CVE-2025-67074

A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload field serverName to /goform/AdvSetMacMtuWan...

CVE-2025-14654

A vulnerability was identified in Tenda AC20 16.03.08.12. The affected element is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component httpd. Such manipulation of the argument list leads to stack-based buffer overflow. The attack can be executed remotely. The...

RHEL 9 : httpd (RHSA-2025:14901)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:14901 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: insufficient...

EUVD-2025-203295

A vulnerability was identified in Tenda AC20 16.03.08.12. The affected element is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component httpd. Such manipulation of the argument list leads to stack-based buffer overflow. The attack can be executed remotely. The...

CVE-2025-14656 Tenda AC20 openSchedWifi httpd buffer overflow

A weakness has been identified in Tenda AC20 16.03.08.12. This affects the function httpd of the file /goform/openSchedWifi. Executing a manipulation of the argument schedStartTime/schedEndTime can lead to buffer overflow. The attack may be performed from remote. The exploit has been made availab...

CVE-2025-14656

The CVE-2025-14656 entry affects Tenda AC20 (firmware version 16.03.08.12). The httpd function handling /goform/openSchedWifi is vulnerable to buffer overflow via manipulated schedStartTime/schedEndTime arguments, with a remote attack surface. Public exploits exist and CVSS-based assessments indi...

CVE-2025-14655 Tenda AC20 httpd SetSysAutoRebbotCfg formSetRebootTimer stack-based overflow

A security flaw has been discovered in Tenda AC20 16.03.08.12. The impacted element is the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg of the component httpd. Performing a manipulation of the argument rebootTime results in stack-based buffer overflow. The attack is possibl...

CVE-2025-14655 Tenda AC20 httpd SetSysAutoRebbotCfg formSetRebootTimer stack-based overflow

A security flaw has been discovered in Tenda AC20 16.03.08.12. The impacted element is the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg of the component httpd. Performing a manipulation of the argument rebootTime results in stack-based buffer overflow. The attack is possibl...

CVE-2025-14655

The CVE-2025-14655 vulnerability affects Tenda AC20 (v16.03.08.12). The issue is in httpd’s formSetRebootTimer function (/goform/SetSysAutoRebbotCfg), where manipulating rebootTime triggers a stack-based buffer overflow. This can be exploited remotely and a public exploit exists. Multiple connect...

CVE-2025-14654

A vulnerability was identified in Tenda AC20 16.03.08.12. The affected element is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component httpd. Such manipulation of the argument list leads to stack-based buffer overflow. The attack can be executed remotely. The...

CVE-2025-14654

A vulnerability was identified in Tenda AC20 16.03.08.12. The affected element is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component httpd. Such manipulation of the argument list leads to stack-based buffer overflow. The attack can be executed remotely. The...

CVE-2025-14654 Tenda AC20 httpd setPptpUserList formSetPPTPUserList stack-based overflow

A vulnerability was identified in Tenda AC20 16.03.08.12. The affected element is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component httpd. Such manipulation of the argument list leads to stack-based buffer overflow. The attack can be executed remotely. The...

CVE-2025-14654

CVE-2025-14654 affects Tenda AC20 firmware version 16.03.08.12. The vulnerability resides in the httpd component, specifically the formSetPPTPUserList function in /goform/setPptpUserList, where manipulating the argument list causes a stack-based buffer overflow. It can be exploited remotely and p...

CVE-2025-14636

CVE-2025-14636 affects Tenda AX9 firmware version 22.03.01.46, where the httpd component's image_check uses a weak hash. This enables remote exploitation with high attack complexity, and the exploit is publicly available (proof-of-concept). No concrete remediation/version fix is provided in the s...

Tenda AX9 安全漏洞

Tenda AX9 is a Wi-Fi 6 router from Tenda China. A security vulnerability exists in Tenda AX9 version 22.03.01.46, which originates from the use of a weak hash in the imagecheck function in the httpd component, which could lead to remote attacks...

PT-2025-51132

Name of the Vulnerable Software and Affected Versions Tenda AX9 version 22.03.01.46 Description A security flaw exists in the image check function within the httpd component of Tenda AX9 version 22.03.01.46. This issue involves the use of a weak hash, allowing for remote attacks. The attack is...

Photon OS 5.0: Httpd PHSA-2025-5.0-0710

An update of the httpd package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0710. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Fedora 43 : httpd (2025-9621c19da8)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-9621c19da8 advisory. - version update - security update Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessu...

Fedora: Security Advisory (FEDORA-2025-9621c19da8)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: httpd (UTSA-2025-991046)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991046 advisory. In some modssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumptio...