CVE-2026-1638

A security flaw has been discovered in Tenda AC21 1.1.1.1/1.dmzip/16.03.08.16. The impacted element is the function mDMZSetCfg of the file /goform/mDMZSetCfg. The manipulation of the argument dmzIp results in command injection. The attack can be executed remotely. The exploit has been released to...

EUVD-2026-5015

A security flaw has been discovered in Tenda AC21 1.1.1.1/1.dmzip/16.03.08.16. The impacted element is the function mDMZSetCfg of the file /goform/mDMZSetCfg. The manipulation of the argument dmzIp results in command injection. The attack can be executed remotely. The exploit has been released to...

CVE-2026-1638

The vulnerability CVE-2026-1638 affects Tenda AC21 devices (firmware versions 1.1.1.1/1.dmzip/16.03.08.16) via the function /goform/mDMZSetCfg, where manipulating the dmzIp argument triggers a command injection. The issue is exploitable remotely and exploitation has been publicly released, enabli...

Tenda O3 formsetDmzInfo function buffer overflow vulnerability

Tenda O3 is an outdoor wireless bridge from Tenda, China. Tenda O3 version 1.0.0.10 has a buffer overflow vulnerability, the vulnerability stems from the function SetValue/GetValue parameter dmzIP in the file /goform/setDmzInfo fails to correctly validate the length and size of the input data,...

CVE-2025-12211 Tenda O3 setDmzInfo GetValue stack-based overflow

A security flaw has been discovered in Tenda O3 1.0.0.102478. Affected by this issue is the function SetValue/GetValue of the file /goform/setDmzInfo. The manipulation of the argument dmzIP results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been...

EUVD-2022-29059

Malicious code in bioql PyPI...

CVE-2022-24148

Tenda AX3 v16.03.12.10CN was discovered to contain a command injection vulnerability in the function mDMZSetCfg. This vulnerability allows attackers to execute arbitrary commands via the dmzIp parameter...

CVE-2022-24148

Tenda AX3 v16.03.12.10CN was discovered to contain a command injection vulnerability in the function mDMZSetCfg. This vulnerability allows attackers to execute arbitrary commands via the dmzIp parameter...

CVE-2022-24148

Tenda AX3 v16.03.12.10CN was discovered to contain a command injection vulnerability in the function mDMZSetCfg. This vulnerability allows attackers to execute arbitrary commands via the dmzIp parameter...

Command injection

Tenda AX3 v16.03.12.10CN was discovered to contain a command injection vulnerability in the function mDMZSetCfg. This vulnerability allows attackers to execute arbitrary commands via the dmzIp parameter...

CVE-2022-24148

Tenda AX3 v16.03.12.10CN was discovered to contain a command injection vulnerability in the function mDMZSetCfg. This vulnerability allows attackers to execute arbitrary commands via the dmzIp parameter...

Tenda Ax3 命令注入漏洞

Tenda Ax3 is an Ax1800 Gigabit Port Dual Band Wifi 6 Wireless Router from Tenda China. A command injection vulnerability exists in Tenda AX3 v16.03.12.10CN, which can be exploited by an attacker to cause a denial of service DoS via the dmzIp parameter...