CVE-2026-4254

A weakness has been identified in Tenda AC8 up to 16.03.50.11. This vulnerability affects the function doSystemCmd of the file /goform/SysToolChangePwd of the component HTTP Endpoint. This manipulation of the argument local2c causes stack-based buffer overflow. The attack can be initiated remotel...

CVE-2026-4254

A weakness has been identified in Tenda AC8 up to 16.03.50.11. This vulnerability affects the function doSystemCmd of the file /goform/SysToolChangePwd of the component HTTP Endpoint. This manipulation of the argument local2c causes stack-based buffer overflow. The attack can be initiated remotel...

CVE-2026-4254 Tenda AC8 HTTP Endpoint SysToolChangePwd doSystemCmd stack-based overflow

A weakness has been identified in Tenda AC8 up to 16.03.50.11. This vulnerability affects the function doSystemCmd of the file /goform/SysToolChangePwd of the component HTTP Endpoint. This manipulation of the argument local2c causes stack-based buffer overflow. The attack can be initiated remotel...

CVE-2026-4254

The CVE-2026-4254 entry affects Tenda AC8 firmware up to version 16.03.50.11. The vulnerability is in the HTTP Endpoint component, specifically the doSystemCmd function in /goform/SysToolChangePwd, where manipulating the local_2c argument triggers a stack-based buffer overflow. The issue can be e...

CVE-2026-24107

An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Failure to validate the value of usbPartitionName, which is directly used in doSystemCmd, may lead to critical command injection vulnerabilities...

CVE-2026-24105

An issue was discovered in goform/formsetUsbUnload in Tenda AC15V1.0 V15.03.05.18multi. The value of v1 was not checked, potentially leading to a command injection vulnerability if injected into doSystemCmd...

CVE-2026-24101

An issue was discovered in goform/formSetIptv in Tenda AC15V1.0 V15.03.05.18multi. When the condition is met, s11 will be passed into subB0488, concatenated into doSystemCmd. The value of s11 is not validated, potentially leading to a command injection vulnerability...

CVE-2026-24107

An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Failure to validate the value of usbPartitionName, which is directly used in doSystemCmd, may lead to critical command injection vulnerabilities...

CVE-2026-24107

An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Failure to validate the value of usbPartitionName, which is directly used in doSystemCmd, may lead to critical command injection vulnerabilities...

EUVD-2026-9180

An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Failure to validate the value of usbPartitionName, which is directly used in doSystemCmd, may lead to critical command injection vulnerabilities...

EUVD-2026-9196

An issue was discovered in goform/formSetIptv in Tenda AC15V1.0 V15.03.05.18multi. When the condition is met, s11 will be passed into subB0488, concatenated into doSystemCmd. The value of s11 is not validated, potentially leading to a command injection vulnerability...

EUVD-2026-9203

An issue was discovered in goform/formsetUsbUnload in Tenda AC15V1.0 V15.03.05.18multi. The value of v1 was not checked, potentially leading to a command injection vulnerability if injected into doSystemCmd...

PT-2026-22609

Name of the Vulnerable Software and Affected Versions Tenda AC15 versions prior to V15.03.05.18 multi Description A flaw exists in the goform/formSetIptv function of Tenda AC15 routers due to improper handling of code generation in memory when processing the s1 1 parameter. Exploitation of this...

CVE-2026-24101

Summary: CVE-2026-24101 affects Tenda AC15 router goform/formSetIptv. The vulnerability arises when processing the s1_1 parameter, which is passed into sub_B0488 and concatenated into doSystemCmd without validation, enabling potential command injection. Affected device: Tenda AC15V1.0 V15.03.05.1...

CVE-2025-25675

Tenda AC10 V1.0 V15.03.06.23 has a command injection vulnerablility located in the formexeCommand function. The str variable receives the cmdinput parameter from a POST request and is later assigned to the cmdbuf variable, which is directly used in the doSystemCmd function, causing an arbitrary...

CVE-2025-25675

Summary: CVE-2025-25675 affects Tenda AC10 (V1.0, V15.03.06.23). The vulnerability is a command injection in the formexeCommand function. The code flow: the POST parameter cmdinput is assigned to str, then to cmd_buf, which is directly used by doSystemCmd, enabling arbitrary command execution. Mu...

PT-2025-7567 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10 V1.0 V15.03.06.23 Description: The issue is related to a command injection vulnerability located in the formexeCommand function. The str variable receives the cmdinput parameter from a POST request and is later assigned to the cmd...

CVE-2025-25675

Tenda AC10 V1.0 V15.03.06.23 has a command injection vulnerablility located in the formexeCommand function. The str variable receives the cmdinput parameter from a POST request and is later assigned to the cmdbuf variable, which is directly used in the doSystemCmd function, causing an arbitrary...

Tenda AC9 Command Injection Vulnerability (CNVD-2022-26241)

Tenda AC9 is a wireless router from Tenda, China.A command injection vulnerability exists in Tenda AC9 version 15.03.2.21, which stems from the failure of the dosystemcmd parameter in the suba3550 function to properly filter the special elements of the construction snippet, which can be exploited...

Tenda AC9 操作系统命令注入漏洞

Tenda AC9 is a wireless router from Tenda, China.A command injection vulnerability exists in Tenda AC9 version 15.03.2.21, which stems from the failure of the dosystemcmd parameter in the suba3550 function to properly filter the special elements of the construction snippet, which can be exploited...