CVE-2026-24101

An issue was discovered in goform/formSetIptv in Tenda AC15V1.0 V15.03.05.18multi. When the condition is met, s11 will be passed into subB0488, concatenated into doSystemCmd. The value of s11 is not validated, potentially leading to a command injection vulnerability...

Tenda Ax3 security vulnerabilities

The Tenda AX3 is a Wi-Fi 6 dual-band router with a gigabit port from the Chinese company Tenda. Version 16.03.12.11 of the Tenda AX3 contains a security vulnerability. This vulnerability stems from improper handling of the stbpvid stack buffer in the formGetIptv function, leading to a stack-based...

The vulnerability of the formSetIptv() function in the microprogramming software for the Tenda AX1803 allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the formSetIptv function in the microprogramming software for the Tenda AX1803 router is related to buffer overflows in the stack during the processing of the adv.iptv.stballvlans parameter. Exploiting this vulnerability allows an attacker to execute arbitrary code or cause a...

PT-2024-14355 · Tenda · Tenda Ax1803

Name of the Vulnerable Software and Affected Versions: Tenda AX1803 version 1.0.0.1 Description: The issue is related to a stack overflow that can occur via the iptv.stb.mode parameter in the formSetIptv function. This allows for potential exploitation. Recommendations: For Tenda AX1803 version...

CVE-2023-40837

Tenda AC6 USAC6V1.0BRV15.03.05.16multiTD01.bin function 'subADD50' contains a command execution vulnerability. In the "formSetIptv" function, obtaining the "list" and "vlanId" fields, unfiltered passing these two fields as parameters to the "subADD50" function to execute commands...