CVE-2026-4565

A vulnerability was detected in Tenda AC21 16.03.08.16. Impacted is the function formSetQosBand of the file /goform/SetNetControlList. Performing a manipulation of the argument list results in buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used...

CVE-2023-49437

Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList...

CVE-2022-38831

Tenda RX9Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/SetNetControlList...

EUVD-2025-25102

Malicious code in bioql PyPI...

CVE-2025-9087

A vulnerability has been found in Tenda AC20 16.03.08.12. This affects the function setqosMiblist of the file /goform/SetNetControlList of the component SetNetControlList Endpoint. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to initiate the attack...

Tenda AC20 安全漏洞

The Tenda AC20 is a wireless router from the Chinese company Tenda. The Tenda AC20 suffers from a buffer overflow vulnerability that originates from the failure of the parameter list of the setqosMiblist function in the /goform/SetNetControlList file to correctly validate the length of the input...

CVE-2022-38510

TendaTX9pro V22.03.02.10 was discovered to contain a buffer overflow via the component httpd/SetNetControlList...

CVE-2025-29215

Tenda AX12 v22.03.01.46CN was discovered to contain a stack overflow via the sub43fdcc function at /goform/SetNetControlList...

PT-2024-9129 · Tenda · Tenda Rx9 +1

Name of the Vulnerable Software and Affected Versions: Tenda RX9 and RX9 Pro version 22.03.02.20 Description: A critical issue has been found, affecting the function sub 4337EC of the file /goform/SetNetControlList. The manipulation of the list argument leads to a stack-based buffer overflow. Thi...

CVE-2023-49436

Tenda AX9 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList...

Tenda AX9 安全漏洞

Tenda AX9 is a Wi-Fi 6 router from Tenda China. A buffer overflow vulnerability exists in Tenda AX9 version V22.03.01.46, which occurs when the "list" parameter of /goform/SetNetControlList fails to correctly validate the length of the input data, and can be exploited by a remote attacker to...

PT-2023-31225 · Tenda · Tenda Ax9

Name of the Vulnerable Software and Affected Versions: Tenda AX9 version V22.03.01.46 Description: A command injection issue has been discovered in the list parameter at the "/goform/SetNetControlList" API endpoint. This allows for potential command injection attacks. Recommendations: For Tenda A...

Tenda AC8 /goform/SetNetControlList Buffer Overflow Vulnerability

Tenda AC8 is a dual-band Gigabit wireless router from Tenda, designed for fiber optic homes up to 1000 megabytes, supporting dual-band concurrent transmission rates up to 1167Mbps, equipped with full Gigabit ports 1 WAN port + 3 LAN ports for 100-1000 megabit broadband access. Tenda AC8 suffers...

CVE-2023-40900

Tenda AC8 v4 USAC8V4.0siV16.03.34.06cn was discovered to contain a stack overflow via parameter list at /goform/SetNetControlList...

Tenda AC10 缓冲区错误漏洞

Tenda AC10 is a wireless router from Tenda China. A security vulnerability exists in the Tenda AC10 v4 USAC10V4.0siV16.03.10.13cn version, which stems from a discovery via the list parameter of /goform/SetNetControlList contains a stack overflow issue...

CVE-2022-40861

Tenda AC18 router V15.03.05.19 contains a stack overflow vulnerability in the formSetQosBand-FUN0007db78 function with the request /goform/SetNetControlList/...

CVE-2022-40860

Tenda AC15 router V15.03.05.19 contains a stack overflow vulnerability in the function formSetQosBand-FUN0007dd20 with request /goform/SetNetControlList...

Buffer overflow vulnerability in multiple Tenda products (CNVD-2020-31409)

The Tenda AC9, among others, is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in httpd in several Tenda products. The vulnerability can be exploited to execute arbitrary code by sending the 'list' parameter to the /goform/SetNetControlList URL...

CVE-2020-13394

An issue was discovered on Tenda AC6 V1.0 V15.03.05.19multiTD01, AC9 V1.0 V15.03.05.196318CN, AC9 V3.0 V15.03.06.42multi, AC15 V1.0 V15.03.05.19multiTD01, and AC18 V15.03.05.196318CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the...