CVE-2026-24101

An issue was discovered in goform/formSetIptv in Tenda AC15V1.0 V15.03.05.18multi. When the condition is met, s11 will be passed into subB0488, concatenated into doSystemCmd. The value of s11 is not validated, potentially leading to a command injection vulnerability...

Tenda Ax3 security vulnerabilities

The Tenda AX3 is a Wi-Fi 6 dual-band router with a gigabit port from the Chinese company Tenda. Version 16.03.12.11 of the Tenda AX3 contains a security vulnerability. This vulnerability stems from improper handling of the stbpvid stack buffer in the formGetIptv function, leading to a stack-based...

PT-2024-14355 · Tenda · Tenda Ax1803

Name of the Vulnerable Software and Affected Versions: Tenda AX1803 version 1.0.0.1 Description: The issue is related to a stack overflow that can occur via the iptv.stb.mode parameter in the formSetIptv function. This allows for potential exploitation. Recommendations: For Tenda AX1803 version...

CVE-2023-40837

Tenda AC6 USAC6V1.0BRV15.03.05.16multiTD01.bin function 'subADD50' contains a command execution vulnerability. In the "formSetIptv" function, obtaining the "list" and "vlanId" fields, unfiltered passing these two fields as parameters to the "subADD50" function to execute commands...