC6 version 15.03.06.49 multi TDE01 Description A flaw in the httpd component allows remote attackers to perform OS command injection. The issue exists within the fromSetWirelessRepeat function located in the '/goform/WifiExtraSet'...

CVE-2025-12225

A vulnerability has been found in Tenda AC6 15.03.06.50. This issue affects some unknown processing of the file /goform/WifiGuestSet of the component HTTP Request Handler. Such manipulation of the argument shareSpeed leads to stack-based buffer overflow. The attack may be launched remotely. The...

CVE-2025-12225

A vulnerability has been found in Tenda AC6 15.03.06.50. This issue affects some unknown processing of the file /goform/WifiGuestSet of the component HTTP Request Handler. Such manipulation of the argument shareSpeed leads to stack-based buffer overflow. The attack may be launched remotely. The...

Tenda AC6 安全漏洞

The Tenda AC6 is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC6 version 15.03.06.50, which originates from the parameter shareSpeed in the file /goform/WifiGuestSet that fails to correctly validate the length and size of the input data, and c...

EUVD-2025-35614

Tenda AC6 V2.0 15.03.06.50 was discovered to contain a stack overflow in the ssid parameter in the fastsettingwifiset function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

EUVD-2025-35584

Tenda AC6 V2.0 15.03.06.50 was discovered to contain a stack overflow in the page parameter in the DhcpListClient function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2025-60339

Multiple buffer overflow vulnerabilities in the openSchedWifi function of Tenda AC6 v.15.03.06.50 allows attackers to cause a Denial of Service DoS via injecting a crafted payload into the schedStartTime and schedEndTime parameters...

Tenda AC6 安全漏洞

The Tenda AC6 is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC6 version 15.03.06.50, which is caused by the openSchedWifi function failing to properly validate the length of the input data, and can be exploited by an attacker to execute...

CVE-2025-60340

Multiple buffer overflows in the SetClientState function of Tenda AC6 v.15.03.06.50 allows attackers to cause a Denial of Service DoS via injecting a crafted payload into the limitSpeed, deviceId, and limitSpeedUp parameters...

CVE-2025-60343

Multiple buffer overflows in the AdvSetMacMtuWan function of Tenda AC6 v.15.03.06.50 allows attackers to cause a Denial of Service DoS via injecting a crafted payload into the wanMTU, wanSpeed, cloneType, mac, serviceName, serverName, wanMTU2, wanSpeed2, cloneType2, mac2, serviceName2, and...

EUVD-2025-27802

Malicious code in bioql PyPI...

CVE-2025-24496

An information disclosure vulnerability exists in the /goform/getproductInfo functionality of Tenda AC6 V5.0 V02.03.01.110. Specially crafted network packets can lead to a disclosure of sensitive information. An attacker can send packets to trigger this vulnerability...

CVE-2025-55483

Tenda AC6 V15.03.06.23multi is vulnerable to Buffer Overflow in the function formSetMacFilterCfg via the parameters macFilterType and deviceList...

CVE-2025-30256

A denial of service vulnerability exists in the HTTP Header Parsing functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted series of HTTP requests can lead to a reboot. An attacker can send multiple network packets to trigger this vulnerability...

CVE-2025-24496

An information disclosure vulnerability exists in the /goform/getproductInfo functionality of Tenda AC6 V5.0 V02.03.01.110. Specially crafted network packets can lead to a disclosure of sensitive information. An attacker can send packets to trigger this vulnerability...

CVE-2025-27129

An authentication bypass vulnerability exists in the HTTP authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send packets to trigger this vulnerability...

CVE-2025-24496

CVE-2025-24496 affects Tenda AC6 V5.0 V02.03.01.110. The information-disclosure flaw resides in /goform/getproductInfo; Talos notes an authentication bypass when requesting this URL, allowing a non-authenticated retrieval of module data via the generic getter, potentially exposing configuration d...