CVE-2025-15252

Affected product: Tenda M3, version 1.0.0.13(4903). Vulnerable component: function formSetRemoteDhcpForAp in /goform/setDhcpAP. Root cause: manipulation of arguments startip, endip, leasetime, gateway, dns1, dns2 leads to a stack-based buffer overflow. Impact: remote attacker can trigger the over...

CVE-2025-12611

A vulnerability was identified in Tenda AC21 16.03.08.16. This vulnerability affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument startIp leads to buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly...

CVE-2025-10803

A vulnerability has been found in Tenda AC23 up to 16.03.07.52. Affected by this vulnerability is the function sscanf of the file /goform/SetPptpServerCfg of the component HTTP POST Request Handler. Such manipulation of the argument startIp leads to buffer overflow. It is possible to launch the...

CVE-2024-57543

Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed field dhcpstartip is copied to the stack without length verification...

Tenda AC7 安全漏洞

Tenda AC7 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in Tenda AC7 version 15.03.06.44, which is caused by improper handling of the pptpserverstartip/pptpserverendip parameters in the formSetPPTPServer function in the /goform/SetPptpServerCfg file...

CVE-2025-29357

Tenda RX3 USRX3V1.0brV16.03.13.11multiTDE01 is vulnerable to Buffer Overflow via the startIp and endIp parameters at /goform/SetPptpServerCfg. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted packet...

PT-2025-3476 · Tenda · Tenda Ac18

Name of the Vulnerable Software and Affected Versions: Tenda AC18 version V15.03.05.19 Description: The issue is related to a stack overflow in the formSetPPTPServer function when handling the startIP parameter. This can allow a remote attacker to impact the confidentiality, integrity, and...

CVE-2024-2488

A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated as critical. This issue affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument startIP leads to stack-based buffer overflow. The attack may be initiated remotely. The...

CVE-2023-41561

Tenda AC9 V3.0 V15.03.06.42multi and Tenda AC5 USAC5V1.0RTLV15.03.06.28 were discovered to contain a stack overflow via parameter startIp and endIp at url /goform/SetPptpServerCfg...

CVE-2018-18730

An issue was discovered on Tenda AC7 V15.03.06.44CN, AC9 V15.03.05.196318CN, AC10 V15.03.06.23CN, AC15 V15.03.05.19CN, and AC18 V15.03.05.196318CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'startIp' and 'endIp' parameters for a pos...